Release Notes

This page is no longer being maintained.

This is the summary list of changes to Girder between each release. To find information about the latest release, see the releases page at For full details on changes, see the commit logs at



  • Move minimum node version to 8.x due to upstream packages using newer ES features. (#2707).

  • Require MongoDB 3.4+ (#2900)

  • Removed the @access.cookie decorator; this is now an option on the other access decorators.

Bug Fixes


  • Fixed a bug where removing admin status from a user via the REST API did not work. (#2720).

Web Client

  • Ensure that a text input doesn’t appear after downloading checked items. (#2736)

Python Client

  • Added support for uploading empty files. (#2714).

Added Features

  • Google Storage is provisionally supported via S3 Assetstore (#2876).

  • Added an NPM_EXE environment variable and --npm flag to girder build to configure the npm executable used. (#2826).

  • Added a privacy notice link to the footer which can be set on the Server Configuration view of the web client ( #2728).

  • Added a setting to disable the notification stream. This may improve Girder’s performance in runtime environments with fewer threads (#2712).

  • Added a task information panel that shows remote worker status. This is accessible from the jobs list when the remote worker plugin is enabled and also from the worker plugin configuration page. (#2678)

  • Allow users to login with two-factor authentication via TOTP on a mobile authenticator app. (#2655).

Python Client

  • Added a --token option to the girder-client command line interface to allow users to specify a pre-created authentication token. (#2689).

  • Added a --retry option to the girder-client command line interface to retry connection and certain error responses (#2697).

  • Added a --verbose option to the girder-client command line interface to increase the verbosity of information dumped to stderr (#2699).

Web Client

  • Filesystem and S3 assetstore imports show the selected destination resource path next to the ID when selected via the browser widget (#2775).


  • The Server FUSE plugin has been refactored into the girder mount command. Instead of setting a value in the configuration file and turning on a plugin, run girder mount <mount path> before or after starting a Girder server. (#2691)

Girder 2.5.0

Added Features

  • Added a new system setting that will allow admins to disable logging in via a password. If disabled, the login dialog in the web client will no longer show the password login form. (#2504)

  • Added a new system setting that will allow admins to disable the API key authentication functionality. (#2438)

  • API endpoint in the hashsum_download plugin that returns a list of files matching a given hash sum. (#2548)

  • Integration with dogpile.cache for caching key value pairs via girder.utility._cache.cache and girder.utility._cache.requestCache. (#2274)

  • Plugins can customize the header and description on the Swagger page. (#2607)

  • Common Girder operations can now be executed with a top level girder command. (#2596)

  • Added the server FUSE plugin that mounts Girder files in a read-only user-space filesystem. (#2521)

  • Added support for the --host flag to girder serve to allow dynamically setting the host. (#2570)

  • Added support for running the Python test suite via the tox command. (#2528)

  • Created a new “virtual folders” plugin. This plugin allows administrators to configure special read-only folders whose list of child items comes from a custom, user-defined database query. These folders act like database “views” into the item collection. (#2620)

  • Added a File().getLocalFilePath method. (#2633)

  • The stream logger handles more properties. (#2522)

  • Future-proof for CherryPy removal of response timeouts. (#2487)

  • Only use new style Python 2 classes. (#2656)

  • Allow cancellation of raw Celery tasks. (#2602)

  • Allow assetstore implementations from models besides the assetstore model itself. This enables assetstore adapters in plugins to be managed by users who are not necessarily site administrators. (#2599)

  • Add validation logic to rest endpoint paging parameters. (#2462)

  • Add rest endpoint to send user validation email. (#2622)

  • Add a search mode registry and a search mode for dicom metedata. (#2450)

  • Allow creation of item_tasks tasks from girder_worker describe decorators. (#2270)

  • New plugin to allow browsing of Girder data in a tree view. (#2086)

Python Client

  • Add a method to stream contents of a file download. (#2476)

Web Client

  • Added a new, more fully-featured view for search results. (#2347)

  • For added safety, when deleting a collection a user will now be required to type the name of the collection into the confirmation dialog. (#2473)

  • New table_view plugin renders .csv and .tsv files as tables on the item page. (#2480)

