Release announcements, helpful tips, and community discussion


Cerb (9.5.1) is a maintenance update released on March 13, 2020. It includes 20 minor features and fixes from community feedback covering the 9.5 update. You can follow these instructions to upgrade.

  • [Records/Knowledgebase/API] Fixed an issue where the content key of knowledgebase article records had its URLs rewritten for the worker scope. This interfered with API usage.

  • [Bots/Behaviors] Fixed an issue with drag re-ordering decision tree nodes in bot behaviors.

  • [Mail/Compose/Snippets] Fixed an issue with inserting snippets in the mail compose popup.

  • [Platform/Login] Unsupported browsers (e.g. Microsoft Internet Explorer) are now prevented from continuing on the login form. [#1236]

  • [Data Queries] Fixed an issue in the data query tester where type:worklist.subtotals queries returned an error when there was no data.

  • [Data Queries] Fixed an issue in type:worklist.subtotals data queries when using format:dictionaries. If one of the by: columns was virtual (e.g. actor or target in activity log worklists) the record name and ID wasn’t displayed in the output.

  • [Mail/HTML/Allowlist] Fixed an issue with the links allowlist in HTML email. If the URL lacked a path or trailing slash, it never matched the allowlist.

  • [Mail/HTML/Links] Fixed an issue with the anti-phishing confirmation popup in Firefox when clicking links in HTML email.

  • [Security/Login] Fixed an open redirect on the login form. Outside of OAuth, a successful login now only redirects to paths within Cerb.

  • [Mail/Compose/Reply] Fixed an issue when composing/replying that prevented #attach from suggesting the names of file bundles. [#1232]

  • [Records/File Bundles] On file bundle worklists, added a usableBy.worker: filter.

  • [Mail/Templates] Fixed an issue with uploading images on mail template editors.

  • [Worklists/Tickets/UX] On ticket worklists, dismissing the yellow ‘undo’ banner no longer refreshes the list.

  • [Records/Roles/Custom Fields] When editing role records, custom fields are now managed above the itemized permissions. This saves the hassle of having to scroll down several pages to make changes.

  • [Mail/HTML/Images/Security] When displaying HTML email, the image proxy may now be configured to cryptographically sign the URLs it creates. The built-in image proxy is only usable by worker accounts; but this is necessary if a third-party proxy handles these requests.

  • [Bots/Behaviors] Bot behaviors can now use ‘Record ID’ variables as ‘On:’ targets. This simplifies actions like ‘Run behavior’ and ‘Schedule behavior’. [#1220]

  • [Platform/Popups/UX] Improved the usability of popups by opening them immediately and showing a spinner until the content is loaded. Previously, the popup didn’t open until the content was ready, which on slow connections could give the impression nothing was happening.

  • [Setup/Workers] In Setup->Security->Authentication, it’s now possible to set defaults for “Disable password-based authentication” and “Require multi-factor authentication” when creating new worker accounts. This makes it easier to enforce security policies.

  • [Platform/Popups/UX] When popups encounter an error during loading (e.g. not found, forbidden, unauthenticated), they now display an error message. Previously, the popup was just blank.

  • [Setup/Security/UX] In Setup, security-related settings have moved into a new ‘Security’ top-level menu.