Changelog

GPT-5.4 is now available in Retool through OpenAI. It can currently be used with AI actions.

READMEs can now be protected for apps that use Source Control. For existing apps that have a README, Retool will add a README.md file to your repository with your next commit. If you are protecting an app for the first time, Retool will include the README.md file automatically.

As a form of feedback, you can now submit prompts from the help button. Find the help button at the bottom right of pages like the apps or resources landing page. Each prompt triggers an internal prototype generated with AI, which Retool can use to improve the product. If Retool implements the feature, you can choose to be credited with your name in the changelog.

Retool has two new improvements to the API:

• A new per-instance API reference is now available at {your-instance}/reference. The reference is available on all cloud instances and served locally by self-hosted deployments within its VPC—no internet connection required. The API reference reflects only the API version running on your instance and always matches what's available to you.
• The API version now tracks the Retool release version. The Retool API version now corresponds to your instance's release version. This makes it easier to track Retool API changes whenever your instance is updated.

Retool now supports hardened images, which are now available on the self-hosted stable release channel. These images are designed to improve supply-chain security, reduce the attack surface, and support modern infrastructure while remaining functionally compatible with existing deployments. Learn more about hardened images in the conceptual guide.

Plan your migration​

Use the following high-level steps to evaluate and roll out hardened images.

1. Review requirements and environment​

• Confirm that your environment meets the Self-hosted Retool requirements, including network and egress configuration.
• Identify any current reliance on shell access, system tools, or custom image modifications.
• Review your update process in Upgrade deployments and your overall deployment model in the Self-hosted quickstart.

2. Test hardened images in non-production​

Retool strongly recommends testing hardened images on non-production instances first, for example:

• A development or staging instance in a separate Virtual Private Cloud (VPC) or cluster.
• A temporary test environment built using the Docker or Kubernetes deployment guides.

When testing:

• Update your manifests or Docker Compose files to use the appropriate *-stable-hardened tags.
• Verify your critical apps, workflows, and database connections behave as expected.
• Check container health, logs, and telemetry using Container logs and Collect self-hosted telemetry data.

3. Roll out to production instances​

When you're ready to use hardened images in production:

• Follow your usual deployment and rollout process. For example, use the near-zero downtime strategy in Scale your self-hosted deployment infrastructure.
• Upgrade instances sequentially (development → staging → production) and validate each step.
• Communicate with your users about maintenance windows and any expected changes.

If you encounter regressions, you can temporarily roll back to classic images by reverting your image tags while you work to diagnose and resolve issues.

Stable channel timeline​

Over time, hardened images will become the recommended default for production deployments, and classic images will eventually be phased out.

To stay current on timelines and support windows, monitor the Stable releases and Self-hosted requirements documentation.

Self-hosted Retool 3.334.0 is now available on the Stable release channel.

Retool releases a version on the stable channel each quarter. A stable release is generally four versions behind the cloud-hosted version at the time.

Preparation and testing of a stable version occurs approximately four weeks prior to its release. Stable releases are rigorously tested before they are published. As the release cycle is less frequent, administrators can more easily maintain and upgrade deployments.

Retool supports each stable release for six months. During this time, Retool will release patch updates that contain bug fixes or security updates. Patch updates do not contain functionality changes and can be applied more quickly than performing a full version upgrade.

After six months, a stable release is considered deprecated. You can continue using a deprecated release but it will no longer receive updates. At this time, you should upgrade to the latest stable release.

Retool made significant design updates to the workflows landing page to improve user experience and align more closely with the agents landing page.

The landing page displays all workflows, and folders containing workflows, for your Retool organization. You can perform the following actions from the landing page:

• Sort workflows by Name, Last Updated date, or Created date.
• Search for workflows.
• Toggle between Grid view or Table view.
• Refresh the workflows list.
• Import a workflow from JSON.
• Create a new Folder.
• Create a new Workflow.
• Create a workflow From Template.

Claude Sonnet 4.6 and Opus 4.6 are now available in Retool through Anthropic and Amazon Bedrock. Sonnet 4.6 and Opus 4.6 can both be used with AI resource queries.

When creating a new REST API resource, you can now connect an OpenAPI or Swagger specification. Connecting an API specification enables:

• Autocomplete: Get endpoint and parameter suggestions when writing queries.
• Validation: Retool validates requests against the specification schema.
• Better Assist: Assist can more effectively generate queries based on the specification.
• Documentation: Endpoint descriptions from the specification appear in the query editor.

When working with resources, users can also manually create endpoints or parameters that aren't included in the specification.

Source Control configuration now supports embedded expressions in sensitive credential fields, including access tokens, passwords, private keys, and SSH keys. This enables secure credential management using configuration variables and secrets.

Toggle the Template variables in Source Control config feature flag in Settings > Beta to enable this feature.

• On cloud and self-hosted instances, you can reference configuration variables:

  {{ environment.variables.MY_KEY_OR_TOKEN }}
  

• On self-hosted instances only, you can also reference secrets from secrets managers:

  {{ secrets.MY_SECRET.KEY }}
  

Embedded expression support is available for all Source Control git providers: GitHub, GitLab, Bitbucket, Azure Repos, and AWS CodeCommit. The UI includes field captions, autocomplete, and validation to help you use embedded expressions correctly.

Non-sensitive fields like repository names, branch names, and usernames do not yet support embedded expressions.