  • Modal dialogs have a default maximum height and will have a scroll bar if needed. (#2523)

  • We now use the webpack DefinePlugin to add a build-time definition of the environment. This can be used to allow for different build output in production vs. development. (#2631)

  • Use href properties for navigation links in addition to JavaScript onclick events. (#2489) (#2578)

  • Change instances of .g-server-config to .g-server-config a to enable adding of href properties to those links

  • Add new methods: folder.removeContents, item.getFiles, user.fromTemporaryToken. (#2615)

Swagger Client

  • Swagger now expects zip files to be binary data, allowing them to be downloaded through the Web API. (#2562)


  • PYTHONPATH can be specified for client tests. (#2535)

  • Support for writing server-side tests using pytest. (#2412)
    • Added the pytest-girder package for downstream packages.

    • Added support for the mongomock package in the new pytest suite.

    • Plugins can be enabled for Pytest. (#2634)

  • Flake8 settings are now able to be automatically detected by many editors and IDEs. The flake8 tool may now be invoked directly from the command line, without necessarily using a CMake test. (#2543)

  • ESLint settings for plugin tests are now able to be automatically detected by many editors and IDEs. The eslint tool (including options such as --fix) may now be invoked directly from the command line, without necessarily using a CMake test. (#2550)

Bug fixes


  • Support range requests of S3 non-redirected data handling. This fixes seeking on S3 assetstore files in the file context handler. (#2468)

  • Pin to a specific version of CherryPy to work around upstream issues on OPTION endpoints. (#2499)

  • When a plugin supplying an assetstore fails to load, other assetstores could not be listed. (#2498)

  • Run pip installation of plugins using a subprocess rather than the pip module, for forward compatbility with pip. (#2669)

  • Correct complex plugin dependencies parsing. (#2496)

Security Fixes

  • The default Girder server now binds to localhost by default instead of (#2565)


  • Exceptions are now all accessible in the exceptions module and are descended from the GirderBaseException class. (#2498)

  • Require npm 5.2+ (with npm 5.6+ strongly recommended) to build the web client

  • Require MongoDB 3.2+ (#2540)

  • Disable the background event thread in WSGI mode. (#2642)

  • Update imports of library from “dicom” to “pydicom”. (#2617)

  • A log message is now emitted whenever a file is uploaded. (#2571)


  • Server side tests should be written using the new pytest infrastructure.

  • Move CLI commands to a “cli” module and deprecate “python -m” methods for starting Girder servers. (#2616 <>)


  • The CMake options PYTHON_COVERAGE, PYTHON_BRANCH_COVERAGE, and PYTHON_COVERAGE_CONFIG are removed, and will have no effect if set. Python tests will always output coverage information, using a standardized configuration. If external test infrastructure needs to be run with different options, it should invoke pytest -cov-config ... or coverage run --rcfile=... directly. (#2517)

  • The CMake options COVERAGE_MINIMUM_PASS and JS_COVERAGE_MINIMUM_PASS are removed, and will have no effect if set. If external test infrastructure needs to set a coverage threshold, it should be done with a Codecov (or similar service) configuration. (#2545)

  • The CMake options ESLINT_CONFIG_FILE and ESLINT_IGNORE_FILE are removed, and will have no effect if set. If external test infrastructure needs to override ESLint configuration, it should be done using ESLint’s built-in configuration cascading mechanisms. Most typical external plugins will continue to work with their current configuration.

  • The deprecated DELETE /user/password endpoint is removed. The PUT /user/password/temporary endpoint should always be used to reset passwords, as it uses a secure, token-based password mechanism. (#2621)

  • Dropped support for Python3 < 3.5. (#2572)

Girder 2.4.0

Added Features


  • Support for S3 buckets in regions other than us-east-1. (#2153)

  • Allow S3 credentials to be inferred by Boto. (#2229)

  • girder-shell console script which drops the user into a python repl with a configured webroot, giving the user the ability to import from any of the plugins specified. (#2141)

  • Support for configuration of pymongo client options as Girder config file options. (#2380)

  • Support for idiomatic use of Girder’s model classes. Rather than using ModelImporter.model with strings for the model and plugin names, you can now use python imports of the model classes and instantiate and use them directly. (#2376)

