Release Notes
v4.0.3 - April 27, 2026
Stronger project security, more reliable development experience, and smarter Dev Assist support.
What improved
- Stronger access controls — project ownership is verified on every API call to prevent unauthorized access to your data.
- Better authentication for admin actions, with stricter checks for platform-level controls.
- Safer file handling for ZIP uploads and extractions, preventing unsafe files from impacting your environment.
- Secure third-party API access — integrations (such as SAP) only reach intended servers and cannot probe internal networks.
- Smarter rate limiting to handle traffic spikes without affecting app responsiveness.
- Improved browser-level security with hardened security headers (HSTS, CSP, XSS protection) across QwikBuild sites.
- More stable real-time chat and streaming responses, even during long operations.
- Safer workspace cleanup so stale files no longer interfere with new builds.
- More resilient database handling so issues in one request do not affect others.
- Attachment uploads only accept safe sources, preventing malicious links.
- Support ticket replies now include transaction IDs for easier tracking and resolution.
Why this matters
- Your projects, data, and admin controls are better protected by default.
- Day-to-day development feels more reliable with fewer disconnects and mysterious errors.
- Dev Assist tickets are easier to follow and resolve with consistent transaction tracking.
Recommended action
- Review your project access and integration setup to confirm everything is using the latest secure flow.
- If you previously hit chat disconnects or stale workspace issues, retry — these flows are now more stable.
- Include the transaction ID from ticket replies when following up with Dev Assist.
