Back ||
v2026.3.0

March 31st 2026

Release Notes - v2026.3.0

Cloud for Organizations, Admin Dashboard Improvements, Security Patches and more! 🚀

New Features
Improvements

Highlights

  • Cloud for Organizations: Cloud for Organizations is now generally available on the desktop app — connect your org workspaces and collaborate with your team natively from the desktop.



  • Admin Dashboard Improvements: Admins can now view user workspace memberships directly from the dashboard, making access audits and permission management faster and more transparent.



  • Security Patches: We’ve addressed multiple vulnerabilities — including XSS in tooltips and mock server responses, open redirects, and device-login redirect URI validation — and hardened the production image with dependency updates. Several additional issues were identified and patched as part of a broader security audit.



  • Keyboard Shortcuts on Non-English Layouts: Shortcuts now work correctly regardless of your keyboard layout, including numpad support for tab navigation.



  • Smarter OpenAPI Imports: When an OpenAPI operation lacks a summary, Hoppscotch now falls back to the operation title so your imported requests have meaningful names.



This update includes new features and important security fixes. Your data will be backed up automatically. If needed, see Downgrading and Restoring Backups.


👉 Read the full release blog


Added
  • Cloud for Organizations is now generally available on the desktop app
  • View user workspace memberships in the admin dashboard
  • Native Edit menu on Linux desktop for clipboard shortcuts
Fixed
  • Prevented stored XSS in team member overflow tooltip
  • Prevented stored XSS via mock server responses and cross-site payloads
  • Prevented open redirect on the enter page
  • Validated device-login redirect URI to prevent token theft via DNS rebinding
  • OAuth2 code challenge method selection now persists correctly
  • Keyboard shortcuts now work on non-English keyboard layouts
  • Restored numpad support for first/last tab shortcuts
  • Fixed infinite auth refresh retry loop on permanent token errors
  • Full team collection tree is now fetched on workspace import
  • Restored tooltips on icon-only buttons inside popover triggers
  • Operation title used as fallback name in OpenAPI imports
  • File objects in HAR postData text are now handled correctly
  • Newly created folders now appear in the save-as dialog
  • Fixed missing field and translateToNewRequest for history
  • Updated dependencies to address security vulnerabilities and hardened production image
  • Updated Chinese translations