Skip to content
z4j docs

Changelog

Latest headline release: z4j v1.6.8.

Each package versions independently; the table below shows the current latest of every published package. The per-package history follows.

PackageLatestReleasedCategoryLicenseLinks
z4j1.6.82026-06-08UmbrellaAGPL-3.0PyPI · GitHub · Docs
z4j-bare1.6.82026-06-08CoreApache-2.0PyPI · GitHub · Docs
z4j-core1.6.72026-06-08CoreApache-2.0PyPI · GitHub
z4j-scheduler1.6.72026-06-08CoreApache-2.0PyPI · GitHub · Docs
z4j-django1.6.82026-06-08FrameworksApache-2.0PyPI · GitHub · Docs · Upstream
z4j-fastapi1.6.82026-06-08FrameworksApache-2.0PyPI · GitHub · Docs · Upstream
z4j-flask1.6.82026-06-08FrameworksApache-2.0PyPI · GitHub · Docs · Upstream
z4j-arq1.6.72026-06-08EnginesApache-2.0PyPI · GitHub · Docs · Upstream
z4j-celery1.6.72026-06-08EnginesApache-2.0PyPI · GitHub · Docs · Upstream
z4j-dramatiq1.6.72026-06-08EnginesApache-2.0PyPI · GitHub · Docs · Upstream
z4j-huey1.6.72026-06-08EnginesApache-2.0PyPI · GitHub · Docs · Upstream
z4j-rq1.6.72026-06-08EnginesApache-2.0PyPI · GitHub · Docs · Upstream
z4j-taskiq1.6.72026-06-08EnginesApache-2.0PyPI · GitHub · Docs · Upstream
z4j-apscheduler1.6.72026-06-08SchedulersApache-2.0PyPI · GitHub · Docs · Upstream
z4j-arqcron1.6.72026-06-08SchedulersApache-2.0PyPI · GitHub · Docs · Upstream
z4j-celerybeat1.6.72026-06-08SchedulersApache-2.0PyPI · GitHub · Docs · Upstream
z4j-hueyperiodic1.6.72026-06-08SchedulersApache-2.0PyPI · GitHub · Docs · Upstream
z4j-rqscheduler1.6.72026-06-08SchedulersApache-2.0PyPI · GitHub · Docs · Upstream
z4j-taskiqscheduler1.6.72026-06-08SchedulersApache-2.0PyPI · GitHub · Docs · Upstream

History by package

Section titled “History by package”

z4j

v1.6.8 (2026-06-08)

  • security: Follow-on security release. Closes two high-severity issues in the bulk-retry and mixed-version dispatcher paths that the Round 9 external audit surfaced on top of 1.6.7. Operators are advised to upgrade.

v1.6.7 (2026-06-07)

  • security: Security release. Addresses a high-severity issue in one engine adapter's retry surface plus supply-chain hardening across CI workflows. Operators running RQ or shared-Redis deployments are advised to upgrade.

v1.6.6 (2026-06-07)

  • security: Security release. Addresses a high-severity information-disclosure issue plus several lower-severity hardening items. Operators are advised to upgrade.

v1.6.5 (2026-05-27)

  • security: Security release closing multiple authentication, session, transport, and dependency-supply-chain hardening items. Operators are advised to upgrade.
  • changed: Password minimum length aligned at 12 characters across backend default, dashboard fallback, and operator docs.

v1.6.3 (2026-05-15)

  • security: Security release. Operators are advised to upgrade.

v1.6.2 (2026-05-14)

  • changed: Dashboard design system unified across every page: consistent headers, filter toolbars, search inputs, action buttons, empty states, and time-range pickers.
  • added: Search and state filters on the Agents, Queues, and Workers pages.
  • security: Frontend and tooling dependency refresh.

v1.6.1 (2026-05-13)

  • fixed: Dashboard bundle correction for the MFA enrollment and post-login challenge surfaces. In-place upgrade picks up the fix.

v1.6.0 (2026-05-13)

