Release notes (2026.04.22)

Here's what's new in the latest stable release version (2026.04.22):

New Features

AI

• [AI Agent (β)] is now available. You can use data within Kuroco to execute various tasks.
• Kuroco Skills for Claude Code is now available. A skill package that enables Claude Code to directly operate Kuroco via the Management API, including content management, API configuration, batch processing, and deployment automation.
• A setting for [AI post-processing after content updates] is now available. You can automatically run AI-powered processing such as translation when content is created or updated.

API

• The Management API (admin_api) is now available. You can perform admin panel operations via API, including content creation, member management, and API configuration.
• [Email API] is now available, allowing you to send emails via API endpoints.
• [LINE API] is now available, enabling LINE message sending via API endpoints.
• [Slack API] is now available, enabling Slack message sending via API endpoints.
• A langs_open_flg parameter has been added to the Topics::list and Topics::details endpoints. When enabled, each topic includes a langs_open_flg object showing publication status for all configured languages (e.g. {"en":1,"ja":0}), enabling multi-language sites to display language switchers without making separate API requests per language.
• The Topics::waiting_for_approval_details endpoint now supports specifying multiple topics_group_id values.
• The Topics::draft_list endpoint now supports specifying multiple topics_group_id values.
• An endpoint for Files::temp_upload_url has been added.
• Response schemas for some APIs have been refined.
• A schema parameter has been added to the OpenAI::chat endpoint. By specifying a JSON Schema, you can obtain AI output in a structured JSON format.

External Integration

• A "CORS auto-update" setting has been added to the Amazon S3 settings screen. When disabled, Kuroco stops automatically updating the S3 CORS configuration, allowing you to manage CORS settings directly on the AWS side.

Content Management

• A "Download as ZIP" feature has been added to the file manager. When 2 or more files are selected, you can download them as a single ZIP archive. The total download size is limited to 500MB.

Form

• If "Also include time (hh:mm)" is enabled in the date format settings, the hh:mm information is now also assigned to the message template.

Tag

• When downloading the tag list as a CSV, tags are now exported in the order they are displayed.

Content

• An "Allow all tags" option has been added to the WYSIWYG input restriction settings. When enabled, all tags including <script> and <iframe> tags are available.
• A new constant USE_SAFE_SVG_TAGS has been added, allowing safe SVG tags to be used in HTML and WYSIWYG fields.
• A Strikethrough (line-through) button has been added to the CKEditor 5 toolbar. By setting strikethrough::1 in wysiwyg_options of the content structure, the strikethrough button appears in the toolbar after the underline button.
• You can now select the return destination when rejecting in an approval workflow.
• Applicants can now withdraw an approval workflow request.
• Custom member filters can now be used for approval groups in approval workflows.

Custom Function

• Modules can now be configured to set "All modules" as trigger targets for content triggers.

Specification Changes

• When the check_current_pwd parameter is enabled in Member::update, the system now also validates current_password when changing the email address.
• When the check_current_pwd parameter is enabled on the Member::update endpoint, the error key related to current_password was incorrectly set to login_pwd. This has been corrected to current_password.
• Free users (users who have not registered payment information) are now subject to restrictions on batch processing (approximately 100 executions per hour) and API sending (approximately 1,000 requests per hour).
  info

  Information -> Limiting Batch Processing and API Sending for Free Users

• When specifying the "Approval date and time" and content is updated by a batch process, the updater is now recorded as the member who performed the approval, rather than Member ID = 1.
• For email two-factor authentication, if Email/SMS cannot be sent due to a backend issue, login now fails by default. To maintain the previous behavior (allowing login without the authentication code), set the constant REJECT_MFA_LOGIN_IF_SEND_FAILED to 0.
  info

  Information -> Change in Email Two-Factor Authentication Behavior When Email Cannot Be Sent

Bug Fixes

• Fixed an issue where specifying _output_format=csv or _output_format=zip on the Topics::list endpoint with post-processing configured resulted in an HTTP 500 error.
• Fixed an issue where the {api} Smarty plugin caused a fatal error when sending a JSON-formatted body.
• Fixed an issue where the search_keyword filter combined with filter_lang=en caused an HTTP 500 error on Topics::list / Topics::details.
• Fixed an issue where the update_comment parameter was not accepted in the Topics::insert and Topics::update endpoints.
• Fixed an issue where the Topics::waiting_for_approval_details endpoint always returned 404.
• Fixed an issue where uploading an image for a secondary language via CSV overwrote the primary-language image.
• Fixed an issue where the Boolean extension field of a topic was reset to true on validation errors when the block editor was enabled.
• Fixed an issue where SVG tags could not be used in the WYSIWYG editor inside JSON-type sub fields.
• Fixed an issue where the delete button was not displayed on file-manager-based Topics extensions.
• Fixed an issue where the block editor limited category selection to three and treated the field as required.
• Fixed an issue where a relation extension column in the content list showed only one category even when multiple were configured.
• Fixed an issue where dropdowns in the content list were hidden behind the header row.
• Fixed an issue where the topics_accept trigger was not called when content was force-published from the "Approval Application List".
• Fixed an issue where the approval-list date filter required selecting a date twice before it was applied.
• Fixed an issue where the delete action did not run in a delete-approval workflow that had an "approval application datetime" set.
• Fixed an issue where the datetime shown at rejection was the same as the submission datetime.
• Fixed an issue where secondary-language master data could not be downloaded as CSV.
• Fixed an issue where entered master data was cleared when a validation error occurred in the master feature.
• Fixed an issue where the {unzip}, {zip} and {gzip} Smarty plugins could not specify files/temp/ as dest.
• Fixed an issue where Stripe Webhook validation did not verify existing subscriptions.
• Fixed an issue where specifying cancel_cdn_cache_purge in a trigger also cleared the detail page cache.
• Fixed an issue where deleting a site resulted in an HTTP 500 error.

Please note that there may be minor improvements and internal processing fixes that are not listed here. Bug fixes may also be implemented in advance before the official release date.