Twenty
The open alternative to Salesforce, designed for AI
Alternative to: salesforce, hubspot, pipedrive, zoho crm
About
Versions (86)
twenty/v2.12.0
2026-06-12What’s Changed
- chore: bump version to 2.12.0 by @twenty-pr[bot] in https://github.com/twentyhq/twenty/pull/21358
- Increase logicFunctionQueue worker concurrency to 10 by @thomtrp in https://github.com/twentyhq/twenty/pull/21364
- Remove default command by @martmull in https://github.com/twentyhq/twenty/pull/21357
- Restore content-box sizing for components broken by the global border-box reset by @bosiraphael in https://github.com/twentyhq/twenty/pull/21361
- Fix: pinned command-menu actions run with empty selection by @bosiraphael in https://github.com/twentyhq/twenty/pull/21366
- chore(twenty-server): temporary instrumentation for app-install 504 by @charlesBochet in https://github.com/twentyhq/twenty/pull/21365
- fix(twenty-front): restore top-bar-title testid to unbreak merge queue by @charlesBochet in https://github.com/twentyhq/twenty/pull/21367
- feat(website): book an intro call after partner application by @rashad in https://github.com/twentyhq/twenty/pull/21343
- Deprecate dummy enterprise key 2/2 by @ijreilly in https://github.com/twentyhq/twenty/pull/21328
- Fix various graphs bugs by @ijreilly in https://github.com/twentyhq/twenty/pull/21311
- fix(twenty-front): new layout fast-follows by @FelixMalfait in https://github.com/twentyhq/twenty/pull/21360
- fix(billing) - Suspend workspace at trial period end if cancelation is planned by @etiennejouan in https://github.com/twentyhq/twenty/pull/21363
- isCustom deprecation for Objects and Fields by @Weiko in https://github.com/twentyhq/twenty/pull/21228
- Enrich app:add field relation and morph relations by @martmull in https://github.com/twentyhq/twenty/pull/21368
- fix(front): reject backslash paths in isValidReturnToPath (open-redirect hardening) by @joeltco in https://github.com/twentyhq/twenty/pull/21287
- security: bump path-to-regexp and defu to patched versions (lockfile refresh) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21369
- feat(twenty-server): allow shouldHideEmptyGroups in app view manifest by @FelixMalfait in https://github.com/twentyhq/twenty/pull/21370
- security: bump vite to 7.3.5 in twenty-apps lockfiles (GHSA-v2wj-q39q-566r) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21371
- security(apps): bump twenty-sdk to 2.10.1 for the 3 remaining pre-2.0 apps (tmp, undici) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21374
- security: force shell-quote >= 1.8.4 (GHSA-w7jw-789q-3m8p, critical) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21372
- fix(server): repair server typecheck broken by isCustom deprecation by @charlesBochet in https://github.com/twentyhq/twenty/pull/21376
- fix(auth): additional workspace and identity validation in auth flows by @FelixMalfait in https://github.com/twentyhq/twenty/pull/21347
- security: clear all High minimatch Dependabot alerts via parent bumps by @charlesBochet in https://github.com/twentyhq/twenty/pull/21373
- fix(front): surface widget render errors via ErrorBoundary onError by @clivemeister in https://github.com/twentyhq/twenty/pull/21009
- security: refresh lodash + picomatch in twenty-apps lockfiles by @charlesBochet in https://github.com/twentyhq/twenty/pull/21378
- security: clear fast-uri + fast-xml-parser High alerts (lockfile only) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21379
- perf(twenty-front): stop Sentry Replay from re-serializing record-table mutations on navigation by @Weiko in https://github.com/twentyhq/twenty/pull/21381
- feat(server): in-app server-level admin management (#19785) by @FelixMalfait in https://github.com/twentyhq/twenty/pull/21321
- [Website] Re-introduce footer language switcher by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/21387
- i18n - website translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/21384
- fix(security): bump @scalar/api-reference-react to clear unhead XSS by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/21382
- chore: sync AI model catalog from models.dev by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/21392
- security: clear immutable High alert via @graphql-codegen typescript plugins v4 by @charlesBochet in https://github.com/twentyhq/twenty/pull/21380
- security: clear all High next alerts by upgrading react-email 5 → 6 by @charlesBochet in https://github.com/twentyhq/twenty/pull/21377
- Improve log visibility in dev mode by @martmull in https://github.com/twentyhq/twenty/pull/21393
