March 27, 2026
We’re happy to announce Structr 6.3.0, a quality-focused release that builds on the strong foundation of 6.2.0 with a polished configuration UI, security hardening, improved error handling in scripting functions, deployment export boundaries, and a broad set of bugfixes and UX improvements across the platform.
Refined Configuration UI
The configuration area in Structr has received significant attention in this release. Servlets and services are now sorted alphabetically for easier navigation, long descriptions are displayed correctly, and a new input popup provides a cleaner experience when adding configuration keys. Cron expressions now show human-readable descriptions, taking the guesswork out of scheduling. Several visual inconsistencies have been cleaned up, and relevant settings now include hints about list item separators and when a service restart is required.
Security Hardening
Structr 6.3.0 blocks the HTTP TRACE verb at container level, closing a well-known vector for cross-site tracing attacks. The default HTTP rate limit has been increased to 1000 to prevent stale browser connections from being incorrectly throttled. Together with the DoS filter introduced in 6.2.0, these changes further strengthen Structr’s production security posture without requiring external infrastructure.
Improved Scripting and Error Handling
Several scripting functions have been improved to give developers better control over error handling. sendPlaintextMail and sendHtmlMail now throw catchable exceptions instead of failing silently, allowing applications to react to mail delivery failures. Similarly, base64decode now throws proper exceptions when the scripting engine supports it. The timer() function gains pause and clear actions, idempotent start behavior, and higher precision via System.nanoTime().
Deployment Export Boundaries
A new feature allows developers to exclude folder subtrees from deployment exports. This is useful for keeping large asset folders, temporary files, or environment-specific content out of deployment packages without manual cleanup.
Revamped Dialog Styling
The UI has been updated with custom dialog styles for the file editor, method runner, schema editor, and CRUD popups. The general tab is now responsive to its container size, search input in CRUD dialogs has been fixed, and dropdown placement for show conditions works correctly in single-column layouts.
Flow Editor Fixes
The visual flow editor has been stabilized with fixes for NPE handling when flows don’t return values, updated JavaScript calls for non-default deployment paths, improved macOS keybindings, and removal of outdated HTML files. Caching of function property values has also been fixed for cases where caching was explicitly disabled.
And Much More
Beyond these highlights, Structr 6.3.0 introduces predicate.any for flexible query matching, experimental annotations with documentation output, split custom/built-in type lists in “Rebuild Index” dropdowns, in-dialog warnings for composite uniqueness constraint violations, Page.path converted to a function property, OAuth redirect fixes for both standard and Azure flows, global search fixes including duplicate result prevention and Neo4j <5.9 compatibility, removal of the deprecated REST console, and continued documentation improvements.
For the full list of changes, see the detailed release notes.
Upgrade Notes:
- Recommended for all Structr 6.2.x users
- The REST console has been removed from the UI
Page.pathis now a function property — review any code that writes to this property directlybase64decodeand mail functions now throw exceptions — update error handling if needed- The Azure OAuth default user endpoint has changed back to the OIDC endpoint — verify your Azure OAuth configuration after upgrading
- See the release notes for all details
