Mockoon release v9.4.0

2025-10-31

Welcome to this new release of Mockoon. It brings many improvements among which: revamped OpenAPI import, support for OpenAPI in the web application, improved cloud logs in the desktop application, new plural request helpers, and many more. Read on to learn more about this release.

 Support us!

Mockoon is proudly independent and open-source, maintained without external funding. We rely on both sponsorships and Mockoon Cloud subscriptions to keep improving the project and building new features. A big thank you to the companies below for supporting our work and helping us grow (and all the sponsors who helped this project over time!):

GitHub Localazy Lambdatest

If you'd like to support Mockoon as well, you can become a sponsor or subscribe to Mockoon Cloud, every contribution helps keep the project alive and evolving. Thank you!

sponsor button

subscribe to cloud button

 Cloud

 OpenAPI import (and export) in the web application

The web application now supports OpenAPI imports and exports. We took the opportunity to refactor the import/export code to share it between the desktop and web applications. It also offers a better experience, letting users import specifications from a URL, file or clipboard, and shows a preview of the specification before importing it.

view of the OpenAPI import in the web application

The new import options are available in the "New environment" menus, and in the command palette (Ctrl/Cmd + P). The OpenAPI export option is available in the command palette and lets the user export in both JSON and YAML formats.

menu entry for the OpenAPI import in the web application

(Issue #1821)

 Cloud logs in the desktop application and logs replay

In the desktop application, it is now possible to view both the local and cloud log entries, and to filter them accordingly. (Issue #1808)

In both the desktop and web applications, cloud logs are now reloaded when reopening the application or reloading the web page. Previously, the applications only supported a "live" view of the cloud instance logs as they were created. They were lost after an application or page reload. (Issue #1807)

view of the desktop application logs tab

 Deployment of local mocks to the Cloud

We removed the possibility to deploy local mocks to a Cloud instance. While we like to offer more flexibility, this feature was barely used and maintaining it was adding unnecessary complexity to the codebase, especially when performing maintenance operations on our servers. To help with the transition, we added a new command in the command palette (Ctrl/Cmd + P) to "Convert a local environment to cloud". This command will create a new cloud mock from the selected local environment, preserving all its data, and linking it to a running Cloud instance.

(Issue #1818)

 Web application improvements

  • JSON export (in Mockoon format) of cloud mocks is now supported in the web application through file download or clipboard copy. Both options are available from the command palette. (Issue #1848)
  • The web application is now outputting logs to the browser console when the developer tools are open. This should help troubleshoot issues with the web application. (Issue #1846)

 Audit trail

The audit trail is now available in your Mockoon Cloud dashboard. You can access it from the "Audit Trail" link in the sidebar. It currently logs important team and account events, such as account upgrades, team member invitations or removal. The audit trail will be expanded in future releases to include resource changes such as environment deployments, configuration changes, etc.

Learn more about the audit trail in our documentation.

 OpenAPI support

  • The OpenAPI import UI was revamped in the desktop and web applications. It is now possible to import OpenAPI specifications from a URL, a file, or the clipboard. A preview of the specification is shown before importing it (see OpenAPI import in the web application above). (Issue #1821)
  • We fixed how allOf properties are handled during OpenAPI import. It is now correctly merging the various schema sources instead of parsing the first one only. (Issue #1390)
  • Endpoints generated by CRUD routes are now included in the OpenAPI export. (Issue #1428)

 New plural request helpers

Multiple new request template helpers were added:

  • headers: returns a key/value object containing all request headers.
  • urlParams: returns a key/value object containing all route parameters.
  • queryParams: returns a key/value object containing all query parameters.

These helpers can be used to easily enumerate, filter, transform, these objects. Some examples:

Copy
{{#each (headers)}}
  {{@key}}:{{this}}
{{/each}}

{{#if (lookup (urlParams) 'userId')}}
  User ID provided:
  {{lookup (urlParams) 'userId'}}
{{/if}}

{{#each (queryParams)}}
  {{@key}}:{{this}}
{{/each}}

(Issue #1827)

 New CLI --format flag for the export command

As part of the OpenAPI import/export revamp, a --format json|yaml option was added to the CLI's export command to specify the export format.

(Issue #1821)

 UI improvement

We added a new link in the logs request tab to navigate to the route response which caught the request.

view of the new button to navigate from the logs

(Issue #1794)

 Improvements

  • We added support for Zstandard compressed payloads in proxied requests. Before, responses from a proxied endpoint supporting zstd were shown in their compressed format. Now, Mockoon will show them uncompressed in the logs tab and admin API /logs endpoint. This is supported in the desktop and web applications, and in the CLI/libraries, as long as the host environment uses Node.js v22 or higher. (Issue #1577)
  • The resizeable panes in the application where fixed to avoid issues when a scrollbar was present. (Issue #1825)
  • More zoom levels were added to the desktop application (up to 160% instead of 130%). (Issue #1842)
  • Yaml mime types were added to the list of suggested header values. (Issue #1843)
  • The duplicate route warning was improved to take into account the "all methods" option, the fallback mode, and possible overlap between CRUD and HTTP routes. (Issue #1902)

 Fixes

  • The status template helper is now correctly validating its input instead of causing internal server errors when provided with invalid status codes. (Issue #1840)
  • Fix proxied requests hanging when a Expect: 100-continue header is present. (Issue #1126)
  • We updated Electron to the latest version. This should fix several issues, notably a bug with GTK on Linux. (Issue #1812)
  • Links to the documentation were fixed in the demo API environment. (Issue #1839)

 Chores

  • We updated the libraries and applications dependencies to their latest versions to fix many vulnerabilities. (Issue #1824)
  • We removed the monorepo dependency on Lerna and switched to NPM workspaces. We recommend contributors to remove all the node_modules folders and reinstall the dependencies using npm install (at the root of the repository). All the relevant scripts and documentation have been updated accordingly. (Issue #1888)

 Distribution/security

  • Following the publication of a GitHub Security Advisory earlier this year regarding a path traversal vulnerability in the desktop and libraries for versions prior to 9.2.0, we requested a CVE. Read more about this vulnerability and how to mitigate it in our blog post.
  • We updated our release pipelines to use NPM trusted publishing instead of tokens, to reduce the risk of supply chain attacks. (Issue #1878)
  • SBOM are now generated (SPDX format) for all Mockoon applications and libraries and published alongside the releases. (Issue #1850)
  • All our repositories Actions workflows were update to the new permissions model. We also pinned all the actions to their most recent versions and enabled dependabot auto updates for them.

 Thank you

A big thank you to the following people who helped to make Mockoon better: