v6.0.0 — 22 September 2025

Type: Major release
Breaking changes: Yes (see below)

v6.0.0 is the biggest architectural release since StockFlow launched. The entire front-end has been rebuilt on Next.js 14 App Router, the database layer has been migrated to a new schema with performance improvements across the board, and a number of long-requested features are now available.

Breaking changes

Legacy CSV import v1 format deprecated

The original bulk import format (pre-v5.0.0) is deprecated and will be removed in v7.0.0. The current format (introduced in v5.0.0) remains unchanged. A deprecation warning will appear if the old format is detected.

POST /v0/* API endpoints deprecated

All v0 API endpoints are deprecated and will be removed in v7.0.0. Migrate to v1 endpoints. See the API migration guide.

Webhook payload changes

The stock.adjusted webhook now includes the adjusted_by_user_id field (previously missing). This is a non-breaking addition but document it in your webhook consumers.

Password-based API authentication deprecated

Using username:password as Basic Auth on API calls is deprecated. Use API key Bearer tokens instead. Will be removed in v8.0.0.

New features

New UI — complete redesign

StockFlow’s entire interface has been redesigned with:

  • Responsive layout — works well on 1280px through 4K displays
  • Persistent sidebar with collapsible sections and keyboard shortcuts
  • Command palette — press Cmd/Ctrl + K to search anything and jump anywhere
  • Improved tables — sortable, resizable, and with column visibility controls on every table
  • Dark mode — toggle in your profile settings or follows system preference
  • Redesigned forms — better validation, clearer error messages, auto-save on long forms

Single Sign-On (SSO) — Enterprise

Enterprise customers can now enforce SSO via SAML 2.0.

Supported identity providers:

  • Okta
  • Microsoft Entra ID (Azure AD)
  • Google Workspace
  • OneLogin
  • Any SAML 2.0-compatible IdP

Configure in Settings → Security → SSO. When enforced, local password login is disabled for all users. Existing user records are matched to SSO identities by email address.

Full audit logging

Every change to every record is now logged in an immutable audit trail:

  • Who changed it
  • When
  • What the old value was
  • What the new value is
  • The IP address of the user’s session

Access audit logs per-record (the History tab on any product, client, or order) or account-wide at Settings → Audit Log.

Audit logs are retained for 1 year (Starter/Growth) or unlimited (Enterprise).

Multi-factor authentication enforcement

Admins can now enforce MFA for all users at the account level:

  1. Settings → Security → Require MFA
  2. Set a grace period (1–30 days)
  3. Users without MFA enabled are blocked after the grace period

Supported MFA methods: TOTP authenticator app, SMS (where available), hardware security key (WebAuthn — YubiKey, Touch ID, Face ID).

Performance improvements

AreaImprovement
Inventory table (50k+ SKUs)4× faster initial load
Movement log export (100k rows)10× faster (now streamed)
Goods List searchResponse time reduced from ~800ms to ~80ms
Report generationBackground jobs — no more timeouts for large reports
API GET /v1/productsAdded cursor-based pagination; 5× faster for large catalogues

Improvements

  • Keyboard shortcuts — see the full list by pressing ? in the app
  • Notification preferences — granular per-type, per-channel configuration (previously all-or-nothing)
  • Print invoices — invoice print layout improved for A4 and US Letter
  • Product images — images are now served from a CDN with automatic compression (no more slow-loading product pages)
  • WooCommerce integration — now supports WooCommerce 8.x

Bug fixes

  • 47 bug fixes in total — see the full changelog for the complete list
  • Key fixes: QuickBooks sync for accounts using class tracking; barcode generation for products with special characters in the name; email delivery for accounts using custom domains on certain email providers
v6.1.0v5.4.0