🚀 Fleetbase v0.7.30 — 2026-02-28

"Extension discovery, driver vehicle validation, and CLI search"

✨ Highlights

This release includes two bug fixes and one new feature: a corrected public extension discovery endpoint in the Registry Bridge, a driver vehicle validation patch in FleetOps, and a new flb search command in the Fleetbase CLI.

🔌 Registry Bridge — Public Extension Discovery

The public extensions listing endpoint (~registry/v1/extensions) has been corrected and hardened. A dedicated PublicRegistryExtension API resource now sanitizes the response, stripping all sensitive fields before they leave the server. The install_count aggregation has been fixed to use withCount('installs') and the incorrect author relationship has been replaced with the proper company relationship. The endpoint returns a clean, flat array.

🚛 FleetOps — Driver Vehicle Validation

A TypeError that occurred when creating a driver with a vehicle object sent from the frontend has been resolved. A new ResolvableVehicle validation rule accepts a public_id string (e.g., vehicle_abc123), a UUID string, or an object/array containing an id, public_id, or uuid key. Vehicle normalization has been added to both createRecord() and updateRecord() in DriverController so the correct vehicle UUID is always resolved before persistence.

🔍 Fleetbase CLI — Extension Search Command

A new flb search [query] command (alias: flb list-extensions) lets developers and administrators browse all available extensions directly from the terminal. Results are displayed in a formatted, colour-coded table showing the extension name, category, publisher, version, price, and supported install formats. Filtering options include --category, --free, --json, --simple, and --host.

✨ New Features

• [fleetbase-cli] Added flb search [query] command (alias: flb list-extensions) for browsing available extensions
• [fleetbase-cli] --category filter to narrow results by extension category
• [fleetbase-cli] --free flag to list only free extensions
• [fleetbase-cli] --json flag for machine-readable JSON output
• [fleetbase-cli] --simple flag for plain-text terminal output
• [fleetbase-cli] --host option to target self-hosted registry instances

🐛 Bug Fixes

FleetOps

• [fleetops] Fixed TypeError when creating a driver with a vehicle object sent from the frontend
• [fleetops] Added ResolvableVehicle validation rule accepting public_id, UUID, or object with id/public_id/uuid
• [fleetops] Added vehicle normalization in DriverController::createRecord() and updateRecord()

Registry Bridge

• [registry-bridge] Fixed install_count column error by switching to withCount('installs') eager load
• [registry-bridge] Removed incorrect author relationship; replaced with correct company relationship
• [registry-bridge] Removed sensitive data (internal UUIDs, Stripe IDs, private relationships) from public endpoint response
• [registry-bridge] Public extensions endpoint now returns a plain array without a wrapping key

🔧 Improvements

• [fleetbase-cli] Price display correctly converts cents to dollars in search results
• [fleetbase-cli] Search results show both install formats: flb install fleetbase/<slug> and flb install <extension_id>
• [registry-bridge] Extension listing response is a clean, flat array for easier consumption by CLI and third-party tools

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

📦 Component Versions

• fleetops: v0.6.37
• registry-bridge: v0.1.7
• fleetbase-cli: v0.0.5

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.29 — 2026-02-27

"Major security enhancements, analytics tracking, developer tools, and UX improvements"

✨ Highlights

This release brings critical security patches, comprehensive analytics event tracking across the platform, enhanced developer account management for the extension marketplace, and several user experience improvements including accurate geolocation detection.

🔒 Security Enhancements

Fleetbase v0.7.29 includes critical security fixes that strengthen tenant isolation and prevent unauthorized access. The core-api has been patched to address a systemic tenant isolation vulnerability (GHSA-3wj9-hh56-7fw7) with the introduction of a CompanyScope global scope that enforces proper tenant boundaries. Additional security improvements include removal of hardcoded authentication bypasses, enforcement of strong password policies across all validators, and prevention of user enumeration in login flows. Cross-tenant IDOR vulnerabilities have been resolved with company-scoped authorization checks throughout the API.

