Studio Pro

Use microflow and nanoflow Return Values on pages and snippets

You can now use return values from your microflows and nanoflows directly on your pages and snippets, opening new possibilities for updating page state based on logic. When your flow returns a value, you can map it to variables or context attributes, eliminating the need for workarounds like using non-persistent entities or passing whole objects. If the return value is an object, you can use expressions to map different parts to multiple variables or attributes. This is particularly useful for scenarios like updating conditional visibility states, setting filter variables after calculations, or dynamically changing form behavior based on validation results, all without the overhead of temporary entities.

Opening links in new tabs: A new usability enhancement

In many web applications, the ability to open links in a new browser tab or copy them for later use is a standard and convenient feature. However, implementing this behavior in single-page applications like Mendix has traditionally been challenging.

We’re excited to introduce a new capability that makes this possible. You can now open pages included in your application’s navigation in a new tab or copy a link for future access. When the target page has a page URL configured, the rendered link will reflect that URL, enabling standard browser actions like opening in a new tab.

The best part? All you need to do is set a page URL—we handle the rest.

Future-proof native mobile apps with React Native’s new architecture

Mobile technology evolves at lightning speed. Operating systems and devices are constantly updated, and apps that fail to keep pace risk becoming outdated, irrelevant, or even non-functional. Unlike web-based Mendix apps, native mobile apps require more frequent updates—at least once a year—to ensure compatibility and remain supported. Falling behind can mean broken experiences for your users and costly redevelopment later.

With this release, we’re taking a major step toward future compatibility by adopting React Native’s new architecture. This fundamental change ensures long-term support and brings significant performance improvements to your apps. By aligning with the latest standards, we’re setting you up for success in an ever-changing mobile landscape.

Here is what you need to consider

• Upgrade Path: Updating to this or a later version requires a new build of your app.
• Custom Modules: If you use custom React Native modules, verify they support the new architecture or find alternatives, as unsupported modules will no longer work.
• Widgets and JavaScript Actions: Most custom widgets or JavaScript actions will continue to work without changes, but we recommend testing them to ensure compatibility.

Want to dive deeper? Learn more about the new architecture here.

Prevent data loss with Optimistic Locking public beta

In multi-user environments, concurrent updates to the same data can lead to data loss if not managed correctly. Until now, Mendix processed changes in sequence, meaning the last commit always won—potentially overwriting earlier changes without warning.
With Mendix 11.5, we’re introducing Optimistic Locking, a smarter way to safeguard your data. This feature assumes conflicts are rare and checks for them only at commit time. If another user has modified the object since you last read it, the commit will fail, letting the developer handle the conflict and ensure that the data stays consistent.

Under the hood, Mendix adds a system attribute MxObjectVersion to all entities. Each commit compares this version with the database. If they differ, the update is blocked, signaling a ConcurrentModificationRuntimeException error.

You can enable Optimistic Locking from the Runtime tab in your application settings. This feature is currently available in public beta, so please avoid using it in production environments.

For full details and implementation guidance, please refer to our documentation.

History Pane beta: Date Filter

Remember the public beta for the non-blocking, searchable history pane which we announced last month? With the 11.5 release, we’ve added a date filter to quickly find the commits you’re looking for, in addition to the document filter and free-text search.

We’re still looking forward to your feedback, so go ahead and enable the new history pane in the New Features preferences now!

OpenType parameters for external actions

As our effort to improve the Consumed OData Service continues, we’re thrilled to announce support for OpenType input parameters for external actions. This means you can specify additional attributes on top of what’s already defined in the domain model based on your OData metadata. Along with the optional parameter support that we introduced last month, this brings even greater flexibility, allowing you to work with flexible and schema-less data structures as defined in your OData metadata. This means you can now handle a wider variety of OData contracts and integrations.

Usability improvement: Segregated view in the Integration Pane

To further enhance the developer experience in your integration workflows, we’ve introduced a small usability improvement to the Integration Pane. You’ll now find a segregated view of contracts, with contracts available in the Catalog shown separately from those you’ve already imported. This enables you to have a cleaner overview of what integrations and contracts you use in your app. On top of that, this means you can now limit your search specifically to your imported contracts, rather than sifting through the entire Catalog each time you’re searching for an entity or action. This should help speed up your integration workflow.

