Release notes for Canopy 3.10

Upgrading steps.

3.10.5 (2024-04-26)

This is a minor patch release addressing a small regression introduced in the previous release (3.10.4).

Users which had conditionals in their reports that check for empty elements may have been affected.

This would also have visually affected how null values are represented in reports.


  • [CAN-3531] Report XML contains “None” string values instead of empty strings/elements where it previously did not

  • [CAN-3532] Frontend validation on project creation view did not report field errors in toast notification

3.10.4 (2024-04-19)

This patch release addresses a number of bugs. Upgrading is recommended.

The patch release also introduces text patterns. These allow for quicker formatting of content, without the need to use the toolbar. The following text patterns are currently supported:

  • Italic is supported by wrapping text in single *

  • Bold is supported by wrapping text in double **

  • Unordered lists can be inserted by adding a * or - followed by text and a new line

  • Ordered lists (numeric and lower-roman) can be inserted by adding a 1. or a i. followed by text and a new line


  • [CAN-3514] Null and control characters break XML and XLSX generation

  • [CAN-3515] Too many open files errors

  • [CAN-3518] Field configuration endpoints generate too many queries

  • [CAN-3519] Comments view does not handle “wide” content correctly

  • [CAN-3520] Report view project description field missing

  • [CAN-3521] Finding’s Insert Images modal lists non-image files

  • [CAN-3523] Phase uploads from pasted images have the same name

  • [CAN-3524] React bundle gets cached by browser across updates

  • [CAN-3525] Phase uploads of xlsx files that aren’t Canopy XLSX files result in a processing error

  • [CAN-3527] Comment notification sometimes fails on invalid anchor tags

  • [CAN-3528] XLSX parser doesn’t handle checkbox fields

  • [CAN-3529] Activity log renders comments as bare html

New Feature

  • [CAN-3526] Text pattern support in rich text fields

3.10.3 (2024-02-23)

The patch release addresses a few minor bugs and upgrading is recommended.


  • [CAN-3494] Some UI components sometimes fail with “Maximum update depth exceeded”

  • [CAN-3501] Tool importer removes anchor tags

  • [CAN-3502] Remote User authentication fails when creating users

  • [CAN-3503] Frontend exception occurs when editing cvss3 field without cvss version string

  • [CAN-3505] Missing distribution list in SoW XML

  • [CAN-3507] Upgrading is very slow during Version Foreign key cache generation step

  • [CAN-3508] Correct sorting order of findings where cvss scores were reversed


  • [CAN-3510] Examples are set to output in reports by default

3.10.2 (2023-12-20)

The patch release addresses a number of bugs introduced during front-end improvements that were made in 3.10. Upgrading is recommended.

This patch release also contains a schema migration. However, it only affects Oracle users.


  • [CAN-3490] Existing examples cannot be saved

  • [CAN-3491] Field configurations are not applied to finding view

  • [CAN-3492] custom_rating_sum field type change fails on Oracle

  • [CAN-3493] Missing translations from new finding view

  • [CAN-3496] Comments cannot be resolved as tech managers

3.10.1 (2023-12-07)

Canopy 3.10.1 is a patch release that incorporates the changes from Canopy 3.9.3, see Release notes for Canopy 3.9. Upgrading is recommended.

Canopy 3.9.3 had two notable changes:

  • XLSX templates preserve existing formulas

  • Project/Phase/Report deletion was removed from their list views. Deletion is of those objects are now only possible via their primary views.

Additionally, the following Canopy 3.10.x specific issue was also addressed:


  • [CAN-3486] Pastes are reverted in Rich Text elements

3.10.0 (2023-11-10)

Canopy 3.10.0 is a small feature release.

We are continuing our theme of improvements around QA and collaboration. This release sees the addition of Threaded Commenting. Threaded comments allows users to have a conversation, rather than simply leaving one-off comments. This will help improve the QA process on teams.

Canopy’s installation process now offers the creation of the initial admin user via the UI. This is another step in making the onboarding process simpler for new Canopy deployments. Existing users will not be affected by this change.

We have also added improved health checks for the /health endpoint. The default config values are:



These can be overridden in /etc/canopy/canopy.ini if required.

We changed the custom_rating_sum field to support decimal values, this might improve the sorting accuracy for clients using custom rating systems.


  • [CAN-3429] Threaded commenting


  • [CAN-3330] Integrate forked marrow mailer

  • [CAN-3461] Expand health endpoint checks to include disk space and free memory


  • [CAN-3203] History endpoint fails on invalid custom_rating_sum values

  • [CAN-3426] Non-nullable fields with blank=True bypass initial validation

  • [CAN-3478] Download template fails under report templates


  • [CAN-3435] Allow the user to create an admin user via the UI if no users exist.

Older releases