We're excited to announce the release of Hoppscotch v2026.3.0! This update makes Cloud for Organizations generally available on the desktop app, ships admin dashboard improvements, delivers important security patches, and includes a bunch of quality-of-life fixes.

Cloud for Organizations

Cloud for Organizations is now generally available on the desktop app. Connect your org workspaces and collaborate with your team on collections, environments and requests — natively from the desktop, with full cloud sync.

Get the latest version →

Admin Dashboard Improvements

Admins on the Enterprise Edition can now see exactly which workspaces each user belongs to, right from the admin dashboard. This makes it significantly easier to audit access, troubleshoot permission issues, and manage your organization at scale.

Security Patches

Security was a major focus in this release. We've addressed multiple vulnerabilities reported through our security process:

• Prevented stored XSS in team member overflow tooltips and mock server responses.
• Blocked open redirect on the enter page.
• Validated device-login redirect URIs to prevent token theft via DNS rebinding.
• Patched dependency vulnerabilities and hardened the production Docker image.

Several additional issues were identified and patched as part of a broader security audit to keep your data and your team's data safe.

Keyboard Shortcuts on Non-English Layouts

Keyboard shortcuts now work correctly regardless of your keyboard layout. Whether you're using an AZERTY, QWERTZ, or any other non-QWERTY layout, shortcuts will fire as expected. We've also restored numpad support for first/last tab navigation.

Bug Fixes and Improvements

We've also squashed a bunch of bugs and polished up the experience:

• OAuth2 code challenge method selection now persists correctly across sessions.
• Fixed an infinite auth refresh retry loop that could occur on permanent token errors.
• Full team collection tree is now fetched when importing a workspace, so nothing gets left behind.
• Tooltips on icon-only buttons inside popover triggers are back to working as expected.
• OpenAPI imports now fall back to the operation title when a summary isn't available, giving your requests meaningful names.
• File objects in HAR postData text are now resolved correctly.
• Newly created folders now appear immediately in the save-as dialog.
• Added native Edit menu on Linux desktop to enable clipboard shortcuts.
• Configurable TLS skip and optional SMTP authentication for self-hosted mailer.
• Updated Chinese translations.

What do you want us to build next? Write to us at hello@hoppscotch.io, join the conversation on our Discord server, or head over to our GitHub repository.