Due to potential security concerns, Retool is removing certain functionality that enables external app users to download images. No security breach or active vulnerability has occurred, and you do not need to take any security-specific actions.
External and embedded, publicly available apps will no longer support:
- Download Image columns in the Legacy Table component. Use an alternative method, such as a Link or Button column type, for image URL links. Retool strongly recommends you migrate to the current Table component instead.
- Export PDFs with images hosted on separate domains. All other components will be included in the PDF export. Retool recommends moving your publicly-hosted images to be hosted on the same domain as your Retool instance. For example, you could use images that are natively uploaded to the Image component, stored in Retool Storage, stored in Retool Database, Base64-encoded, or stored in an Amazon S3 bucket.
These features are no longer available on Retool Cloud and Self-hosted Retool 3.114-edge or later. These features will be removed in the next stable release of Self-hosted Retool.