Changelog

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 2.25.2.

• Fixed an issue where saving remote Git content after editing replaced the selected repository folder with the repository root. The selected folder is retained when saving without changes.

Features

• Added OAuth2 client management in organization settings with access scope configuration and client revocation.

Fixes

• Fixed an issue where manually triggered deployments showed incorrect commit messages on the deployment details page.

• Changed the add tab button in the preview panel to always open a blank tab instead of opening a missing tab.

Features

• Added granular permissions to API keys.

Features

• Added AI pull requests review summary comment which automatically updates as the AI review progresses.

Fixes

• Fixed security vulnerability CVE-2026-0540 by upgrading dompurify to version 3.3.3.

• Fixed security vulnerabilities CVE-2026-29085, CVE-2026-29045, and GHSA-v8w9-8mx6-g223 by upgrading hono to version 4.12.8.

• Fixed security vulnerabilities CVE-2026-27904 and CVE-2026-27903 by upgrading minimatch to version 10.2.4.

• Fixed security vulnerability CVE-2026-28292 by upgrading simple-git to version 3.32.3.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 2.24.0.

Features

• Improved system stability by moving authentication into a separate service.

• Added access to Project Analytics for project maintainers.

• Added mapping of common OAuth2 errors to human-friendly messages.

• Fixed sidebar UI inconsistencies and bugs.

• Added a filter by product to Search queries and AI Search queries on Project Analytics page.

• Enhanced the autocomplete suggestions and added type validation for TypeScript in Reunite's editor.

• Removed an outline on menu items in collapsed sidebar mode.

• Fixed the positioning of the Preview Template button, on the Create Project page.

• Changed all tables to use infinite scroll on window with sticky header

• Added window-level infinite scroll and sticky header support to the DataGrid, and enabled them for the feedback page.

• Added an intent step to the organization creation form.

• Moved "Create project" from the sticky footer to the main menu for organizations without projects.

Fixes

• Updated @redocly/ajv to version 8.17.4.

• Updated @redocly/openapi-core and @redocly/cli to version 2.19.0.

• Updated @redocly/ajv to version 8.18.0.

• Updated @redocly/openapi-core and @redocly/cli to version 2.20.4.

• Updated @redocly/openapi-core and @redocly/cli to version 2.20.5.

• Improved performance of scout push.

• Updated @redocly/openapi-core and @redocly/cli to version 2.18.2.

• Updated @redocly/openapi-core and @redocly/cli to version 2.18.0.

• Updated @redocly/openapi-core and @redocly/cli to version 2.17.0.

• Updated @redocly/openapi-core and @redocly/cli to version 2.20.1.

• Updated @redocly/openapi-core and @redocly/cli to version 2.20.3.

• Fixed OAuth2 IdP error handling to display messages correctly.

• Updated @redocly/openapi-core and @redocly/cli to version 2.19.2.

• Fixed rename of unopened files so the commit tab shows deleted and added files correctly.

• Added helper text under the Production branch in Branches & Deployments with a direct link to Git hosting settings.

• Removed extra spacing in expanded scorecard details.

• Fixed cursor position update in the editor status bar.

• Removed white flash on page load in dark mode.

• Added upload folder feature to Reunite Editor.

• Fixed visibility of Runtime Logs sidebar menu icon for light theme.

• Fixed display issues in processed and skipped scorecard APIs.

• Fixed layout issues on team management pages.

• Added a remote content banner for OpenAPI files that are part of remote content.

• Fixed an issue where images uploaded into .md files sometimes did not appear in the file tree.

• Removed collapse icon from the Reunite Editor Commit sidebar for the default branch.

Features

• Replaced the separate right-side development mode controls in Realm docs UI with a single bottom floating status bar to improve user experience.

• Added support for the product filter on Project Analytics page.

• Added support for badges option in sidebars.yaml to display visual indicators next to sidebar item labels.

• Added support for OpenAPI 3.2 tags object.

• Added support for OpenAPI 3.2 querystring parameters to handle structured query parameters with nested objects and arrays.

• Added an internal /_api/cors proxy endpoint in Realm and configured embedded Replay to use it by default.

