Download Latest Version 1.9.5 source code.zip (88.9 MB)
Email in envelope

Get an email when there's a new version of appwrite

Home / 1.9.5
Name Modified Size InfoDownloads / Week
Parent folder
1.9.5 source code.tar.gz 2026-06-30 87.2 MB
1.9.5 source code.zip 2026-06-30 88.9 MB
README.md 2026-06-30 8.4 kB
Totals: 3 Items   176.1 MB 2

What's Changed

Public APIs

  • Project APIs — Added public endpoints for project variables, keys, policies, SMTP, auth methods, mock phones, services, protocols, platforms, OAuth2 providers, and organization projects (#11615, [#11650], [#11900], [#11964], [#11970], [#11976], [#11981], [#11993], [#12309], [#12317], [#12375])
  • Proxy API — Added public proxy management endpoints (#12208)

Databases and migrations

  • JSON import/export — Added JSON import/export references for DocumentsDB and VectorsDB and larger database ID support (#11646)
  • BigInt support — Added BigInt attributes and columns for Databases and TablesDB (#11673)
  • Migration coverage — Added backup, API key, project variable, webhook, policies, SMTP, custom domains, email templates, and OAuth provider migrations (#11632, [#12308], [#12313], [#12314], [#12363], [#12364], [#12368], [#12415], [#12417])
  • Migration reliability — Added migration API support, source host validation, and improved failure handling (#11946, [#12352], [#12382], [#12280])
  • Migration fixes — Fixed schema migration gaps and provider trigger attributes (#11730, [#12701])
  • Database stability — Fixed collection metadata writes against unready data-plane databases, transaction deletes, listRows total casting, and VectorsDB metadata bootstrap flakiness (#12593, [#12302], [#11967], [#11772], [#11757])

Auth and users

  • Email policies — Added disposable email blocking and corporate email policies (#10643, [#12503])
  • Password policies — Added project password policy settings (#11825)
  • OAuth providers — Added X OAuth 2.0 provider (#11611)
  • OAuth fixes — Fixed OIDC params, Google prompt handling, Yahoo scopes, provider ordering, sparse provider updates, and project cache purging after config updates (#12224, [#12263], [#11745], [#12398], [#12646], [#12654])
  • Impersonation — Added impersonation support through query params and SDK auth metadata (#12167, [#12492], [#12532])
  • User and membership responses — Added email metadata fields and membership userAccessedAt (#12504, [#12461])
  • MFA — Improved MFA authenticator ordering and coverage (#12485)
  • Teams and sessions — Fixed membership privacy, active membership account deletion, ownership transfer edge cases, email/password session cache races, and refresh session handling (#11979, [#11787], [#11816], [#12228])

Messaging, realtime, and presence

  • Presences API — Added Presences API and console presence support (#11886, [#12343], [#12393], [#12397], [#12408], [#12412])
  • Realtime — Added action channels, logs, richer message payloads, query subscription fixes, and atomic payload handling (#12070, [#11992], [#11767], [#11762])
  • Realtime fixes — Fixed websocket stability, HTTP dependency, and reset behavior (#12540, [#11831], [#11885])
  • Amazon SES — Added SES as a messaging provider (#12464)
  • Messaging scale — Improved fan-out with bounded concurrency and retry handling for throttled recipients (#12465)
  • SMTP delivery — Improved SMTP email delivery reliability (#11748)

Functions, Sites, and Storage

  • Build timeouts — Added 45-minute build timeout support (#11881, [#11934])
  • Deployment triggers — Added skip-deployment commit patterns and custom trigger fields (#12278, [#11955], [#12373])
  • Runtimes and templates — Added Bun and Deno site runtimes and a Rust starter function template (#12337, [#12198])
  • Build caching — Added node modules cache key support for builds (#12555)
  • File size — Added actual file size tracking (#12344)
  • Chunked uploads — Improved out-of-order and parallel chunk uploads, S3 multipart ETag handling, chunk permission checks, and deployment chunk upload stability (#12138, [#12209], [#12585], [#12466], [#12456], [#12574])
  • Build and rule fixes — Fixed canceled deployment status overwrites, build log parsing, orphaned deployment rules, rule creation races, and rules without deployments (#12569, [#12498], [#12571], [#12307], [#11974])
  • Scheduler and cache fixes — Fixed scheduled function documents, scheduler handling, and storage cache fallback (#11790, [#11892], [#12285], [#11860], [#11842])

