logo InvenTree
go back Back

1.4.0 Release

16 Jun 2026 Oliver

InvenTree 1.4.0 has been released! This release includes a number of new features, improvements, and bug fixes. We recommend all users to update to this version as soon as possible.

Changelog

Major changes are documented in the CHANGELOG.md file in the repository. For a full list of changes, please refer to the release notes.

Update Procedure

To update to the latest version of InvenTree, please follow the updating instructions provided in the InvenTree documentation. Note that the particular update procedure may vary depending on your installation method.

Breaking Changes

While we strive to maintain backward compatibility, there are some breaking changes in this release. While many of these are minor, and should not affect most users, we recommend that you review the list of breaking changes to ensure that your installation will continue to function as expected after the update. Each breaking change is documented in detail at the links below:

Adjust API Endpoint Status Code Return Values

PR #11723 removes various API quirks and aligns the InvenTree API with REST conventions: some operations have been moved to the correct HTTP methods (e.g. GET → POST), HTTP status codes now follow standard conventions rather than custom values, and custom permissions on the notifications endpoint have been removed. Users with custom API integrations should review their code for reliance on the previous non-standard behavior.

Enforce Order “issued_by” Field as Read-Only

PR #11816 makes the issued_by field on BuildOrder (and related order models) read-only in the API; it is now automatically populated with the user who created the order and can no longer be manually overridden. Any integrations or scripts that previously wrote to this field will need to be updated.

Node.js Build Environment Upgraded to v24

PR #11893 upgrades the frontend build environment from Node.js 20 (which reached end-of-life on April 30, 2025) to Node.js 24. Developers building InvenTree from source must upgrade their local Node.js installation to v24 or later.

Report and Label Plugin Context Changes

PR #11941 fixes a long-standing bug where user information was unavailable in report and label generation contexts. As part of this fix, the signatures for custom report plugin methods (add_report_context(), add_label_context(), and report_callback()) have changed: they now receive an explicit user object instead of a request object (which was previously always None in background workers). Plugin developers must update their implementations accordingly.

Remove Remote Image Download Support

PR #11962 removes the remote_image field from the Part API endpoint, eliminating the ability to supply a remote URL to download a part image from an external source. This feature was removed due to security concerns around server-side outgoing requests; image uploads via other mechanisms (such as clipboard paste) remain supported.

Fix Resistor RKM Notation Parsing

PR #12065 corrects how RKM-style resistor values (e.g. 10R, 4R7) are parsed by ensuring the R delimiter is interpreted as ohms rather than being misread by the unit parser. Parts or parameters that previously relied on the incorrect parsing behavior may need to be reviewed.

Fix Meaning of SHIPPED Status in SalesOrderStatusGroups

PR #12107 corrects a misclassification of the SHIPPED sales order status: it has been moved from the COMPLETE group to the ACTIVE group in SalesOrderStatusGroups. Any external code or integrations that filter orders based on these status groups will need to be updated to reflect this corrected grouping.

Report Printing Permission Enforcement

PR #12142 tightens permissions for report and label printing: users must now have VIEW permission on the target model in order to print a report against it, and printing against disabled templates is blocked. Users or integrations that previously relied on printing without explicit view permissions may find certain print actions now return a permission error.

Security Fixes

A number of security vulnerabilities have been fixed in this release.

Django Security Update

PR #11907 bumps Django to the latest security release, addressing vulnerability GHSA-5h8x-9c6f-2j8m. All users are encouraged to update promptly to benefit from this patch.

Admin Interface Permission Restrictions

PR #12036 tightens Django admin permissions to align with the API’s own access controls. Scheduled tasks are now read-only in the admin panel and certain actions are restricted to superusers only, reducing the risk of unauthorized modification of critical system configuration through the admin interface.

Report Printing Permission Enforcement

PR #12142 enforces that users must hold VIEW permission on the target model in order to print a report or label against it, and prevents printing against disabled templates. This closes a path by which users could access model data indirectly through the report printing API without the appropriate permissions.

Switch Node.js Version Manager from n to nvm

PR #12140 replaces the n Node.js version manager with nvm (Node Version Manager) in the Docker build and CI environment. Using the officially maintained nvm toolchain reduces supply-chain risk compared to the third-party n package.

PDF Report Generation Security Hardening

PR #12160 hardens the WeasyPrint-based PDF report generator against two classes of attack. The file:// URI scheme is now fully disabled in report templates, preventing arbitrary server-side file reads, and SSRF protections have been added for remote URL lookups — with remote URL fetching disabled by default. Users whose report templates reference remote URLs will need to explicitly enable that capability via the new configuration setting.

API Permissions Fix

PR #12168 improves API security by reducing the scope of permissions required for certain API endpoints.

Security Advisories

The following security advisories have been published in relation to this release:

For more information, please refer to our security advisories page

New Features

Transfer Orders

PR #11281 introduces a new Transfer Order type for formalizing and tracking internal stock movements between locations. Users can create transfer orders with specific source and destination locations, allocate stock to line items, and complete the transfer to move inventory — providing a full audit trail for inter-location stock movements.

BOM Permission Ruleset

PR #11825 adds a dedicated permission ruleset for Bill of Materials management, allowing administrators to control which user groups can view, edit, or modify BOMs independently of other part permissions. Existing user permissions are preserved via a data migration.