• Added support for the nodeType field in the OpenAPI 3.2 XML Object.

• Enabled semantic search for Docs MCP.

• Added stricter validation to feedback forms.

• Added code-snippet Markdoc tag support for llms.txt.

• Added support for OpenAPI allowReserved query parameters in Replay.

• Added a toggle to hide or display sensitive data in generated step code samples in Replay.

• Added code collapsing support for JSON editors in Replay.

Fixes

• Fixed an issue where the Connect to MCP button ignored the configured prefix path.

• Fixed View as Markdown and Copy for LLM page actions incorrectly omitting schema properties that share a name with a property at a different nesting level.

• Fixed canonical URLs on versioned pages to use the default version.

• Improved the accessibility of OpenAPI and GraphQL docs.

• Fixed an issue where the Copy for LLM and View as Markdown page actions ignored the respective path prefix for the root page.

• Fixed an issue where sidebar groups were displayed even though they contained no valid items in the active version.

• Fixed tooltip visibility in browsers without anchor positioning support.

• Fixed an issue where custom Markdoc heading IDs were not used in search results.

• Fixed an issue in OpenAPI docs where example keys were used instead of summary text in example drop-downs.

• Improved appearance and deep linking for the tabs Markdoc tag.

• Fixed URL fragment duplication when opening docs for endpoints with path parameters (e.g. /foo/{id}/bar).

• Fixed the built-in CORS proxy failing with "fetch failed" for certain URLs.

• Fixed code sample generation when path parameter examples contain integer values.

• Improved build memory usage for large projects.

• Fixed an issue in AI Search where clearing the product tag would still include the product in the search request.

• Fixed an issue where page actions remained visible even though search was disabled.

• Improved the accessibility of AsyncAPI docs.

• Fixed an issue where optional properties of API operations were inconsistently displayed between API docs and Replay.

• Fixed security vulnerability CVE-2026-26996 by upgrading minimatch to version 10.2.1.

• Fixed page actions overlapping the navbar.

• Fixed an issue where rbac configuration ignored versioned content folder paths with leading slashes.

• Fixed padding in schema definition and MCP tool views.

• Fixed an issue in OpenAPI docs where the schema description in the Schema definition section was duplicated.

• Fixed an issue where schemas using allOf with a $ref had their own title overridden by the referenced schema's title.

• Fixed an issue in OpenAPI docs where nested Markdoc partial tags prevented partial content from rendering.

• Fixed an issue where the root .md pages for OpenAPI and AsyncAPI files failed to generate when requiresLogin was set to true in redocly.yaml.

• Fixed an issue where scorecard displayed a "Lint completed without rules" message when rules were configured in the apis section of redocly.yaml rather than at the root level.

• Fixed an issue where the terminal output retained artifacts from previous commands.

• Fixed a bug where Segment analytics ignored trackPage=false in configuration when a custom script was used to send page view events.

• Updated @redocly/openapi-core to version 2.20.5.

• Fixed an issue in GraphQL docs where navigating to a referenced field resulted in a 404 error.

• Fixed an issue where the expand dropdown buttons were displayed over open dropdown menus.

• Fixed an issue where sidebars.yaml files in ignored folders weren't excluded from link checking.

• Fixed an issue with Mock Server where the response sample included writeOnly fields.

• Fixed security vulnerability CVE-2026-26278 by upgrading fast-xml-parser to version 5.3.6.

• Fixed an issue where the documentation page content shifted after users opened dialog windows.

• Fixed an issue where the Mock Server appeared twice in the environments list.

• Fixed an issue with the Authorization Code with PKCE flow in Replay resulting in token request failures.

• Fixed an issue where response information was missing in Replay's mobile layout.

• Fixed an issue where Replay crashed when used in an iframe.

• Fixed security vulnerability CVE-2025-69873 in ajv by upgrading to version 8.18.0.

Fixes

• Fixed security vulnerability CVE-2026-25128 in fast-xml-parser by upgrading openapi-sampler to version 1.7.0.

Fixes

• Fixed a bug where AI search events were not tracked for project analytics.