- fix(twenty-front): new layout fast-follows — settings drawer, loading & command menu by @FelixMalfait in https://github.com/twentyhq/twenty/pull/21389
- fix: gracefully handle missing logic functions during workflow destroy by @thomtrp in https://github.com/twentyhq/twenty/pull/21362
- security: clear happy-dom High alerts by upgrading wyw-in-js 0.7 → 1.1 by @charlesBochet in https://github.com/twentyhq/twenty/pull/21394
- feat(twenty-partners): website field + restructured partner & opportunity views by @rashad in https://github.com/twentyhq/twenty/pull/21385
- security: clear koa High alert by bumping nx 22.5.4 → 22.7.5 by @charlesBochet in https://github.com/twentyhq/twenty/pull/21396
- security: clear serialize-javascript High alert (terser-webpack-plugin refresh) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21397
- fix: reload stale clients on any older app version, not just major by @clivemeister in https://github.com/twentyhq/twenty/pull/21011
- fix(server): prevent SSE stream teardown errors from crashing all pods by @charlesBochet in https://github.com/twentyhq/twenty/pull/21395
- fix(docker): upgrade Alpine system OpenSSL libs to patched 3.5.7-r0 by @charlesBochet in https://github.com/twentyhq/twenty/pull/21399
- security: clear picomatch High alert via @angular-devkit/core resolution by @charlesBochet in https://github.com/twentyhq/twenty/pull/21398
- security: clear yeoman-environment High alert via resolution to 6.0.1 by @charlesBochet in https://github.com/twentyhq/twenty/pull/21400
- fix(front): sanitize optimistic input when creating a record by @brendanerofeev in https://github.com/twentyhq/twenty/pull/21076
- security: upgrade @nestjs/graphql 12→13 + @ptc-org/nestjs-query 4→9 (+ @nestjs/config 4) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21402
- fix(server): include relation join column names in updatedFields of update events by @thomtrp in https://github.com/twentyhq/twenty/pull/21405
- Prevent self-hosting app from re-matching/re-creating people on no-op updates by @ijreilly in https://github.com/twentyhq/twenty/pull/21406
- fix(ui): freeze framer-motion in Argos runs to stop flaky visual diffs by @charlesBochet in https://github.com/twentyhq/twenty/pull/21412
- security: clear 8 Dependabot alerts via transitive/parent bumps (no resolutions) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21409
- security: clear twenty-apps & seed-dependencies CVE alerts by @charlesBochet in https://github.com/twentyhq/twenty/pull/21410
- security: close lodash CVEs (#824/#823/#385) via parent upgrades, no resolution by @charlesBochet in https://github.com/twentyhq/twenty/pull/21414
- security: close ws & file-type alerts via parent upgrades (no resolution) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21417
- security: drop end-of-life apollo-server-core (#735, #736) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21418
- fix: i18n missing hardcoded strings in settings by @AmilGael in https://github.com/twentyhq/twenty/pull/21424
- fix: match relation field filters in optimistic & RLS record matchers by @josephj in https://github.com/twentyhq/twenty/pull/21301
- chore(deps): bump @tabler/icons-react from 3.31.0 to 3.44.0 by @dependabot[bot] in https://github.com/twentyhq/twenty/pull/21426
- chore(deps-dev): bump @types/aws-lambda from 8.10.161 to 8.10.162 by @dependabot[bot] in https://github.com/twentyhq/twenty/pull/21427
- chore(deps-dev): bump storybook from 10.2.13 to 10.4.3 by @dependabot[bot] in https://github.com/twentyhq/twenty/pull/21428
- fix(twenty-front): new layout fast-follows — command menu, field options & logs by @FelixMalfait in https://github.com/twentyhq/twenty/pull/21429
- security: scoped resolution for webpack-dev-server 5.2.4 (Dependabot alerts 1237/691/692) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21420
- fix(kanban): preserve scroll on board re-init + propagate same-column reorders via SSE by @ehconitin in https://github.com/twentyhq/twenty/pull/20637
- fix(server): register Lingui message compiler to stop “Uncompiled message detected” log flood by @machinagod in https://github.com/twentyhq/twenty/pull/21416
- security: upgrade express 4.22.2 + qs 6.15.2 resolution for dev-tool holdouts (Dependabot alert 1305) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21434
- [Website] Convert remaining images to WebP and compress some current ones. by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/21404
- Migrate twenty UI by @bosiraphael in https://github.com/twentyhq/twenty/pull/21407
- i18n - website translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/21439
