Mockoon release v9.2.0
2025-03-12
Welcome to this new release of Mockoon. It brings many improvements among which the route response filter, a recently opened environments list, admin API improvements, and many more fixes. Read on to learn more about this release.
Our sponsors
Mockoon is an open-source project built by volunteer maintainers. If you like our application, please consider sponsoring us and join all the Sponsors and Backers who helped this project over time!
You can also support us by subscribing to our Cloud and enjoy a whole new level of capabilities: real-time collaboration, cloud deployments, AI-powered API mocks generation, enterprise-grade support, and more to come!
Your contribution fuels Mockoon's independence and keeps the project alive!
Admin API always enabled on cloud deployments
In this release, we've made the admin API always enabled for cloud deployments. Since v9.1.0, Cloud users could disable the Admin API when deploying, but we've reverted this option.
The admin API will be a central part of the new web app we are working on, and we need it to be always available to ensure a seamless experience. The API will always be protected by an API key, regardless of whether your deployment is public or private. We updated the documentation to reflect this change.
(Issue #1688)
Command palette: search across all environments
The command palette has been updated to improve navigation and usability. You can now search for endpoints across all opened environments, making it easier to find and jump to the right route, no matter which environment it belongs to.
(Issue #1186)
Filter added to route response list
A new filter is now available in the route response list, making it easier to quickly find and manage specific responses within your routes.
(Issue #1394)
Quick access to recently opened local environments
We've added a list of recently opened local environments, making it easier to quickly reopen your most used environments without searching for them manually.
(Issue #1398)
Admin API improvements
The admin API now returns the data buckets statuses in a new GET /mockoon-admin/data-buckets endpoint:
Copy[ { "id": "jb18", "name": "data 1", "parsed": true, "validJson": true }, { "id": "fhcj", "name": "data 2", "parsed": true, "validJson": false } ]
(Issue #1673)
We also added a new Server-sent events (SSE) endpoint to the admin API to receive the logs and the buckets statuses (above) in real-time. The endpoint is GET /mockoon-admin/events. Check the documentation for more information.
Finally, the admin API now always include CORS headers to allow cross-origin requests and integration with web applications. (Issue #1675)
Improvements
- Add support for JSONPath
$[?(@.prop.match(/value/))]filter expressions. (Issue #1631) - Environments imported from an OpenAPI specification now automatically include CORS headers if not present. (Issue #1593)
- We've added a new
findtemplating helper. (Issue #1124)
Fixes
- Fixed a bug introduced with v9.1.0 where rules targeting the JSON request body with an empty path wouldn't match. (Issue #1628)
- Fixed a bug preventing matching JSON request bodies against string values. (Issue #1658)
- We updated our Docker CLI base image to fix a vulnerability. (Issue #1660)
- We updated the Snap package to Core 22 in order to fix a bug where system fonts were not loaded. (Issue #1671)
- [⚠️ Possible breaking change] We fixed a path traversal vulnerability when file paths were built from request templating helpers (
queryParam,body, etc.). It is not possible anymore to dynamically escape the current folder by passing../in the file path. Note: our cloud wasn't affected by this vulnerability, and your self-hosted instances are only at risk if publicly exposed and using request templating helpers in a file path. (Issue #1699)
Chores
- We updated the libraries and applications dependencies to their latest versions. As a result, we updated Faker.js to v9.6.0 (from v9.3.0) (see Faker.js release notes).