Skip to content

v2026.7.17.5

Choose a tag to compare

@github-actions github-actions released this 17 Jul 10:00

Added

  • Added Canvas-native Excalidraw live collaboration with multi-user presence, durable scene and asset persistence, reconnect/resync handling, and agent patch review after user intervention.
  • Added resilient chunked workspace uploads, workspace document previews and relations, searchable organization policy targets, and grouped chat tool batches.
  • Added a complete third-party license inventory, authenticated Legal downloads, exact native source evidence, and release-bound amd64/arm64 compliance artifacts.

Changed

  • Rebuilt both shipped Sharp versions against a replaceable shared libvips built from an exact source archive, and excluded all prebuilt @img/sharp-* payloads from Docker releases.
  • Pinned Debian, PostgreSQL and Python runtime inputs to immutable snapshots, versions and hashes, with schema-4 runtime inventories and a pre-manifest multi-architecture evidence gate.
  • Improved workspace-aware agent access, Markdown document references, chat presentation, plugin policy targeting, and upload progress handling.

Fixed

  • Fixed workspace upload retries and finalization, repeated bulk folder moves, knowledge-graph document search, Markdown editor state alignment, and Marp export memory handling.
  • Synchronized all transitive peer and optional dependencies in package-lock.json and added a clean-install dry-run to the permanent release gate.
  • Bootstrapped CA certificates from the same signed Debian snapshot before switching APT to HTTPS, and replaced the redundant Debian libvips binary with explicit runtime dependencies for the source-built shared libvips.
  • Kept the complete libvips development-header set in the isolated dependency stage so both Sharp versions compile against that shared library without adding development packages to the runtime image.
  • Restricted Python PEP 639 license discovery to .dist-info/licenses, preventing architecture-specific bytecode in packages named licenses from creating false multi-architecture compliance drift.

Verification

  • npm run verify:release
  • npm run test:licenses
  • npx tsc --noEmit --pretty false
  • pip hash-resolution dry-runs for CPython 3.11 on linux/amd64 and linux/arm64
  • direct SHA-256 verification of all pinned PGDG binary and source artifacts