Smart and agentic apps

DIY: GenAI resource provisioning

Until now, accessing GenAI resource packs required contacting Mendix. That’s changed. Mendix admins can now provision text generation, embeddings, and knowledge base resources directly through Control Center using Cloud tokens: all self-service. Choose from small, medium, and large plan sizes across leading models including Anthropic Claude Sonnet (v3 and v4) and Cohere Embed. And in case you’d want to scale down, simply schedule resource deprovisioning for the end of your subscription month in Control Center, too.

For non-Mendix admins or organizations needing custom configurations, our sales and customer success teams remain available to assist.

Bienvenue Mistral connector!

With Mistral AI’s API, large language models trained in France are joining our set of platform-supported generative AI providers. Since Mistral’s API works just like OpenAI’s, we’ve reused the solid foundation from our OpenAI Connector and added a custom UI tailored to Mistral. Right now, you can use it for text generation with the Chat Completions API and embeddings with the Embeddings API – all you need for building conversational features or conduct semantic search. Check out the connector in Marketplace.

See inside your AI: Observability for LLM Traces

We have added LLM trace observability to the Conversational UI module, giving you full visibility into your AI’s actions. For both single LLM calls as well as agents built with Agent Commons you now have the tools to comprehend API calls, tool calls and knowledge retrievals.

Once trace storage is enabled, you can explore your data through an intuitive overview page featuring a daily invocation diagram, key metrics like error counts, and flexible filters to find what you need. Drill into any trace to see a graphical breakdown of its spans; click on individual spans to investigate further and understand exactly what happened.

With this new feature you can now understand what’s happening under the hood and spot issues quickly, uncover usage patterns, identify cost drivers, and debug performance bottlenecks. Want to try it out but not implement it yet? There is a new section labeled Traces in our GenAI showcase app. Configure a connection to one of the GenAI providers, make sure to invoke a large language model at least once and you are ready to go!

Governance

Upcoming Deprecations: IAM Features

To simplify the Mendix platform, we are announcing the upcoming deprecation of two Identity and Access Management (IAM) features.

First, password-based access to TeamServer/SVN will be retired. The legacy endpoint that relies on Mendix credentials will no longer be supported. Instead, authentication should be performed using Personal Access Tokens (PATs) via the PAT-based endpoint: https://svn.home.mendix.com/<your AppID>/. This change reflects our commitment to stronger security and modern best practices. The deprecation is effective as of Q4 2025, with full retirement scheduled for March 31, 2026.

Second, the custom password expiry policy will be removed. This means you will no longer be able to configure custom validity periods or disable password expiry. Going forward, the platform will enforce a default 90-day password expiry. For organizations seeking greater flexibility, we recommend enabling Single Sign-On (SSO) or Bring Your Own Identity Provider (BYO-IdP), which allows full control over password policies through your identity provider. This feature will follow the same timeline: announced in Q4 2025 and sunset on March 31, 2026.

What you need to do:

• Switch to PAT-based authentication for TeamServer/SVN.
• Review your password policy and consider enabling platform SSO/BYO-IdP for greater control.

Mendix is also sending more detailed deprecation emails to Mendix Administrators

OIDC SSO Module – Easier upgrades, better security

We’ve rolled out an update to the OIDC SSO module, and it’s packed with improvements that make upgrading easier and enhance security.

• Simpler upgrades: Upgrading to newer versions will be more straightforward. We’ve reorganized the startup logic so you can move to newer versions without unnecessary steps or surprises. If you’re coming from a version earlier than v3.0.0, we’ve introduced a dedicated migration flow. This makes transitioning to the latest release clear and hassle-free.
• Stronger security: Compliance and security are top priorities. This update adds token encryption support, ensuring your tokens are protected to meet compliance standards.  We’ve refined how admin access works for persisted tokens, making it more precise and secure. The nonce implementation has been improved for better reliability.

This release focuses on ease of use, security, and smooth upgrades, so you can spend less time on maintenance and more time building great experiences.

SAML SSO – Easier upgrades, horizontal scaling

We’ve rolled out an update to the SAML SSO module, and it’s packed with improvements that make upgrading easier and enhance security.

• Simpler upgrades: We’ve introduced a constant that allows you as a developer to configure the name of your custom microflow that automates SAML configurations. This will make upgrading to newer versions more straightforward.
• Horizontal scaling: If you are building an app with high volumes of concurrent users, you will benefit from the capability to use SAML for SSO even when you deploy your apps on multiple instances.

Forgot my password – horizontal scaling

If you are building an app with high volumes of concurrent users, you will benefit from the capability to use the Forgot my password module for password resets even when you deploy your apps on multiple instances.

Mendix Cloud

“You shall not pass!”

