Changelog

A number of security vulnerabilities in the React framework and related frameworks, like next.js, were recently disclosed. These vulnerabilities did not impact Retool.

• CVE-2025-55182
• CVE-2025-55183
• CVE-2025-55184

These vulnerabilities were related to React's server-side rendering systems which are not used by Retool. As such, there is no action for cloud- or self-hosted customers to take.

Retool's website was also not impacted. We confirmed with our vendor that these vulnerabilities were already mitigated before being publicly disclosed. After the patches were released they applied the patches the same day.

Retool now supports two modes for prompting with Assist: Ask and Build. Use Ask as a safe, read-only way to understand and debug your app without adding or changing components or logic, and Build when you’re ready for Assist to make edits.

• Ask mode: Assist replies with explanations, suggestions, or debugging help. When in Ask mode, Assist cannot modify your app.
• Build mode: Assist can create and edit components, queries, and logic in response to your prompt.

Both modes use the same understanding of your app, your data, Retool features, and documentation.

Assist defaults to using Build mode. You can switch between modes at any time.

Retool added support for DeepSeek-V3.2 in Baseten. DeepSeek-R1 is no longer supported, and DeepSeek-V3.2 will be used instead.

OpenAI's model GPT-5.2 is now available in Retool. It can be used with AI actions and with Retool Agents.

Assist can now automatically summarize long threads. The amount of information sent to the AI provider (the context window) increases as you build. Instead of sending your full message history to the AI provider with every request, Retool now regularly compacts the thread and sends the conversation summary along with any following messages. This improvement keeps the context window within the required limits, reducing the likelihood of errors and preventing interruptions when prompting with Assist.

Thread summarization can occur either during or after app generation.

The Agent-to-agent (A2A) protocol provides standardized and secure communication between external agents and agents built with Retool, so you can trigger your agent from an external agent, or embed agents in your own systems.

Retool has implemented the core set of A2A functionality, so you can:

• View an agent card.
• Send a message.
• Poll for updates on tasks.
• Stream processing or task updates via Server-Sent Events (SSE).
• Cancel tasks.

To allow external agents to communicate with Retool agents, you can enable the A2A trigger on your agent's configuration page, and copy the endpoint and API key into your A2A client. The A2A client then sends messages via common messaging formats like the HTTP+REST and JSON-RPC APIs, and Server-Sent Events (SSE) for long-running streaming updates.

Explore the following pages for more information:

• Set up an A2A trigger to learn how to enable the A2A trigger.
• A2A endpoints to learn how to cURL for endpoint responses.
• A2A tutorial to learn how to trigger your agent from an external agent.

Assist can now more reliably explore large or under-documented SQL database schemas without exceeding LLM context windows. These changes enable Assist to generate higher quality SQL queries for your apps and reduce the likelihood of SQL-related errors.

Customers with simple schemas now benefit from richer context retrieved through exploratory queries, while large enterprises can rely on Assist to navigate massive data lakes.

Self-hosted organizations can now restrict the creation or usage of specific resource types using either the RESOURCE_TYPES_CREATION_DENY_LIST or RESOURCE_TYPES_DENY_LIST environment variables.

• RESOURCE_TYPES_CREATION_DENY_LIST prevents users from creating any resources of the specified types. Any existing resources continue to function.
• RESOURCE_TYPES_DENY_LIST prevents users from both creating and using any resources of the specified types. Any related resource queries will then fail.

Any restrictions you set can be reverted at any time.

Role-based permissions is now generally available for organizations to configure granular admin controls. Organizations can now configure granular admin permissions. You can create roles with granular permissions so groups can manage certain organization settings without full administrator access.

Once you configure the necessary roles to control access, you can apply them to any number of groups. Retool will eventually transition away from using per-group permissions to role-based access controls for permissions management.

Support for multiple Secrets Manager configurations is now available in public beta. Once enabled, self-hosted organizations can create additional configurations and retrieve secrets data from multiple locations.

The multiple configurations beta is available in self-hosted Retool 3.300 and later.