Rallly - Package Updates
-
[2.5.3]
- Update rallly to 4.5.6
- Full Changelog
- Patched vulnerability where participant data is exposed through the API even when option to hide the participant list is enabled.
-
[2.5.4]
- Update rallly to 4.5.7
- Full Changelog
- This is a critical security update that upgrades Next.js to address CVE-2025-66478. We strongly recommend all users upgrade to this version immediately.
-
[2.5.5]
- Update rallly to 4.5.8
- Full Changelog
- This release includes updates to dependencies, adds missing translations and fixes a bug where emails for scheduled events are not delivered to a participant's email address.
-
[2.5.6]
- Update rallly to 4.5.9
- Full Changelog
- This release fixes an issue where participants are not able to edit their response using the link they receive in their confirmation email when their session is expired or they are not logged in.
-
[2.5.7]
- Update rallly to 4.5.10
- Full Changelog
- This release includes important security updates to address vulnerabilities in React Server Components (RSC) protocol.
- We've updated Next.js and React to fix two additional vulnerabilities (CVE-2025-55183, CVE-2025-55184) that were discovered while security researchers examined the patches for React2Shell.
- Important: Neither of these new issues allow for Remote Code Execution. The patch for React2Shell remains fully effective.
- These vulnerabilities originate in the upstream React implementation. This release addresses the downstream impact on Next.js applications using the App Router.
- For full details, see the React blog post.
- All users are strongly encouraged to update to v4.5.10 as soon as possible to ensure they are protected against these vulnerabilities.
-
[2.5.8]
- Update rallly to 4.5.11
- Full Changelog
-
[2.5.9]
- Update rallly to 4.5.12
- Full Changelog
- Fixed an issue where some Microsoft users couldn't log in after signing up with an older version of the app
- Fixed an issue where users with invalid/expired sessions were not able to access the login screen
- Update translations
-
[2.5.10]
- Update rallly to 4.5.13
- Full Changelog
- This release contains updates to upstream dependencies that include important security fixes. Please update to this version as soon as possible.
-
[2.5.11]
- Update rallly to 4.5.14
- Full Changelog
- Fixed an issue where anonymous users were incorrectly included in the total user count and displayed in the control panel.
-
[2.6.0]
- Update rallly to 4.6.1
- Full Changelog
- This patch fixes an issue where the edit link that is emailed to participants would expire, preventing them from making changes to their response.
- Full dark mode support across the entire application. Users can switch between light, dark, or system themes from their preferences.
- Customize your Rallly instance with your own branding. Available as an add-on for Enterprise license holders. Learn more.
- Custom application name
- Custom primary colors (light and dark mode)
- Custom logos
- Option to hide "Powered by Rallly" attribution
- Participant avatars now automatically display Gravatar images when available.
- Various performance improvements, UI refinements, and bug fixes throughout the application.
-
[2.6.1]
- Update rallly to 4.6.2
- Full Changelog
- This patch fixes a client-side crash that occurred when accessing the profile and general settings pages.