Fixes

• Fixed an issue where Project Analytics would not display any data for specific versions of Realm.

Fixes

• Fixed an issue where the login button was not displayed when a default identity provider was configured.

Features

• Added an interactive lightbox viewer for Mermaid diagrams with zoom, pan, and keyboard navigation.

• Added bundling support for OpenAPI 3.2 components/mediaTypes references used in request and response content.

• Added support for branch-specific configuration in redocly.yaml.

• Transitioned AI Search to agent mode, now featuring expanded search capabilities and direct integration with the Docs MCP.

• Made the 403 Forbidden error page layout ejectable and improved its styling.

• Added login-button Markdoc tag to render a login button on project pages.

• Added rbac support for banners to allow conditional visibility based on user team membership.

• Added ejectable DocumentationLayoutTop and DocumentationLayoutBottom to customize component positions in DocumentationLayout.

• Improved tooltip positioning and performance.

• Added search to the dropdown in the examples panel for OpenAPI docs.

• Improved editing experience for Replay's URL input.

• Added support for downloading files from the response body in Replay.

• Improved editing experience for Replay's input fields.

Fixes

• Fixed an issue where project processing could halt indefinitely.

• Fixed an issue where downloading large AsyncAPI files would fail.

• Fixed an issue where project builds could fail due to unset environment variables, despite the variables existing in the cloud environment.

• Fixed support for .redocly.lint-ignore.yaml in the scorecard.

• Fixed an issue where RBAC access control did not apply to schema properties that used $ref references.

• Updated @redocly/openapi-core to version 2.15.2.

• Fixed id_token audience validation to support organization ID alongside slug, preventing auth failures after slug changes.

• Fixed an issue where extra space in mobile menu and navbar was displayed together with the banner.

• Fixed an issue where deep links would open pages in an incorrect position if a banner was present.

• Fixed an issue where the Back to Search button was displayed when AI Assistant was opened using the Ask AI button.

• Fixed image alignment in headers.

• Fixed language icon rendering issues in API docs.

• Fixed an issue where URLs of OpenAPI docs pages could automatically receive -1 suffixes.

• Fixed an issue where the mock server returned a 404 error when enabled at the product level but disabled at the root level in redocly.yaml.

• Fixed an issue in API docs where the discriminators displayed incorrect names.

• Fixed an issue where a schema wouldn't be displayed in OpenAPI docs when it was an only item in a oneOf.

• Added support for query in OpenAPI 3.2 and x-query in OpenAPI versions earlier than 3.2.

• Improved misleading warning for expired plan gates token.

• Fixed API docs performance issues in projects that use Markdoc partial tags.

• Fixed an issue where the Copy and Copy for LLM buttons were not hidden on OpenAPI endpoint pages that had excludeFromSearch option configured.

• Fixed an issue where the llms.txt page ignored path prefix in links.

• Fixed an issue where the Card component displayed unintended text underlines when used in React pages.

• Updated the Security panel in API docs to display required scopes in line.

• Fixed an issue where the Security modal in API docs displayed combined information for multiple flows.

Features

• Consolidated sidebar navigation by grouping Feedback and Analytics under a Reports menu and moving project settings into a collapsible Settings submenu.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 2.15.2.

Features

• Fixed double scrollbar issue in project breadcrumbs navigation.

Features

• Fixed bundled Arazzo files not including files referenced via $file() syntax.

• Added scorecard view filtering based on reunite.ignoreLint patterns.

Fixes

• Fixed an issue causing the pull request author to load indefinitely in some cases.

Features

• Fixed an issue where changes to organization slug would result in "Forbidden: No valid audience found in id_token" error, restricting user access.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 2.15.1.

Fixes

• Fixed project deletion permissions at the project level.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 0.0.0-snapshot.1769511679.

• Fixed an issue where Reunite did not process .redocly.lint-ignore.yaml.

Features

• Enabled word wrap by default in the editor for Markdown files.

• Added type hints on hover in the Reunite editor.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 0.0.0-snapshot.1769415576.

• Updated @redocly/openapi-core and @redocly/cli to version 2.14.9.