Skip to main content

Release notes (2026.07.15)

Here's what's new in the latest stable release version (2026.07.15):

New Features

API

  • required_columns and allowed_columns parameters have been added to the Master::update and Master::insert endpoints.
  • An exclude_group_ids parameter has been added to the MemberGroups::list endpoint.
  • bikou and order_no have been added to the schema of the Member::update and Member::insert endpoints.
  • A get_last_favorite_ymdhi parameter has been added to the Topics::list endpoint. When enabled, the date and time when each content was last favorited can be retrieved, and sorting by last_favorite_ymdhi is also supported.
  • An advance notification feature for token expiration has been added for static access tokens, privileged static tokens, and KurocoFront tokens. Notification emails are sent to the email address registered in account settings 30, 7, and 1 day(s) before the expiration date.
  • Point update (ECPoint::update) and point history (ECPoint::history) endpoints have been added for updating and retrieving e-commerce points from external systems. Points can be granted and consumed, and point histories and current balances can be retrieved.
  • OAuth 2.0 authentication is now available for MCP client connections. Zero-config client registration via Client ID Metadata Documents (CIMD) and manual registration of OAuth clients from the admin panel are supported.
  • The scope of operations available via Admin MCP (admin API) has been expanded. Creating, updating, and deleting groups, content structures, activity settings, and plugin management are supported, along with uploading image/file fields of content, configuring API CORS and security settings, and generating API tokens and KurocoFront tokens.
  • Admin MCP permissions have become a three-level selection (read-only / read-write / full access). Requests made via Admin MCP are now also logged.

External Integration

  • An OAuth Authorization Server has been added. Kuroco itself can act as an OAuth 2.0 / OpenID Connect authorization server, issuing authorization codes and access tokens to external OAuth clients (including MCP clients).
  • You can now filter the branches displayed in the GitHub workflow execution list for KurocoFront, allowing you to show only branches that are relevant to your integration.
  • A "Return URL specified by request" setting has been added to SAML SP. When enabled, the return_url parameter can be appended to the login request to dynamically specify the post-login redirect destination.
  • An "Also update member information on SAML login" option has been added to the "Automatic user registration" section of SAML SP settings. When enabled, existing member information is updated with data from the IdP upon SAML login.
  • The Amazon S3 management screen now allows toggling S3 ACL disable (DISABLE_S3_ACL). For sites using S3 buckets with Object Ownership set to "Bucket owner enforced" (ACL disabled), this setting can now be changed from the admin panel.
  • The Amazon S3 management screen now displays a preview of the bucket policy that is automatically applied when ACL is disabled.
  • A test send feature has been added to external integration settings (LINE / SMS / Twitter / Slack / Teams). You can send a test message directly from the settings screen to verify that the integration is configured correctly.
  • Trigger email addresses that can be specified as mail recipients have been added for Slack messages ({channel}@slack.r-cms.jp), X posts ({twitter_id}@tweets.twitter.r-cms.jp), batch processes ({batch_id}@batch.r-cms.jp), and AI agents ({ai_agent_id}@agent.r-cms.jp). In addition to the existing LINE and text message (SMS) addresses, sending an email can now deliver messages to external services or start batch processes and AI agents.

Content

  • A "Do not assume content publication" setting has been added to content structures. When enabled, the "Published / Unpublished" labels in the content editor are replaced with "Use / Don't use". This is suitable for use cases such as internal databases or knowledge management, where Kuroco is used as a foundation for authentication-required business applications.
  • A pre-copy UI similar to the one used for primary-language copy is now shown when copying content in a secondary language. This allows duplicate slug errors to be displayed in the correct UI (instead of an empty edit screen) and lets you adjust the primary-language content before performing the copy.
  • In the content list view, link-type extension field columns are now displayed as clickable hyperlinks (<a> tags that open in a new tab) instead of raw JSON strings.
  • When specifying an endpoint URL in an API field item using a relative path, ROOT_API_URL is now automatically prepended.
  • The field names of default items in content structure (Title, Content ID/Slug, Date/Sort, Category, Content) can now be edited.
  • The UI generation for sub-items (JSON) now supports Array → Object → Array → Object structures.
  • Minute intervals can now be configured in date and sub-item (JSON) time settings.
  • Extensions (AI auto-processing, email receive, crawling, Slack, LINE, Microsoft Teams) have been added to content structures. For Slack and LINE, an automatic acknowledgment reply to received messages can also be configured.
  • You can now specify which groups can update each field in a content structure. For members of non-permitted groups, the field is displayed as read-only.
  • The "Remove plugins" setting in content structure WYSIWYG (rich text editor) configuration has been changed from text input to checkbox selection.
  • Media embeds are now available in the markdown-mode editor. Embedded media is stored as markdown links ([video](url)) and is displayed as a preview when the edit page is reopened.

