Updates, changes, and improvements at Retool.
Refer to the stable and edge release notes for detailed information about self-hosted releases.
Retool now supports an integration to the Tavily Search API. Use this integration to perform either general or news-specific web searches. You can choose to provide your own Tavily API key if you do not want to be subject to Retool's rate limits (100 calls per 24 hours) on Tavily.
A vulnerability in an open-source library, samlify, which Retool uses for SAML login implementation, allowed for account takeovers through forged SAML identity provider (IdP) assertions. In the worst case, an external threat actor could forge arbitrary assertions for a SAML IdP, potentially leading to full account takeovers within an organization. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue. This exploit requires no user interaction and an attacker could gain unauthorized access to an organization with escalated privileges.
| Field | Value |
|---|---|
| Vulnerability Type | Improper Verification of Cryptographic Signature |
| Package | samlify |
| Affected Component | Retool organizations using SAML SSO |
| Attack Type | Remote |
| Impact | Account Takeover |
| Reference | https://nvd.nist.gov/vuln/detail/CVE-2025-47949 |
| Discoverer | Alexander Tan (ahacker1) |
| Branch | Versions |
|---|---|
| Edge | 3.207.0-edge |
| Stable | 3.196.2-stable |
| Stable | 3.148.13-stable |
| Stable | 3.114.25-stable |
| Release branch | Release versions |
|---|---|
| Edge | 3.111.0 to 3.203.0 |
| 3.196-stable | 3.196.0 to 3.196.1 |
| 3.148-stable | 3.148.0 to 3.148.11 |
| 3.114-stable | 3.114.0 to 3.114.23 |
| < 3.111.0 |
An improved version of the File Input component for Mobile is currently available to cloud instances and self-hosted instances on version 3.168.0 or later.
This includes:
value property in the component state.Retool renamed the Chat component to LLM Chat to provide more clarity on the purpose of the component. No user action is required.
Self-hosted deployments of Retool missing the BASE_DOMAIN environment variable may in some cases be vulnerable to host header injections. All vulnerable versions can be remediated immediately by properly setting the BASE_DOMAIN environment variable to the full URL of the deployment, such as https://retool.example.com. Beginning with 3.196.0, this environment variable will be required for an instance on boot.
| Disclosure | Details |
|---|---|
| Vulnerability Type | CWE-1289: Improper Validation of Unsafe Equivalence in Input. |
| Vendor of Product | Retool. |
| Affected Product Code Base | View affected release versions. |
| Affected Component | Self-hosted Retool organizations. |
| Attack Type | Remote. |
| Impact | Escalation of Privileges. |
| CVSS 3.x Base Score | 7.1 |
| CVSS 3.x Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C |
| CVSS 4.x Base Score | 5.3 |
| CVSS 4.x Vector | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/R:U |
| Reference | https://docs.retool.com/releases |
| Discoverer | Robinhood Red Team and Doyensec |
| Fixed Version | 3.196.0+ |
All current Retool on-prem instances that have not yet disabled password based authentication may be vulnerable (this is easily checked by verifying that there is no form to login with a password when opening up Retool.) If password auth has not been disabled, your Retool instance is potentially vulnerable if all of the following apply to you:
| Release | Release versions |
|---|---|
| 3.18 | 3.18.1 to 3.18.23 |
| 3.20 | 3.20.1 to 3.20.18 |
| 3.22 | 3.22.1 to 3.22.21 |
| 3.24 | 3.24.1 to 3.24.22 |
| 3.26 | 3.26.4 to 3.26.14 |
| 3.28 | 3.28.3 to 3.28.15 |
| 3.30 | 3.30.1 to 3.30.15 |
| 3.32 | 3.32.1 to 3.32.12 |
| 3.33 | 3.33.1-stable to 3.33.37-stable |
| 3.52 | 3.52.1-stable to 3.52.28-stable |
| 3.75 | 3.75.1-stable to 3.75.25-stable |
| 3.114 | 3.114.1-stable to 3.114.22-stable |
| 3.148 | 3.148.1-stable to 3.148.22-stable |
An email to customers sent on 2025-05-09 incorrectly described which Retool instances are affected. The section on affected versions should instead be Is my version of Retool affected?.
Improvements to source control on Workflows are now generally available on Self-hosted Retool 3.200.0-edge and in the upcoming stable release. The following features are now supported for all users on Enterprise plans:
Retool made several improvements to the usage of Source Control with Retool Workflows. The following features are now supported on Enterprise plans:
This feature was previously released as generally available for cloud instances and as closed beta for self-hosted instances.
Retool now supports an integration to the Google Calendar API. Use this integration in combination with the Calendar or Timeline components to interact with calendars and events.
Refer to the Calendar guide for information on how to use this resource with the Calendar component.
Retool now supports an integration to Google Docs, which utilizes the Google Docs API and the Google Drive API. Use this integration to retrieve, create, and update documents.
Retool can record user behavior and interactions with apps using Fullstory. When enabled, data about user interactions with apps are reported directly to Fullstory for you to review in detail. You can then analyze app analytics, evaluate impact, and review interactions with session replay. This integration is useful for monitoring user activity across different apps, and using advanced analytical tools like heatmaps and funnels to identify usage patterns, debug errors, and improve the overall user experience.
The backend runtime in self-hosted Retool 3.163 and later has been upgraded to use Node.js v20.18. This change may result in memory and CPU usage of containers to increase. Without sufficient resources, this could impact the performance of Retool Workflows. If necessary, you can increase the memory limits for workflows using the WORKFLOW_MEMORY_LIMIT_MBS environment variable.