We offer multiple options to restrict access to your applications deployed on Mendix Cloud. You can apply fine-grained access control to your application using access restriction profiles based on IP ranges and/or client certificates. In these profiles, you can configure who gets access to what path of your application, blocking any other requests.

We have now added a new feature for restricting access to your application: IP access restrictions. With IP restriction profiles, you can block specific IP addresses and IP ranges from accessing your application, allowing access from any other IP address. Blocking access is always done for your complete application.
This feature comes in handy when you want to block access from a specific IP address, because it is making unwanted requests. As applications on Mendix Cloud are accessible from the public internet by default, they’re often getting scanned by bad actors trying to find vulnerabilities in the applications, using standard scripts.

These scripts are not malicious by themselves, and won’t lead to the finding of vulnerabilities, but they can still lead to unwanted log messages. If this happens in your application, you can use the access logs of your application to find the source IP address and block access to your application from that IP address using an IP access restriction!

You can even combine the access restriction profiles and IP restriction profiles, using the first to grant access to your application from a specific IP range and the latter to block specific IP addresses within the allowed IP range.

このアプリケーション環境はプロダクションと呼ばれます

You can now use non-Latin Characters, such Japanese, Korean or Chinese, in the names of your environments on Mendix Cloud. We have separated the display name from the subdomain name. The first is shown in our platform, while the latter is appended to your subdomain to create a full mendixcloud.com URL.

Mendix on Azure now generally available

Deploy Mendix applications on Microsoft Azure in less than 30 minutes

Mendix on Azure is a managed service that simplifies deploying and managing Mendix applications directly in your private Azure subscription. It cuts deployment time to just 30 minutes without requiring deep cloud expertise, automating complex infrastructure setup and quarterly updates to reduce operational costs while boosting security and compliance.

Unique to Mendix on Azure is the ability to enable direct, secure read-only access to the app database via a PostgreSQL read replica, allowing customers to query app data without impacting performance. Additionally, organizations can host applications fully privately with private networking, ensuring sensitive data stays within their security perimeter while tightly integrating with existing Azure environments and legacy systems.

To experience Mendix on Azure and start building mission-critical apps faster, users can deploy it easily from the Azure Marketplace or the Mendix on Azure portal with step-by-step guidance. Try it today here: https://mendixonazure.mendix.com

Mendix Portal

Project Categorization: Bring clarity to your Project Portfolio

Your projects can now be organized in your way. With Project Categorization, company admins can define custom categories such as department, cost center, or team ownership to keep the project portfolio structured and easy to navigate. Project admins can then assign these categories directly in Project Settings, making it simpler to filter, manage, and scale your project landscape.

This update strengthens governance, simplifies compliance workflows, and gives developers a cleaner, more intuitive environment to work in.
Put Project Categorization to work and bring instant clarity and structure to your entire project landscape.

Feedback Grouping: Keep your inbox organized and actionable

Managing user feedback just got a whole lot easier. With Feedback Grouping in App Insights, you can now organize your feedback exactly the way you want.
Whether you’re grouping by feature area, priority, or release milestone, this update gives you full control over how feedback is structured, making it simpler to turn insights into action.

Here’s what you can do with this new capability:

• Create custom groups to cluster related feedback items.
• Add or move feedback between groups for easier triage and prioritization.
• Maintain a clear, actionable overview of your feedback inbox.

Manual Feedback Grouping helps teams stay organized and focused, ensuring nothing slips through the cracks as feedback volumes grow.

Marketplace: Automated vulnerability handling for submissions

In our last update, we introduced automated security checks for Marketplace submissions.

We’ve now automated how high and critical vulnerabilities are handled. When QSM detects such issues in a submitted component, it is automatically declined. The submitter receives a notification with a link to the issue report, where they can review the findings, fix the problems, and resubmit. Once no vulnerabilities are detected, the component is published automatically.

Compass: Personalized action points

We’ve added two features to help you focus on what matters:

• My Action Points: See tasks assigned to you. Pick up where you left off without searching.
• Recommended for You: Get smart suggestions for your next steps based on where you are in your journey across all 5Ps.

The result? Your priorities and opportunities, front and center when you log in.

We’ve also refreshed the Compass landing page, to give better clarity on what Compass does and how it helps you build a successful Digital Execution Practice.

Are you ready to start your next app?

• Download Mendix Studio Pro.
• Take a closer look at all the features, improvements, fixes, and more in the Mendix 11.5 release notes.
• Don’t want to miss future updates? Subscribe to our blog to catch the latest news