May 2026 (version 2.26.05.07)

reviewed: 7 May 2026

📦 Summary

This release introduces a new function for string parsing, adds alias support for BO updates/deletes, and includes critical security and stability fixes.

🔐 Security

Resolved a high-severity security vulnerability affecting the core framework. This update addresses a critical issue that could potentially impact access control under specific conditions.

We strongly recommend all users upgrade immediately to ensure their systems remain secure.

🚀 New Features

String Splitting

New split() function allows developers to divide strings into property bags based on a delimiter.

// Split a comma-separated string
set('items', split('foo,bar,baz', ','))

// Result:
// <
//     "foo", 
//     "bar", 
//     "baz"
// >

🐞 Fixes

Alias Support for BO Updates and Deletes

Business Objects can now be updated and deleted when using aliases. Previously, attempting to modify or delete entities accessed via an alias would generate invalid SQL.

Grep Functions Pattern Resolution

Fixed a bug in grep() and cGrep() where the regular expression pattern was incorrectly constructed from the input string instead of the pattern parameter. Previously, calling grep("hello world", "hello") would treat "hello world" as the regex pattern rather than searching for "hello" within it.

Checklist Refine Clone Option

Fixed an issue where the checklist refine operation did not always respect the clone option, causing non-cloned pointers to a fixed business object to be lost during refinement.