📊 Analytics & Event Tracking

A comprehensive events service has been added to ember-core, providing centralized analytics tracking across all core services. The system emits both generic events (e.g., resource.created) and specific events (e.g., order.created) using a standardized dot notation naming convention. Event tracking has been integrated into CRUD operations (create, update, delete, bulk actions, import, export) and resource actions across the platform. In FleetOps, 30 controllers now emit analytics events, and import operations return accurate counts of imported records. The dual event system fires on both the events service and universe service, enabling cross-engine communication for analytics integrations like PostHog.

🛠️ Developer Tools & Marketplace

The registry-bridge now supports Registry Developer Accounts for self-hosted instances, enabling developers to publish and monetize extensions through a centralized marketplace. The Universal Extension Marketplace backend provides a public extension listing endpoint with 15-minute caching for performance. Stripe Connect account management has been added, allowing developers to update bank account details after initial onboarding. The fleetbase-cli has been significantly enhanced with new commands including flb register for developer account registration, flb verify for email verification, flb resend-verification for expired codes, and flb install-fleetbase for Docker-based installation with automatic repository cloning.

🌍 Geolocation & UX Improvements

A critical bug affecting user onboarding has been fixed where the system was displaying the server's location instead of the user's actual location. The ember-core now implements frontend IP lookup using multiple geolocation APIs (geoiplookup.io and ipapi.co) with automatic fallback support and localStorage caching. The phone-input component in ember-ui has been updated to use this frontend IP lookup, ensuring accurate country code detection for phone number formatting. The IAM engine now features tabbed user type sections in the users management interface for better organization.

📈 Reporting & Data Access

FleetOps now exposes the meta column and Transaction relationships in the Orders report schema, enabling users to query and report on order metadata, custom fields, and financial data including transaction amounts, line items, and aggregates. This resolves a significant limitation where critical financial data was previously inaccessible in reports.

🌐 Internationalization

Support for KZT (Kazakhstani Tenge) currency has been added across both core-api and ember-ui, expanding Fleetbase's international capabilities.

🔐 Security Fixes

• [core-api] Patched critical tenant isolation vulnerability (GHSA-3wj9-hh56-7fw7) with CompanyScope global scope
• [core-api] Removed hardcoded SMS auth bypass code, replaced with environment-driven bypass for non-production
• [core-api] Fixed cross-tenant IDOR vulnerabilities with company-scoped authorization
• [core-api] Enforced strong password policy across all validators
• [core-api] Prevented user enumeration in login flow
• [core-api] Restored authToken re-authentication with identity verification

✨ New Features

Analytics & Tracking

• [ember-core] Added centralized events service for analytics tracking across all core services
• [ember-core] Event tracking in CRUD service (create, update, delete, bulk actions, import, export)
• [ember-core] Dual event system (fires on both events service and universe service)
• [fleetops] Added event tracking to 30 FleetOps controllers for event tracking
• [fleetops] Import operations now return count of imported records in response

Developer Tools

• [registry-bridge] Registry Developer Account support for self-hosted instances
• [registry-bridge] Universal Extension Marketplace backend with public extension listing endpoint
• [registry-bridge] Stripe Connect account management for bank account updates
• [registry-bridge] Email verification for developer accounts using VerificationCode model
• [registry-bridge] Automatic registry token generation upon email verification
• [fleetbase-cli] Added flb register command for Registry Developer Account registration
• [fleetbase-cli] Added flb verify command for email verification
• [fleetbase-cli] Added flb resend-verification command to request new verification codes
• [fleetbase-cli] Added flb install-fleetbase command for Docker-based installation
• [fleetbase-cli] Auto-clone Fleetbase repository if not present during installation
• [fleetbase-cli] Support for --host parameter to work with self-hosted instances

Reporting & Data

• [fleetops] Exposed meta column and Transaction relationships in Orders report schema for financial reporting
• [core-api] User cache now includes updated_at timestamp for automatic cache busting

UI/UX

• [iam-engine] Added tabbed user type sections to users management interface
• [iam-engine] Enhanced edit user interface with better validation and error handling

Internationalization

• [core-api] Added KZT (Kazakhstani Tenge) currency support
• [ember-ui] Added support for KZT currency

