• LabKey Server SDMS
• Distribution Changes and Upgrade Notes
• Client APIs and Development Notes
• Other LabKey Products:
• Sample Manager Release Notes
• LabKey LIMS Release Notes
• Biologics LIMS Release Notes

LabKey Server SDMS

Premium Edition Feature Updates

• The Duo secondary authentication provider now integrates with Duo Universal Prompt. (docs) Also available in 24.11.5.
• A wide variety of trendline options have been added to the chart builder for line charts. (docs)
• Premium Resource: A new example showing how to customize your site's home page to make navigation easier for user groups. (docs)
• Sample Manager Feature Updates
• LabKey LIMS Feature Updates
• Biologics LIMS Feature Updates

Community Edition Updates

• Assay transform scripts can be configured to run when data is imported, updated, or both. (docs)
• Study participants can be deleted from all datasets at once. (docs)
• Names of data structures, including Sample Types, Source Types, and Assay Designs, may not contain certain special characters or substrings used internally. (docs)
• Administrators can use a new table to locate field names with special characters on the server. While special characters are permitted in field names, they are not recommended. (docs) Also available in 24.11.9.
• The wiki and announcements renderer for Markdown has been replaced. The new renderer is highly compatible with the previous renderer and adds several new features. (docs)
• Set a timeout for read-only HTTP requests, after which long running processes and database queries will be killed. (docs)
• When the server is configured to use only HTTPS, a Strict-Transport-Security header will be set to prevent future attempts to access the server over HTTP. (docs) Also available in 24.11.4.
• Administrators can register a list of acceptable file extensions for uploads; others will be denied. If no list is provided, any extension is allowed. (docs)
• Encoding of WebDav URLs has been made more consistent; users who have been relying on the previous behavior may need to make changes. (docs)
• A strong Content Security Policy (CSP) running in enforce mode is highly recommended for all servers. Administrators can now customize elements of the CSP through the Admin Console. (docs)
• New options to assist with troubleshooting Postgres database issues have been added to the Admin Console. (docs)
• New documentation example of using an icon on a custom grid button. (docs)

Distribution Changes and Upgrade Notes

• A strong Content Security Policy (CSP) is highly recommended for all servers. (docs)
• Our recommended strong CSP blocks all inline script and prevents browsers from accessing unvetted external resources. This means the browser blocks all cross-site script (XSS) injection and cross-origin resource sharing attacks.
• All LabKey Cloud deployments are now configured with a strong CSP in enforce mode.
• All on-premise distributions are now configured by default with a strong CSP in report-only mode. We recommend switching this to enforce mode as soon as you have tested in report mode and are comfortable with the findings.
• Important: If you are running on-premise and previously customized the CSP and are running it in enforce mode, you can continue to do so. If you have customized the CSP to run in report mode, we recommend removing the customization from your application.properties so that our default will be used instead. Once you are satisfied with the report results, you'll be able to move to enforce mode.
• If any customizations you require are not supported by the new ability to substitute allowed external hosts, please contact us so that we can best support you.
• LabKey Server embeds a copy of Tomcat 10. It no longer uses or depends on a separately installed copy of Tomcat. (installation docs)
• LabKey Cloud subscribers are installed, upgraded, and maintained by LabKey.
• Users with on-premise installations who have already upgraded to use embedded Tomcat should follow these upgrade instructions. (upgrade on linux | upgrade on windows)
• Users with on-premise installations that have not already migrated their server to use embedded Tomcat will need to follow an additional set of steps covered in the documentation archives. (migration docs)
• The default configuration for Tomcat error pages has been improved to reduce unneeded information like the version number and stack trace.
• Error logging has been improved for situations like port conflicts. (docs)

Deprecated Features

• Support for PostgreSQL 12.x has been removed. (supported versions)
• Support for bitmask (integer) permissions has been removed. Developers can learn more in the archives.
• Support for "Advanced Reports" has been removed.
• Support for the "Remote Login API" has been removed.
• The "Vaccine Study Protocol" interface has been removed.
• Support for FreezerPro integration has been removed.
• Support for SampleMinded integration has been removed.
• Support for additional date, time, and datetime parsing patterns has been deprecated.
• "Assay Progress Reports" in studies have been deprecated.
• Support for SQL Server 2016 has been deprecated and will be removed in a future release. (supported versions)
• Support for object-level discussions has been deprecated.
• Support for Ancillary Studies has been deprecated.
• The Publish Study feature provides a more extensive mechanism for creating child studies. (docs)
• Support for study protocol design tools has been deprecated.
• The "Advanced import options" of choosing objects during import of folder archives, as well as having those imports applied to multiple folders simultaneously, have both been deprecated.

Client APIs and Development Notes

• Rlabkey version 3.4.1 has been released, supporting the consistency improvements in webdav URLs. Note that this means version 3.4.1 requires LabKey version 24.12 or higher; earlier versions of LabKey must use Rlabkey version 3.4.0 or lower. (docs)
• API Resources

Sample Manager

LabKey LIMS

Biologics LIMS