Installer and self-hosted

  • Release updates — Updated Console image to 8.7.5, kept PostgreSQL disabled by default for fresh installs, and fixed installer database, secret key, and compose release wiring (#12666)
  • Compose generation — Generate installer compose files from base compose and fix Mongo copy failures, dependency rewriting, override loading, and Traefik command preservation (#12703)
  • Installer fixes — Fixed local installer dev flow, missing worker-executions service, and executor config in installer compose output (#12627, [#11838], [#11874])
  • Host validation — Fixed public hostname validation under Swoole DNS and regional endpoint validation (#12431, [#12411], [#12357])

API and SDKs

  • SDK updates — Added Unity SDK docs/configuration and ping to SDK specs (#12482, [#12330], [#12604])
  • Auth schemes — Added platform parameter enums, unified auth headers, query/path project auth schemes, and repository branch search pagination (#12358, [#12211], [#12481], [#12554], [#12213], [#12243])
  • Spec fixes — Fixed generated API metadata, summaries, text responses, enum keys, unresolved models, provider repository discriminators, method IDs, and parameter naming consistency (#12544, [#12312], [#12402], [#11817], [#12392], [#11924], [#12235], [#12238], [#12244], [#12212])
  • SDK compatibility — Fixed legacy database SDK deprecation metadata (#12615)

Reliability and performance

  • Queue workers — Improved queue worker concurrency and made the webhooks worker safer under concurrent load (#12468, [#12552])
  • Worker stability — Fixed connection pool behavior, deletes worker connection collisions, and DB worker memory behavior (#12338, [#12639], [#11749])
  • Request handling — Improved request-scoped resource handling and response state isolation (#12220, [#11564], [#11798])

Security and dependencies

  • Base images — Bumped Appwrite base images and patched OS package CVEs (#12174, [#12201], [#12204], [#12516], [#12546])
  • Dependency fixes — Updated phpseclib for CVEs and fixed a Composer audit issue for GraphQL PHP (#11858, [#11887])
  • Runtime and data updates — Upgraded DB-IP Country Lite to 2026-06 and PHP runtimes (#12473, [#11731], [#12196], [#12378])

Notable Fixes

  • GraphQL coroutine-safe responses, batch reset, audit handling, preview assertions, and disabled functional tests
  • Large execution payloads and function execution request metadata
  • Execution log behavior
  • Webhook API security and flaky webhook/site deployment tests
  • VCS typed client exceptions, repository preservation on update, cross-project installation validation, and server-side branch search
  • Platform type backwards compatibility and deprecated origin validation
  • CORS for paused projects and error responses
  • RFC 6265 cookie handling and request-scoped cookie domain behavior
  • Favicon empty-body handling and AVIF preview behavior
  • Cache-control callbacks, query syntax errors, missing console scopes, and double policy scopes
  • Variables API feature parity and project variable ID behavior
  • SMTP template regressions, empty string template params, test email platform vars, and SMTP port type
  • Project delete events and cache health checks

Upgrade Path

  • Upgrade from 1.9.0 to 1.9.5. Use the database migration step in the web installer, the --migrate flag with the upgrade task, or manually run docker compose exec appwrite migrate.
  • Self-hosted users should review generated compose changes before upgrading, especially if using installer-generated compose files or PostgreSQL.

New Contributors

Full Changelog: https://github.com/appwrite/appwrite/compare/1.9.0...1.9.5

Source: README.md, updated 2026-06-30