🐛 Bug Fixes

Geolocation

• [ember-core] Implemented frontend IP lookup to get accurate user location (fixes onboarding showing server location)
• [ember-core] Added lookup-user-ip utility with multi-API fallback support (geoiplookup.io and ipapi.co)
• [ember-core] localStorage caching for IP lookup results (1 hour TTL)
• [ember-core] Graceful fallback to browser timezone when geolocation APIs fail
• [ember-ui] Updated phone-input component to use frontend IP lookup (fixes incorrect country code detection)
• [ember-ui] Phone input now always initializes with US fallback if geolocation fails

Core Fixes

• [core-api] Verification codes now default to 'pending' status
• [core-api] Fixed verification email HTML rendering (button component)
• [core-api] Prevented empty email/phone on user update
• [core-api] Resolved camelCase expansion methods from snake_case query params in Filter
• [fleetops] Prevented duplicate driver creation when user_uuid already has a driver profile
• [registry-bridge] Made developer account registration routes public (no auth required)
• [registry-bridge] Polymorphic purchaser relationship for extension purchases (supports both Company and RegistryDeveloperAccount)

🔧 Improvements

• [fleetops] Moved avatar management to FleetOps settings
• [ember-ui] Faster phone input lookup (1 network hop vs 2, no backend dependency)
• [fleetbase-cli] Better error handling and debugging for all commands
• [fleetbase-cli] Skip interactive prompts when command-line options are provided
• [ember-core] Standardized event naming with dot notation (e.g., resource.created, order.created)

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

📦 Component Versions

• core-api: v1.6.36
• fleetops: v0.6.36
• registry-bridge: v0.1.6
• iam-engine: v0.1.7
• ember-core: v0.3.11, v0.3.12
• ember-ui: v0.3.20, v0.3.21
• fleetbase-cli: v0.0.4

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.28 — 2026-02-05

"Critical patch: eager load driver and vehicle in consumable orders query API"

✨ Highlights

• Critical patch which fixes eager loading relationship when querying orders via the consumable API, this is done to handle the new whenLoaded resource conditional methods. fleetbase/fleetops#203

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.27 — 2026-02-05

"Improvements and patches"

✨ Highlights

• Core now supports disabling cache in runtime for HasApiModelCache x HasApiModelBehavior
• Added new FileResolverService to support file resolution from file resources, URL's, base64, and file uploads 190c03d
• VerificationCode model in core always throws SMS exceptions
• FleetOps: Patched proof of delivery component in order details
• FleetOps: Improved and patched service rate getServicableForPlaces which improved service quote performance
• FleetOps: Fix location GeoJSON Point casting for location properties - using the new Utils::castPoint utility 208151f
• Storefront: Critical patch for QPay checkout workflow storefront#66
• Storefront: Added new phone number verification endpoints for customers (request-phone-verification and verify-phone-number)
• Storefront: Fixed cart based service quotes

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.26 — 2025-01-16

"Improved Driver Validation + API improvements"

✨ Highlights

• Improved driver creation validation for internal API
• Vehicle and Driver API use explicit ::create method now
• Improved onboarding orchestrator framework and services for history and resume capability
• Upgraded Stripe SDK to v17

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.25 — 2025-12-29

"New SMS service to support multiple SMS providers + framework improvements"

✨ Highlights

• Removed window.Fleetbase for improved frontend security
• Improved query optimizations
• Added new SMS service to support multiple SMS providers

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.24 — 2025-12-21

"Critical core-api patches for cache key generation"

✨ Highlights

Bug Fixes

• Fixed cache key collision bug - Different filter parameters (e.g., type=customer vs type=contact) now generate unique cache keys instead of returning wrong cached results
• Fixed BadMethodCallException - Models without soft deletes (like Permission) no longer crash when calling getDeletedAtColumn()

Improvements

• Added caching to Permission model - Permission queries now benefit from Redis caching for improved performance

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.23 — 2025-12-19

"🤯 Insane optimization and performance upgrades + horizontal scaling support 🚀"

✨ Highlights

• Major performance and optimization improvements which support horizontal scaling
• Ability to resize images on upload using resize parameters
• Several patches in FleetOps - fixed service rates and missing translations, improvements and patch to scheduler
• Added a new LanguageService available in ember-core
• Minor @fleetbase/ember-ui improvements

