Home/ News/ v5.5.0 — Stability wave + Japanese + 9-of-9 verified
Release Last stable 5.x 2026-05-28 ~6 min read

v5.5.0 — Eight user-reported fixes,
verified one by one in a real browser.

v5.3.0 closed six audit bundles. v5.5.0 closes eight individual bug reports that came back from real sessions — PDF takeoff worker, PDF document 403, JWT session reset, the CAD/BIM Data Explorer choking on RVT, the BIM Section Box, Walk mode, the /bim/federations 3D tab, and DWG load. Every fix sat in front of a Playwright probe before it shipped: 9 PASS, 0 FAIL. The Japanese locale finally crosses 98.5 % coverage (1,627 keys). Six dependabot upgrades cleared. And the news index gets a related-articles right-rail so reading one release leads to the next.

v5.5.0

The shape of this wave is different from v5.3.0. That release was six deep bundles — each one its own audit pass on a feature area. v5.5.0 is eight individual user-reported bugs, each fixed end-to-end and verified against a real browser before commit. It’s the version where the regressions that real users tripped on while exploring the platform between v5.3.0 and now have all closed. There’s also a deep Japanese-locale pass and a half-dozen dependabot merges riding along.

The eight fixes

PDF takeoff worker — the “Setting up fake worker failed” banner

The PWA service-worker glob pattern only captured .js, not .mjs, so the pdf.worker.min.mjs bundle never precached. Then the runtime CacheFirst rule blocked the fetch on first load. Two changes in vite.config.ts: globPatterns picks up .mjs, and runtime caching bypasses request.destination === 'worker'. PDF takeoff loads cleanly on cold cache now. Zero pdf/worker console errors in verification.

PDF document 403 — path-whitelist regression

The takeoff download endpoint guarded against path traversal by whitelisting ~/.openestimator — but the live installer persists data under ~/.openestimate, so downloads ate a 403 on the legitimate path. The whitelist now accepts both spellings plus the OE_DATA_DIR / DATA_DIR environment overrides. Verified: upload a 38 KB PDF, reload, fetch → byte-perfect 200.

JWT session reset — “sessions were dropping”

On dev installs the JWT secret was a process-random value — so every backend restart invalidated every issued token, kicking users back to /login with no signal that anything had changed. The secret now persists to ~/.openestimate/.jwt-secret (with legacy ~/.openestimator/.jwt-secret fallback). Restart the backend, your session survives. Explicit production secrets via the JWT_SECRET env var still take priority.

CAD/BIM Data Explorer RVT — the v17/v18 CLI break

The CAD-to-Excel pipeline still passed v17-style positional args (out.xlsx standard -no-collada) to a DDC cad2data v18 binary that takes named flags (-x out.xlsx --no-dae -m standard). RVT uploads died with exit 15. Routed through a new build_ddc_args() helper with capability detection, so both v17 and v18 binaries are spoken to in their own dialect. Real 18.9 MB RVT → HTTP 200 on verification.

BIM Section Box + Walk mode — on-demand rendering

Both worked logically but didn’t paint. The Three.js scene uses on-demand rendering with a dirty flag; SectionBox and WalkMode mutated the scene without telling it to re-render. Added onChange callbacks fired from enable() / disable() / setBoundsToBox() on the section box and tick() on the walk loop, wired both to scene.requestRender(). Now the clipping plane and the first-person camera both visibly respond to user input.

/bim/federations 3D — replaced the broken viewer

The embedded FederatedViewer tab was throwing “Geometry fetch failed” toasts because federations were assembling viewers for member models whose geometry hadn’t processed yet. v5.5.0 drops the in-page viewer and replaces it with a list of member-model rows, each with a HEAD geometry probe. Available members deep-link to /bim/:modelId — the single-model viewer that already works. Missing-geometry rows are greyed and not clickable. No more dead 3D tab.

DWG load — same v17/v18 CLI break, takeoff path

The DWG takeoff endpoint hit the same v17/v18 fork as the CAD Explorer and degraded silently with a misleading “please upload DXF” copy. Routed through build_ddc_args(), added the user’s converter install directory to discovery, and replaced the error copy with a pointer to the /dwg-takeoff install pill plus the GitHub fallback. Sample DWG upload now returns HTTP 201 end-to-end.

Japanese locale — 1,627 keys, 98.5 % coverage

The JA backlog from issue #245 was the largest single locale-translation push the project has run: 1,627 keys translated with construction-industry terminology (積算, 単価, 明細, 工事, 物件). Coverage moves from a partial state to 98.5 %. RU / DE / FR / ES verified sidebar by sidebar during the same audit. Per-locale screenshots checked into docs/qa/verification-2026-05-28/.

Verified one by one

Every fix went through a sequential Playwright/Chromium probe against 127.0.0.1:8001 with a freshly built frontend/dist — one item, one before-and-after pair of screenshots, one decision. Sequential, not parallel: the local SQLite backend can’t survive concurrent audits. Tally: 9 PASS / 0 FAIL. 22 before/after screenshots, spec.mjs and results.json live alongside the report under docs/qa/verification-2026-05-28/. Two non-blocking follow-ups noted: a data-testid on the BIM Section Box “Fit to all” button and the federations 3D rows would make future assertive probes easier, and the JWT default-secret-on-first-boot → persist → second-boot-reads-file cycle deserves a unit test in backend/tests/unit/.

The other half — PRs, dependencies, news widget

Six contributor pull requests landed via cherry-pick + squash review after a malicious-code audit: Dependabot upgrades for FastAPI, uvicorn, pydantic, the dnd-kit family, and a docs typo fix from community contributors. PR #161 was deliberately skipped — it touched the money-decimal layer in a way that conflicted with the multi-currency audit in the v5.4.x line and would have been a net regression. PR #164 from @Mourdi59 remained intact from v5.3.0.

Every news article (this one included) gets a right-rail “Related articles” widget rendered by marketing-site/news/assets/related-articles.js. Vanilla JS, ~470 lines, pulls neighbouring news cards from news.html at runtime and pins them in a sticky sidebar so readers can hop from one release announcement to the next without bouncing back to the index. Layout is a desktop-only right rail; below the viewport breakpoint it inlines at the bottom of the article.

Why this is the last stable 5.x

The 5.x line wraps up here. The release-every-two-days cadence of the v5.2 / v5.3 series carried it through the deep-coordination initiative, the Geo Hub redesign, Brazil Tier-1, and the WCAG-AA pass. v5.5.0 is the bookend: nothing speculative landed, every change was a closed user report or a verified contributor PR, and CI ships the wheel under Trusted Publishing without manual twine. The 6.x line will open the multi-tenant RLS, Yjs collaboration on BOQ, and marketplace v1 work that’s been deferred while the stability surface was audited.

Upgrade

pip install --upgrade openconstructionerp

No Alembic migration in this release — head stays at v3144 (the v3145 demo-address backfill drafted during the wave was deferred to the 6.x line). 116 modules. Frontend ships the PWA glob-pattern fix, the Section Box / Walk on-demand wiring, the new federations list, the JA locale completion, and the news right-rail widget. Backend ships the JWT-secret persistence, the path-whitelist regression fix, and the build_ddc_args() helper that closes the v17/v18 CAD-CLI fork. The wheel is built from tag v5.5.0 (commit 7068f316) by GitHub Trusted Publishing.

Try v5.5.0 today.

Live demo in your browser, or self-host in five minutes. AGPL-3.0, no signup required.

Try the demo View on GitHub