Release announcements, helpful tips, and community discussion


Cerb (10.3.1) is a maintenance update released on October 18, 2022. It includes 28 minor features and fixes from community feedback covering the 10.3 update. You can follow these instructions to upgrade.



  • [Chart KATA/Tooltip] In Chart KATA widgets, the tooltip that displays when hovering over a data point can now be disabled with tooltip:show@bool: no.

  • [Chart KATA/Legend] In Chart KATA widgets, the legend can now be hidden using legend:show@bool: no.

  • [Chart KATA/Tooltip] In Chart KATA widgets, the tooltip that displays when hovering over a data point can be configured with tooltip:grouped@bool: to show all data points at the same x-axis tick (yes, default) or only the highlighted point (no).

  • [Chart KATA/Categories] In Chart KATA widgets, when using a category x-axis type (qualitative), the key axis:x:categories@list: can be used to override the sort order of the categories. Any categories in datasets that are not specified here will sort to the end of the axis. For instance, when using a worklist.subtotals data query and grouping by created@quarterofyear, the categories@csv: Q1,Q2,Q3,Q4 option would sort the x-axis chronologically regardless of subtotal frequency.

  • [Chart KATA/Performance] In Chart KATA widgets, added the ability to cache dataQuery: datasets. This is very helpful for immutable historical queries that don’t need to be recomputed every visualization.

  • [Automations/file.write] In automations, the file.write: command may now specify an optional name: for the created automation resource. For instance, this makes it easier to store a filename on an uploaded file that is later converted into an attachment.

  • [Charts KATA/Search] In Chart KATA widgets, dataQuery: datasets now automatically support “click to search” functionality in visualizations. For instance, using a worklist.subtotals data query to render a chart will display the records in a search popup when clicking on a bar, line point, or pie wedge.

  • [Chart KATA] In Chart KATA widgets, legend:sorted@bool: controls whether the series list in the legend is sorted alphabetically. This defaults to no.

  • [Chart KATA/Usability] In Chart KATA widgets, added spinners when configuring the widget and testing datasets or the chart. This fixes an issue where it looks like nothing is happening if there’s any latency.

  • [Workspaces/Worklists] ‘Workspace page’ worklists now support ‘Explore’ mode. [#1163]

  • [Chart KATA/Colors] In Chart KATA widgets, custom color:patterns: can be defined as any key name with a value containing a comma-separated list of hex color codes (e.g #6e40aa). If a pattern key ends in _dark it will be preferred in dark mode. Several pre-defined color patterns are available through code autocompletion. Each dataset can specify a color pattern using data:series:*:color_pattern:. If a color pattern is named default it will apply to any series without an explicit color assigned. If multiple datasets share the same non-default color pattern, colors will be synchronized for values that are identical. For instance, if two series compare groups over current/prior year, then ‘Support’ will have the same color in both datasets. The default color scheme (when omitted) automatically adapts for light and dark mode.


  • [Chart KATA/Datasets] In Chart KATA widgets, data query datasets can use format:categories to load data.

  • [Chart KATA/Datasets] In Chart KATA widgets, an error is now displayed when a chart data:series: references a non-existent x_key: series.

  • [Resources/Fonts] On Font resource records, loaded TTF fonts are now served from a cache. This makes them much more efficient to use from frequently invoked automations.

  • [Chart KATA] In Chart KATA widgets, dataQuery: datasets perform more error checking on valid formats.

  • [Chart KATA/Tooltips] On Chart KATA widgets, hover tooltips now display numbers with thousands separators. When displaying donut, gauge, or pie chart types, both the value and the ratio percentage are now shown.

  • [Plugins/Twitter] In the Twitter plugin, the connected account is now displayed when viewing a tweet. This makes it easier to tell which account is being used.

  • [Security/Logs] When fetching an external image through the server proxy, the remote HTTP response status code is now used rather than a 500 error. This cleans up logging on innocuous client errors like “404 Not Found”.

  • [Packages] When importing tickets from packages with the disable_events option enabled, activity log entries are no longer created for requesters imported on those tickets.


  • [Platform/PHP] Miscellaneous fixes for PHP 8.1+ syntax.

  • [UI/Autocomplete] Fixed a visual UI issue with chooser autocompletion menus (e.g. ticket owner, org, participants). The label and icon are now properly formatted and aligned.

  • [Storage/S3] Fixed an issue with HTTP/2 when using the S3 storage engine.

  • [Dashboards/Timeblocks] Fixed an issue with ‘Chart: Time Blocks’ widgets. The visualizations conflicted with other charts due to a mismatch in D3.js versions (v5 vs v7). The most noticable side effect was the hover tooltips not working on other charts. Timeblocks widgets now use a d3v7 namespace to avoid conflicts.

  • [Workspaces/Automations] Fixed an issue in the automation command where it wasn’t possible to search workspace_page records.

  • [UI] Fixed an issue with the pages menu (at the top of every page) where Cmd+Click or Win+Click no longer opened menu items in a new browser tab. Thanks to Flexibits for the bug report!

  • [Plugins/Twitter/UX] In the Twitter plugin, when viewing a tweet popup, the cursor is now properly placed at the end of the default text. Thanks to Flexibits for the bug report!


  • [Security/Attachments] By default, Cerb no longer attempts to display PDF documents in the browser from attachment cards. This can be explicitly allowed by setting APP_SECURITY_CSP_OBJECT_SRC to "'self'" in framework.config.php.

  • [Twitter/Security/CSP] In the Twitter plugin, user profile images are now fetched through the server-side privacy proxy. This avoids leaking worker details (IP/location) to the Twitter service. It also removes the need to add Twitter to the Content-Security-Policy hosts.