New Features

• Improved API performance with two-layer caching system (Redis + ETag validation) for user and organization data
• Reduced bandwidth usage with automatic HTTP 304 Not Modified responses via new ValidateETag middleware
• Faster page loads with intelligent cache invalidation that updates immediately when data changes
• New UserCacheService class for centralized cache management across the application
• Image resizing support for dynamic image dimensions via URL parameters
• Added ApiModelCache class - Provides intelligent Redis-based caching for API query results with automatic invalidation
• Added HasApiModelCache trait - Enables models to cache query results with a single method call

Performance Improvements

• Optimized form data syncing to eliminate N+1 query problems, reducing database queries from N to 2 for relationship syncing
• Implemented cache stampede prevention to handle high concurrent load efficiently
• Added cache versioning system for automatic invalidation when data changes

Developer Experience

• Added X-Cache-Status header to API responses for easy cache debugging (HIT/MISS visibility)
• Automatic multi-tenant cache key generation for company-scoped data isolation
• Graceful fallback to direct queries when cache is unavailable

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.22 — 2025-12-07

"Organizations can now set their own alpha-numeric sender ID for SMS"

✨ Highlights

• Custom Alphanumeric Sender ID for SMS:
  Organizations can now configure their own Alphanumeric Sender ID used when sending verification codes and other SMS notifications.
  This feature improves brand recognition, enhances trust, and aligns outbound communication with each organization’s identity.
  Supported in regions/carriers where alphanumeric senders are allowed (e.g., Mongolia and others).

⚠️ Breaking Changes

• None 🙂

🔧 Upgrade Steps

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord

🚀 Fleetbase v0.7.21 — 2025-12-06

"5x faster css compiling and flawless builds."

✨ Highlights

🔧 Critical Production Build Fix

This release resolves a critical issue that prevented production builds from succeeding when using ember-ui in Ember Engines environments. All Fleetbase applications and engines should upgrade immediately.

What was broken:
Production builds were failing with "Broken @import declaration" errors during CSS minification. Development builds worked fine, but production deployments were completely blocked.

What we fixed:
Implemented a proper architectural solution that prevents Ember Engines from attempting to recompile ember-ui styles. The addon now correctly detects when it's being included by an engine and blocks both the style tree distribution and PostCSS configuration override.

The impact:

• ✅ Production builds now succeed without CSS import errors
• ✅ 5x faster builds — CSS is compiled once in the host app instead of being reprocessed by each engine
• ✅ 4x smaller bundles — Eliminated CSS duplication across engine vendor files (reduced from ~3MB to ~750KB in typical setups)
• ✅ Consistent styling — All engines now use the same compiled CSS from the host application

Technical details:
The fix adds engine detection to both the treeForStyles and included hooks, ensuring that ember-ui styles are compiled exclusively in the host application and inherited by all engines. This follows the proper Ember Engines architecture pattern for shared addon styles.

⚠️ Breaking Changes

• None — This is a fully backward-compatible patch that only changes internal build behavior

🔧 Upgrade Steps

For System

# Pull latest version
git pull origin main --no-rebase

# Update docker
docker compose pull
docker compose down && docker compose up -d

# Run deploy script
docker compose exec application bash -c "./deploy.sh"

For Extension Developers

# Update ember-ui
pnpm upgrade @fleetbase/ember-ui@^0.3.14 @fleetbase/ember-core@^0.3.8

# Reinstall dependencies
pnpm install

Verification

# Verify production build succeeds
pnpm build --environment production

# Check bundle sizes (should see significant reduction)
ls -lh dist/assets/vendor*.css
ls -lh dist/engines-dist/*/assets/engine-vendor*.css

📦 What Changed

Fixed

• Critical: Production build failures in Ember Engines environments with "Broken @import declaration" errors
• CSS duplication across engine bundles causing bloated file sizes
• PostCSS configuration conflicts between host app and engines

Changed

• Added treeForStyles hook with engine detection to prevent style tree distribution to engines
• Added engine detection guard in included hook to prevent postcssOptions override
• Improved CSS import path resolution in PostCSS configuration

Performance

• Reduced build time by 5x through single CSS compilation
• Reduced total CSS bundle size by 4x through elimination of duplication
• Improved caching efficiency with shared vendor.css

Need help?

Join the discussion on GitHub Discussions or drop by #fleetbase on Discord