  • Support for mounting REST endpoints under a prefix. Useful for grouping related endpoints, such as those exposed by a plugin. (#2395)

  • Option in worker task input specs to use local file paths in the worker when available, to avoid downloading files. (#2356)

  • Core setting allowing the instance brand name to be set. (#2283)

  • Core setting allowing the instance contact email address to be set. (#2279)

  • Core setting allowing the GUI header color to be set. (#2334)

  • “terms” plugin, which provides the option to require users to agree to a “Terms of Use” before accessing a collection. (#2138)

  • Improve the “homepage” plugin’s capabilities for making in-place changes to the home page. (#2328)

  • API endpoint, “/user/details”, allowing site admins to list the total number of users. (#2262)

  • Job cancellation support to Girder Worker jobs. (#1983)

  • Accept metadata on item and folder creation via the REST API. (#2259)

  • Allow girder-install plugin to get dependencies from a file. (#2370)

  • Create a registry for adding new search modes. (#2363)

Web Client

Python Client

  • Support for turning off certificate checking with --no-ssl-verify. (#2433)

  • Support for specifying a custom certificate with --certificate. (#2267)

  • Support for downloading individual files. (#2429)


  • Added a Terraform module for creating an S3 bucket compliant with Girder assetstore policies. (#2267)

  • Published a latest-py3 tag to Dockerhub for Girder images built with Python 3. (#2321)


Python Client

  • requests.HTTPError should be caught in places where girder_client.HttpError used to. (#2223)

Bug fixes


  • Fixed an error where certain filenames could cause broken Content-Disposition header values. (#2330)

  • AccessControlledModel.load fields argument now works more reliably. (#2366, #2352)

  • Fixed an issue where the events daemon was failing to terminate correctly. (#2379)

Web Client

  • Remove Bootstrap re-styling of tooltips. (#2406)


  • Fixed an issue which disallowed provisioning with the Girder Ansible module under Python 3. (#2449)

Girder 2.3.0

Bug fixes

  • Fix uploading into HDFS assetstore using new upload mode

Security Fixes

  • Ensure token scopes on API keys are valid

  • Add secure cookie setting

  • Upgrade swagger-ui version to fix XSS issues

Added Features

  • Add REST endpoint for creating job models

  • Add graphs for Jobs status history to Admin UI

  • Improvements to item_tasks job execution, task import, task lists, and permission flag UIs

  • Show plugin load failures on plugins page

  • Add Candela plugin

  • Compute missing hashes when files are uploaded, and allow for hashsum calculation for non-filesystem assetstore files

  • Add support for running Girder in AWS Elastic Beanstalk

  • Upgrade S3 assetstore to Boto3

  • Add LDAP authentication plugin

  • Send all http server errors to the error log

  • Added an event when the web client connection to the server is stopped or started

  • Support uploading small files in a single REST call

  • Improved GridFS support, including better sharding support and faster writes

  • Add a Description method to mark a route as deprecated

  • Many improvements to the web client test infrastructure including

    • A new CMake macro, add_standard_plugin_tests, to enable basic tests for a typical plugin layout

    • A new girderTest.importPlugin function, to load plugin JS and CSS in web client tests

    • A static analysis test for Stylus files

    • New rules for Javascript and Pug static analysis tests

  • A facility to initialize the database to a specific state for testing


  • Upgrade web client to use jQuery 3

  • Upgrade web client to use Backbone 1.3

  • Require Node.js 6.5+ and npm 3.10+ (with npm 5.3 strongly recommended) to build the web client


  • job Plugin: Python Job model listAll method

  • hashsum_download plugin: Python HashedFile.supportedAlgorithms symbol

  • item_tasks plugin: item_task_json_description and item_task_json_specs routes

  • module.loaders in webpack helper files, and the use of Webpack 1.0 syntax in plugins’ webpack helper files

  • restRequest.error in rest.js

  • npm-install in client side build

  • girderTest.addCoveredScript and girderTest.addCoveredScripts in testUtilities.js

  • access to file paths outside /static/built/ in the web client test environment


  • Remove the unmaintained external web client

  • Remove the unmaintained jQuery “girderBrowser” client, and associated “jquery_widgets” plugin