- Add People Data Labs enrichment logic functions by @bosiraphael in https://github.com/twentyhq/twenty/pull/21254
- security: postcss CVE via styled-components bump + next/postcss resolution (Dependabot alert 1061) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21438
- security: uuid CVE — bump bullmq/msal/blocknote + scoped resolutions for the rest (Dependabot alert 1289) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21441
- security: scoped ajv 8.20.0 resolution for react-doc-viewer (Dependabot alert 481) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21445
- chore(deps): prune yarn resolutions down to load-bearing entries by @charlesBochet in https://github.com/twentyhq/twenty/pull/21446
- feat(partners): partner role row-level security (RLS) with scoped edits by @rashad in https://github.com/twentyhq/twenty/pull/21386
- Replace random remote images in stories to stop flaky Argos diffs by @bosiraphael in https://github.com/twentyhq/twenty/pull/21447
- fix(billing) - enable upgrade if invoice already paid by @etiennejouan in https://github.com/twentyhq/twenty/pull/21450
- fix(ai) - add logs + remove dashboard building by @etiennejouan in https://github.com/twentyhq/twenty/pull/21440
- security: strip Node dev headers from images + lingui 5.9.5 (drops vulnerable esbuild) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21448
- i18n - website translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/21453
- fix(server): stop redundant lambda rebuilds causing build-lock acquisition failures by @thomtrp in https://github.com/twentyhq/twenty/pull/21442
- Fix missing datetime filter type by @martmull in https://github.com/twentyhq/twenty/pull/21451
- fix(metadata): nestjs-query batched relation queries truncate results across parents by @charlesBochet in https://github.com/twentyhq/twenty/pull/21455
- security: upgrade typeorm to 0.3.26 (CVE-2025-60542) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21456
- fix(ai): correct RICH_TEXT and MORPH_RELATION record filter operators by @richroberts-prog in https://github.com/twentyhq/twenty/pull/21106
- security: bump wait-on 7.2.0 -> 9.0.10 to drop vulnerable joi (Dependabot alert 1437) by @charlesBochet in https://github.com/twentyhq/twenty/pull/21457
- Fix: prevent unexpected navigation when destroying record from side panel by @DeviSriSaiCharan in https://github.com/twentyhq/twenty/pull/21391
- feat(server): convert view to overridable entity by @Weiko in https://github.com/twentyhq/twenty/pull/21436
- fix: restore isCustom gate in metadata label resolvers by @FelixMalfait in https://github.com/twentyhq/twenty/pull/21432
- chore: sync AI model catalog from models.dev by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/21476
- feat(partners): lock admin-managed + ownership fields on Partner role by @rashad in https://github.com/twentyhq/twenty/pull/21471
- People data labs: update app logo by @bosiraphael in https://github.com/twentyhq/twenty/pull/21479
- feat(workflow) - Add validation layer by @etiennejouan in https://github.com/twentyhq/twenty/pull/21422
- People data labs app: remove navigation menu items by @bosiraphael in https://github.com/twentyhq/twenty/pull/21478
- (Fix) Upsert no longer rewrites
positionon existing records by @ijreilly in https://github.com/twentyhq/twenty/pull/21375 - fix(server): restore absolute TTL in PromiseMemoizer by @charlesBochet in https://github.com/twentyhq/twenty/pull/21480
- Fix missing WasIntroducedInUpgrade for overridable view entity by @Weiko in https://github.com/twentyhq/twenty/pull/21483
- feat: inline image thumbnails and legacy-label fallback for FILES field chips by @mvanhorn in https://github.com/twentyhq/twenty/pull/21294
- fix(server): bypass stale workspace cache when resolving currentUser during onboarding by @charlesBochet in https://github.com/twentyhq/twenty/pull/21461
- Add CI workflow for people data labs app by @bosiraphael in https://github.com/twentyhq/twenty/pull/21487
- Add dev:generate-client command to sdk by @martmull in https://github.com/twentyhq/twenty/pull/21489
New Contributors
- @joeltco made their first contribution in https://github.com/twentyhq/twenty/pull/21287
- @brendanerofeev made their first contribution in https://github.com/twentyhq/twenty/pull/21076
- @AmilGael made their first contribution in https://github.com/twentyhq/twenty/pull/21424
- @machinagod made their first contribution in https://github.com/twentyhq/twenty/pull/21416
Full Changelog: https://github.com/twentyhq/twenty/compare/twenty/v2.11.0…twenty/v2.12.0