  • added: Multi-factor authentication. TOTP via any standard authenticator app (Authy, 1Password, Google Authenticator, etc.), single-use recovery codes, optional 30-day device trust. Opt-in: existing users stay unenrolled until they enable it.
  • added: Microsoft Teams notification channel. Workflows webhooks, Power Automate, and the legacy O365 connector all auto-detected at save time.
  • added: Sentry error capture, OpenTelemetry tracing, audit-log webhook forwarding, four Grafana dashboards, and a Live Activity Feed on the dashboard home.
  • changed: One bidirectional schema migration (upgrade and downgrade both safe on populated databases). No data migration required.

v1.5.1 (2026-05-12)

  • fixed: Brain memory hygiene under sustained burst load. Tunable via `Z4J_DATABASE_STATEMENT_CACHE_SIZE`.
  • added: Four new Prometheus gauges plus a Grafana dashboard so operators can verify operational health in their own environment.

v1.5.0 (2026-05-11)

  • security: Security release. Operators are advised to upgrade.
  • fixed: Task-correctness fixes around event acknowledgement, event-loop decoupling, and event deduplication.
  • fixed: Scheduler load-test fixes.

v1.4.0 (2026-05-03)

  • changed: The brain server, dashboard, REST API, audit log, and reconciliation all ship in a single `z4j` distribution. `pip install z4j` is the only install path operators need.
  • added: Engine adapters available via extras: `pip install z4j[django,celery]` for the full Django + Celery stack, plus extras for FastAPI, Flask, RQ, Dramatiq, Huey, arq, TaskIQ, APScheduler.
  • security: Security release. Operators are advised to upgrade.

z4j-bare

v1.6.8 (2026-06-08)

  • security: Dispatcher hardening: refuses retry against a legacy RQ adapter rather than falling back to a signature that would re-open a prior pickle-deserialization issue.
  • fixed: Brain-derived task name now wins over operator-supplied values in the Huey retry path.

z4j-core

v1.6.7 (2026-06-08)

  • changed: Python compatibility floor relaxed from 3.10/3.11 to 3.10 so adapters embedded in operator processes can install on the broader Python deployment base.

z4j-scheduler

v1.6.7 (2026-06-08)

  • changed: Python floor relaxed from 3.13 to 3.11 so the scheduler process runs on the same interpreter range as the brain.

z4j-django

v1.6.8 (2026-06-08)

  • security: Engine-extra floor lifted so `pip install z4j-django[rq]` resolves only the hardened RQ adapter line.

v1.6.7 (2026-06-08)

  • changed: Wider Django compatibility range: installs cleanly against Django 5.0 and up with no upper cap. Operator owns their own Django security posture; the adapter no longer gates on CVE versions.

z4j-fastapi

v1.6.8 (2026-06-08)

  • security: Engine-extra floor lifted so `pip install z4j-fastapi[rq]` resolves only the hardened RQ adapter line.

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest FastAPI (>=0.95) version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-flask

v1.6.8 (2026-06-08)

  • security: Engine-extra floor lifted so `pip install z4j-flask[rq]` resolves only the hardened RQ adapter line.

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest Flask version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-arq

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest arq version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-celery

v1.6.7 (2026-06-07)

  • fixed: Multi-tenant cache bleed fix. Worker-stats cache moved from class scope to instance scope so two adapters in the same process no longer share state.

z4j-dramatiq

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest Dramatiq (>=1.14, <3) version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-huey

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest Huey (>=2.4, <3) version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-rq

v1.6.7 (2026-06-08)

  • changed: Wider RQ compatibility range: now installs against RQ >=1.10 (previously >=2.8.0), with <3 cap. Captures the RQ 1.x deployed majority that the previous floor excluded.

z4j-taskiq

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest TaskIQ version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-apscheduler

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest APScheduler (>=3.8, <4) version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-arqcron

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest arq version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-celerybeat

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest Celery (>=5.3) and django-celery-beat (>=2.5) version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-hueyperiodic

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest Huey (>=2.4, <4) version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-rqscheduler

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest rq-scheduler (>=0.11) version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.

z4j-taskiqscheduler

v1.6.7 (2026-06-08)

  • changed: Wider compatibility range: now installs against the lowest TaskIQ version where every API z4j uses is present, with no upper cap. Operator-chosen primaries are no longer CVE-gated by the adapter; the operator owns their own framework security posture.