ContextQMD
Back to Abp

ABP Version 10.3 Migration Guide

docs/en/release-info/migration-guides/abp-10-3.md

10.3.03.4 KB
Original Source
json
//[doc-seo]
{
    "Description": "Upgrade your ABP solutions from v10.2 to v10.3 with this migration guide covering important behavior and integration changes."
}

ABP Version 10.3 Migration Guide

This document is a guide for upgrading ABP v10.2 solutions to ABP v10.3. There are no explicitly marked breaking changes in this release scope, but there are some important changes that may require action in specific application scenarios.

Package Version Changes: Before upgrading, review the Package Version Changes document to see version changes on dependent NuGet packages and align your project with ABP's internal package versions.

Open-Source (Framework)

This version contains the following changes on the open-source side:

PermissionIntegrationController.IsGrantedAsync switched to HttpPost

Who is affected

  • Applications that call the permission integration endpoint directly (custom HTTP clients, custom JS, custom integrations).

What changed

  • PermissionIntegrationController.IsGrantedAsync is now HttpPost instead of HttpGet to avoid URL-length limitations for large permission/user payloads.

What to do

  • Update custom clients/integrations to send a POST request with payload in the request body.
  • If you rely on generated ABP clients, regenerate/update client proxies after upgrading.

See #25177 for details.

IEntityCache interface updates for batch dictionary APIs

Who is affected

  • Applications with custom IEntityCache implementations/derivations or custom abstractions built on top of IEntityCache.

What changed

  • New batch methods were added (FindManyAsync / GetManyAsync, and dictionary variants).
  • IEntityCache<TEntityCacheItem, TKey> no longer uses contravariant in on TKey.
  • TKey now has a notnull constraint to support dictionary-based APIs.

What to do

  • Update custom interfaces and implementations to match the latest IEntityCache signature and generic constraints.
  • Rebuild solution and fix compile-time variance/constraint issues in custom cache abstractions.

See #25088 and #25090 for details.

Pro

There are no explicitly marked breaking changes on the PRO side in this release scope. However, check the following if they apply to your application.

Account Pro and Identity Pro security behavior updates

Who is affected

  • Applications using the Account Pro and Identity Pro modules for password reset/change and profile picture upload flows.

What changed

  • Session revocation behavior was tightened after sensitive credential operations.
  • Profile picture upload now enforces extension/size/magic-bytes validation by default.
  • Forgot-password CAPTCHA and account-manage rate limiting capabilities were extended.

What to do

In most cases, no action is required on your part. However, please review the following considerations:

  • Re-test your sign-in, password reset, and password change flows, especially if you have session continuity expectations.
  • If your application needs additional image types/sizes, configure AbpProfilePictureOptions explicitly.
  • Review account security settings (UseCaptchaOnForgotPassword and related rate-limit options) and adjust them to your UX/security requirements.