AI

  • AI Agent Assist has been added. You can open a sidebar on supported admin panel screens, such as the content editor and the custom processing editor, and ask the AI agent questions or make requests about the current page.
  • An "AI validation" feature has been added to AI processing in content structures. When content is saved, AI checks the validity of the content, and if it is judged invalid, saving is blocked with a validation error.
  • AWS Bedrock AgentCore (Managed Harness) can now be selected as an execution environment for AI agents.
  • A daily execution schedule setting has been added to the crawl settings screen, allowing crawls to be automatically executed daily at a specified time. Additionally, HTML-specific settings are now displayed in a collapsible section for a cleaner interface.

Files

  • Additional file extensions that are CORS-allowed for KurocoFiles can now be configured.

Campaign

  • Approval workflows are now available in form basic settings.

Custom Processing

  • An "After sending to preview site" trigger has been added to custom processing. This allows you to run custom processing after the process of sending content to the preview site (stage site) is completed.
  • The Smarty plugin {sendmail} now supports custom headers (X- headers, up to 5) when sending via SendGrid.

Others

  • Approval workflows are now available for the Master module.
  • Links to related help documents have been expanded across admin panel modules.
  • A "Re-check TLS certificate issuance" button has been added to the Custom Domain / TLS Certificate page.
  • Sync in the environment list now allows bulk execution for child sites matching the current search/filter conditions. Sites with any sync type configured (Sync App design, Sync App design excluding tags, or Sync full) are targeted.
  • The admin panel sidebar menu structure has been changed. A new "Channel" section has been created to consolidate delivery and integration-related menus, and the "KurocoFront" and "Campaign" sections have been removed. Additionally, "Activity Settings" has moved from a standalone menu item to a sub-menu under Activity. These changes involve moving and consolidating menu items; the functionality of each feature remains unchanged. For details, see the announcement.
  • The External system integration sidebar menu has been reorganized. SSO-related menus (SAML IdP / SAML SP / OAuth SP / OAuth Authorization Server / IDaaS / SCIM) have been grouped under an "ID Federation" sub-group, and an OAuth Authorization Server menu has been newly added. The HubSpot menu has been removed.

Specification Changes

  • When the security setting of an API is changed, existing issued tokens are now invalidated. A confirmation alert is displayed when making the change.
  • When uploading member CSV files, if the Enable group settings in the CSV setting was enabled, members were previously updated with no group assigned when the CSV used for the update did not include a group column. This behavior has been changed so that if the CSV used for the update does not have a group column, the group update is ignored.
  • The {$apply_member_nm} (applicant name) variable used in message templates such as approvalflow/approve_finish now displays the full name (name1 + name2), consistent with {$approve_member_nm} (approver name).

