Admins can now customize the Content Security Policy (CSP) that Retool enforces on apps. Retool applies a strict default policy that restricts which origins an app can load scripts, fonts, images, and other resources from. You can now extend that policy org-wide to allow the additional origins your apps need, or tighten the defaults further.

For example, if custom JavaScript in an app loads a charting library from a CDN such as https://cdn.example.com, the default script-src 'self' policy blocks the script and the app fails to render it. You can now add that origin to script-src so the app can load it without loosening the policy for any other resource.

Configure rules in Settings > App security > Content Security Policy. Changes apply to every app in your organization and are recorded in your audit logs.

For more information, refer to Customize the Content Security Policy for apps.

Customers with a 3.259.0-edge deployment should immediately update to 3.259.1-edge. This patch release addresses a security vulnerability that could expose environment variables during code-executor startup.

Self-hosted Retool 3.251 and later contain two notable changes to the code-executor service:

• A container running code-executor is required to run workflows and custom API authentication. Previously, these features could be run in a sandbox in the backend container. Retool's security team has become aware of a sandbox escape and will no longer be supporting sandboxing in the backend. For more information refer to the disclosure page.
• Traffic to the private 192.168.0.0/16 IP address range is blocked by default. If you want to disable this security configuration, follow the instructions in the code-executor security privileges documentation.

Due to potential security concerns, Retool is removing certain functionality that enables external app users to download images. No security breach or active vulnerability has occurred, and you do not need to take any security-specific actions.

External and embedded, publicly available apps will no longer support:

• Download Image columns in the Legacy Table component. Use an alternative method, such as a Link or Button column type, for image URL links. Retool strongly recommends you migrate to the current Table component instead.
• Export PDFs with images hosted on separate domains. All other components will be included in the PDF export. Retool recommends moving your publicly-hosted images to be hosted on the same domain as your Retool instance. For example, you could use images that are natively uploaded to the Image component, stored in Retool Storage, stored in Retool Database, Base64-encoded, or stored in an Amazon S3 bucket.

Retool is dedicated to protecting the confidentiality, integrity, and availability of our platform. The new vulnerability disclosure program enables you to submit reports of any potential security concerns that you may have.

You can now use FIDO2-compliant hardware security keys, such as the YubiKey 5, with two-factor authentication.