BOM Row Expand

PR #11809 enables multi-level BOM expansion in the UI, letting users expand individual BOM rows to inspect nested subassemblies inline without switching away from the BOM view. A user-level setting controls whether subassembly expansion is shown by default.

BOM Compare

PR #11853 adds a BOM comparison tool accessible from the part detail view, allowing side-by-side comparison of two assemblies’ Bills of Materials. Comparisons can also be linked to directly via URL parameters.

Maximum Stock Level

PR #11914 adds a maximum stock level field to parts, complementing the existing minimum stock tracking to provide full min/max inventory management. A new “high stock” filter in the part table makes it easy to identify items that have exceeded their upper limit.

Attachment Image Thumbnails

PR #11961 improves attachment handling by detecting image attachments and displaying thumbnail previews in the attachment table. This release also adds a configurable maximum file upload size for administrators.

Sales Order Auto-Allocate

PR #12000 brings automatic stock allocation to sales orders, matching the existing behavior on build orders. Users can auto-allocate available stock to order line items with configurable sorting preferences (e.g. by expiry date or serial number), and can bulk-delete allocations through the UI and API.

Stock Item Creation Date

PR #12011 adds a creation_date field to the StockItem model, capturing when each stock item first entered the system. The field is exposed in the API (with filtering and ordering support) and displayed in the stock item table.

Hot Module Replacement for Plugins

PR #12060 enables Hot Module Replacement (HMR) and React Fast Refresh in the Vite development server for InvenTree plugins. Plugin developers can now see code changes reflected instantly without a full page reload, significantly speeding up the plugin development workflow.

Tags Support

PR #12077 introduces a comprehensive tagging system across InvenTree, covering parts, orders, companies, stock items, and more. Tags can be managed via the API and used to filter tables, providing a flexible way to categorize and locate items without changing the data model.

Saved Table Filter Sets

PR #12079 allows users to save named sets of table filters and reload them with a single click. This is particularly useful for frequently repeated filter configurations across tables and calendar views.

Calendar Month Scrolling

PR #12092 enables multi-month scrolling in calendar views, making it much easier to plan and schedule across extended time horizons. A configurable “calendar horizon” parameter allows the view to be set back to a single month if preferred.

Table Column Filters

PR #12103 exposes filter controls directly in table column headers, so users can add, edit, or remove filters without opening a separate filter panel. Active filters are also indicated visually on the relevant column headers.

Remember Last Used Print Template and Printer

PR #12146 persists the user’s last selected label template and printer plugin per model type, so the printing dialog reopens with the same settings as the previous session. This eliminates the need to reselect template and printer on every print action.

Hotkey Helper Modal

PR #12128 adds a hotkey registration system and a discoverable helper modal that lists all currently active keyboard shortcuts — including those registered by plugins and mounted components. The modal is accessible via the spotlight interface, making it easy for users to find and learn available shortcuts.

Calendar Event Tooltips

PR #11980 adds detailed tooltips to calendar event entries across purchase order and build calendar views. Hovering over an event now shows contextual information without requiring the user to navigate away from the calendar.

Line Number Natural Sort

PR #11885 fixes the sorting of line numbers on orders so they sort numerically (1, 2, 3, 10) rather than alphabetically (1, 10, 2, 3). This improves the readability of order line items and ensures a more intuitive ordering.

Bug Fixes

As always, we have provided a number of bug fixes with this release. Thanks to the many community members who have contributed to identifying and resolving these issues!

Contributing

InvenTree is an open source project, and we welcome contributions from the community. There are many ways to contribute to the project, including code contributions, translation efforts, documentation improvements, and financial support.

New Contributors

As always we would like to thank all of our contributors for their hard work and dedication to the InvenTree project. In particular, we would like to welcome the following new contributors who have made their first contributions in this release:

Code Contributions

Check out our GitHub page for a list of outstanding issues and feature requests. If you are a developer or want to become one, you can help to contribute to the project by submitting a pull request.

Translation

Our translation efforts continue to grow, with coverage increasing across a wide range of languages. We are grateful to all of our translators who have contributed to making InvenTree accessible to users around the world.

If you are interested in contributing to the translation efforts, please visit our Crowdin project and join the community of translators.

Documentation / Technical Writing

If you have experience with technical writing, you can help to improve the InvenTree documentation. We are always looking for help to improve the documentation and make it more accessible to new users.

Report Bugs

If you encounter a bug in InvenTree, please report it on our GitHub issues page. Please ensure that you provide as much information as possible to help us diagnose and fix the issue.

Financial Contributions

Sponsorships help to keep this project sustainable, and buys time for the core developers to commit to the project. A recurring or one off sponsorship is a great way to help InvenTree development to continue at full steam!

The work undertaken to keep InvenTree running is done by a very small group of core developers, who do so in their spare time (and are not sponsored by their employers to work on InvenTree). If you benefit from the InvenTree project, please consider contributing to maintain vibrant development of this software!

If you are using InvenTree in a commercial setting, please consider sponsoring the project to help support ongoing development and maintenance. Your support is greatly appreciated and helps to ensure that InvenTree remains a viable and sustainable project for years to come.

If your company benefits from InvenTree, please consider a one time sponsorship or a recurring sponsorship to help support the project.