Bug Fixes

  • Fixed an issue where the same endpoint name could not be set for GET Topics::list and POST API::request_api_post.
  • Fixed an issue where contents_type in the Topics::preview API was 0 when the content structure had the block editor enabled.
  • Fixed an issue where tag_id could not be updated via the Topics API in some cases.
  • Fixed an issue where the Topics::reject, Topics::withdraw, and Approvalflow::review endpoints did not preserve application data.
  • Fixed an issue where the in operator filter on relation extension fields returned empty results in draft_list and waiting_for_approval_list.
  • Fixed an issue where including a timezone in the filter query did not work.
  • Fixed an issue where the Login::logout endpoint returned a success response even without authentication.
  • Fixed an issue where the {api} Smarty plugin returned null for json_var when the response was a single {"key":"value"} object.
  • Fixed an issue where setting the approval reflection date and time to a value later than the publication start date resulted in content being updated in an unintended publication state.
  • Fixed an issue where the default settings were not applied when a Boolean field was set as a repeating field.
  • Fixed an issue where the regular expression validation set for the slug did not take effect when registering content via CSV upload.
  • Fixed an issue where the WYSIWYG editor converted <th> cells in the table body to <td> on save.
  • Fixed an issue where repeated WYSIWYG fields were corrupted after rejecting from the waiting-for-approval list.
  • Fixed an issue where topics upload did not trigger a validation error for Master selection and Master checkbox fields.
  • Fixed an issue where the description text of a single-select field in content structure was appended to the last option.
  • Fixed an issue where the required validation of a Master checkbox was bypassed on update in the admin UI.
  • Fixed an issue where the target column in staticcontents_list did not support multiple IDs.
  • Fixed an issue where the time part of the date was always shown as 00:00 in the content list when post_time_flg was enabled.
  • Fixed an issue where uploading a secondary-language CSV caused a slug validation error.
  • Fixed an issue where downloading content for which no secondary language had been created as a CSV set the publication flag to 2.
  • Fixed an issue where the error message during content CSV upload did not match the Excel file.
  • Fixed an issue where uploading order data via CSV with the "update without value" setting caused a system error.
  • Fixed an issue where, in a multi-phase approval workflow, the update comments in the history list were shown in the wrong order and an earlier phase's approval comment was overwritten when a later phase was approved.
  • Fixed an issue where a secondary-language accept workflow did not publish the applied changes.
  • Fixed an issue where the "After approval workflow withdrawal" trigger could not be configured.
  • Fixed an issue where files added when approving an approval workflow were sometimes not reflected.
  • Fixed an issue where the approval reflection date and time function did not work correctly for approval workflows in the Master module.
  • Fixed an issue where keyword search did not work on the topics_waiting_for_approval_list page.
  • Fixed an issue where the right-click menu was not displayed when the Master edit screen was in full-screen mode.
  • Fixed an issue where item settings could not be displayed and a JS error occurred when opening the order_no setting modal on the content structure page.
  • Fixed an issue where the file manager ignored the "Maximum file upload size" site setting.
  • Fixed an issue where the FileManager API did not reference the group's file manager permissions (view / update / delete).
  • Fixed an issue where topic files remained publicly accessible after adding a viewing restriction to the content structure.
  • Fixed an issue where KurocoFiles (with metadata) metadata was not persisted in the CKFinder UI.
  • Fixed an issue where files with a blank in the filename could not be accessed from the file manager.
  • Fixed an issue where an invalid value in a FILEMANAGER extension field caused an HTTP 500 error.
  • Fixed an issue where Topics file manager extension file links were broken for filenames containing "+".
  • Fixed an issue where a group was not automatically granted in some cases after a credit card payment was completed.
  • Fixed an issue where a system error occurred when downloading order information that contained only failed payments.
  • Fixed an issue where AI post-processing did not trigger when the content was empty.
  • Fixed an issue where AI post-processing (auto-translation) wrote the string "null" to the destination when the source field was empty.
  • Fixed an issue where the AI dictionary (input_replacement) replacement did not take effect and the AI search query became empty.
  • Fixed an issue where a strikethrough was not converted to <del> in Markdown.
  • Fixed an issue where underscored-format text could not be saved in Markdown mode.
  • Fixed an issue where the underline (++text++) syntax was lost in the WYSIWYG API response when output_format was html.
  • Fixed an issue with CKEditor on HTML table layouts that included rowspan.
  • Fixed an issue where endpoints opened with a delay in Swagger UI.
  • Fixed an issue where disabling MCP for an API structure did not hide the MCP options.
  • Fixed an issue where the mail template editor added trailing spaces after RCMS-X header lines ending with {/if}.
  • Fixed an issue where the delete button display condition was incorrect on the Topics/Inquiry CSV download batch list, preventing deletion.
  • Fixed an issue where downloading or uploading a CSV failed for content that had a required Master (checkbox) field with only the option whose key value is 0 selected.
  • Fixed an issue where using "Updated by me" in the topics history caused an error.
  • Fixed an issue where the chart was not displayed on the access_data page.

Please note that there may be minor improvements and internal processing fixes that are not listed here. Bug fixes may also be implemented in advance before the official release date.


Support

If you have any other questions, please contact us or check out Our Slack Community.