DEV Community

Cover image for OpenSparrow v2.8 – Kanban board, MySQL Gateway, and major security hardening
Tomasz
Tomasz

Posted on

OpenSparrow v2.8 – Kanban board, MySQL Gateway, and major security hardening

#php #opensource #webdev #database

OpenSparrow v2.8 is out. This one's focused on security, new visualization options, and better multi-database support.

Board (Kanban) view
New module — visualize your records as draggable cards organized into lanes. Each lane represents a status value (enum recommended). Drag a card to another lane and it updates instantly, with the change logged to the audit trail and restricted by record ownership.
Configure it from the new Board tab in the admin panel. The CRM demo now ships with a ready-made "Deals Board" grouped by Stage.

MySQL Gateway improvements
You can now connect to external MySQL databases and manage them alongside.
Add a MySQL table to the routing list, it auto-discovers columns from INFORMATION_SCHEMA and writes them to schema.json. New admin panel section lists all MySQL-routed tables with a per-table sync button.

Security hardening

  • Ownership guards — mass edit, duplicate, and delete now respect row ownership on restricted tables. Calendar drag-and-drop also enforces this.
  • Random setup password — the initial admin account gets a random 24-character password instead of hardcoded admin/admin
  • Session protection — storage/sessions/ now has .htaccess denying direct web access on Apache
  • File uploads security — uploads are now stored outside the web docroot (storage/files/), closing a potential exposure
  • Config import hardening — rejects empty archives, enforces 512 KB per-file limits, validates JSON properly

Infrastructure improvements

  • Web-root restructure — all web entry points now live in public/; backend code stays outside the docroot
  • Cypress test overhaul — 18 spec files, new seed endpoint, admin panel tests now fully active
  • CI/CD — added source integrity checks, version tag validation, PHP 8.1–8.3 syntax checks
  • Docs update — removed all references to default credentials, updated for random setup password

Small but useful

  • Linked record count badges now show on grid expand buttons — tells you how many related records exist before you click
  • Calendar API now queries only the visible month — better performance on large datasets
  • Login attempts table auto-purges rows older than 30 days

Following this series?

OpenSparrow v2.7 – Enhanced RAG, rebuilt admin UI, and Automations (beta)

OpenSparrow v2.6 – AI-powered search (RAG), bulk operations, and keyboard shortcuts

Websites

opensparrow.org
github.com/wrobeltomasz/open-sparrow
demo.opensparrow.org

Top comments (0)