This is a release that comes with a lot of important changes. We're preparing for NexoPOS 7 and the set of modules/apps that will be released around it. We're also preparing a new platform (my.nexopos.com) that should align with our new requirements.

Let's get back to this release and the changes.

Changelog:

• Updated: fillable support to Crud component via Models. (Some crud was exposing sensitive attributes)
• Updated: notification center width
• Fixed: min/max rules for form-validation.ts
• Updated: branding and core update notification
• Updated: added one-line options for generating module + AI instruction update ef927
• Updated: Migrating Author Attribute (was previously "author", not it's "author_id")
• Updated: tax refactoring. net_price and gross_price as replacements for: "price_without_tax" and "price_with_tax".
• Updated: wrong subtotal after order modification
• Fixed: migration revert must start with the most recent to the oldest
• Fixed: securing Crud endpoint fix #2538
• Fixed: security concern reported
• Fixed: Unauthenticated Migration Execution + Systemic Missing Permission Checks on API Routes #2541

We're thankful for all our new contributors. Special shout out to @lighthousekeeper1212, despite the PR appeared created from AI.

Full Changelog: v6.1.1...v6.1.2

This update comes with an important fix for the upcoming multistore module update. If you plan to use the multistore module v6.1.0, you might need to update your NexoPOS version to v6.1.1.

What's Changed

• composer(deps): bump psy/psysh from 0.12.10 to 0.12.19 by @dependabot[bot] in #2511
• composer(deps): bump symfony/process from 7.4.3 to 7.4.5 by @dependabot[bot] in #2508
• composer(deps): bump phpunit/phpunit from 11.5.33 to 11.5.50 by @dependabot[bot] in #2507
• npm(deps): bump @dicebear/avataaars from 9.3.0 to 9.3.1 by @dependabot[bot] in #2505
• composer(deps): bump predis/predis from 3.2.0 to 3.3.0 by @dependabot[bot] in #2476
• npm(deps): bump @ckeditor/ckeditor5-vue from 5.1.0 to 7.3.1 by @dependabot[bot] in #2522
• composer(deps): bump gumlet/php-image-resize from 2.1.0 to 2.1.3 by @dependabot[bot] in #2494
• composer(deps-dev): bump laravel/pint from 1.24.0 to 1.27.0 by @dependabot[bot] in #2495
• composer(deps-dev): bump spatie/laravel-ignition from 2.9.1 to 2.10.0 by @dependabot[bot] in #2497
• composer(deps): bump phpoffice/phpspreadsheet from 3.10.0 to 5.4.0 by @dependabot[bot] in #2499
• composer(deps): bump laravel/tinker from 2.10.1 to 2.11.0 by @dependabot[bot] in #2501
• npm(deps-dev): bump laravel-vite-plugin from 2.0.1 to 2.1.0 by @dependabot[bot] in #2502
• npm(deps-dev): bump sass from 1.94.2 to 1.97.3 by @dependabot[bot] in #2504
• npm(deps): bump vue from 3.5.21 to 3.5.28 by @dependabot[bot] in #2517
• npm(deps): bump @dicebear/avataaars from 9.3.1 to 9.3.2 by @dependabot[bot] in #2518
• npm(deps-dev): bump @tailwindcss/vite from 4.1.16 to 4.2.1 by @dependabot[bot] in #2519

Full Changelog: v6.1.0...v6.1.1

We're proud to release NexoPOS 6.1.0 that comes with new features and bug fixes. This is the first minor release of 2026 that aligns with the roadmap we've introduced to you.

This version brings new features and fixes we'll outline now.

Scale Barcode Support #2470

NexoPOS now supports scale barcode parsing with a comprehensive PLU (Price Lookup) system for electronic weighing scales that encode product code and weight/price in EAN-13 format.

Before using the feature, head to Settings > POS > Feature and enable it:

Once enabled, a new tab will appear on the POS settings (Scale Barcode). From there, you can configure how NexoPOS will parse the generated barcode.

Category & Product Reordering #2474

One suggestion you've made is to allow users to reorder categories. We've made that possible for both products and categories.

You can start reordering categories from the categories page. And you can reorder each category's products.

While this feature is disabled by default, you can enable it by accessing the POS > Features settings.

Fair enough, this will allow you to bring to the cashier's sight the most sold products.

Sticky Products

Along with the product reorder, we've added a way to stick products at the top of the product grid. This feature is also disabled by default and must be enabled on the POS > Features settings.

Once the feature is enabled, you can head to any product and edit it.

You might use our "Bulk Editor" to bulk pin your products.

Low Stock Suggestion #2472

To speed up the purchase process, we've added a purchase suggestion. This is an interactive notification that will suggest you to load products that are running out of inventory.

Other Changes:

• fix: Change scale range columns from string to integer for proper num
• Fix: ThrottleMiddleware Compatibility
• npm(deps-dev): bump tar from 7.4.3 to 7.5.3 by @dependabot[bot] in #2475
• composer(deps): bump paragonie/sodium_compat from 2.1.0 to 2.5.0 by @dependabot[bot] in #2469
• npm(deps-dev): bump sass from 1.92.1 to 1.94.2 by @dependabot[bot] in #2462
• npm(deps): bump mathjs from 14.7.0 to 15.1.0 by @dependabot[bot] in #2461
• Revise NexoPOS project description for clarity by @Blair2004 in #2446
• composer(deps): bump laravel/reverb from 1.5.1 to 1.6.0 by @dependabot[bot] in #2436
• composer(deps): bump symfony/http-client from 7.3.2 to 7.3.4 by @dependabot[bot] in #2443
• composer(deps): bump nikic/php-parser from 5.6.1 to 5.6.2 by @dependabot[bot] in #2453
• npm(deps): bump chart.js from 4.5.0 to 4.5.1 by @dependabot[bot] in #2448
• Add scale barcode support with PLU system for weighing scales (v6.1.0) by @Copilot in #2470
• Add low stock product suggestions for procurement workflow by @Copilot in #2472
• Add drag-and-drop reordering and pinned products for POS by @Copilot in #2474
• npm(deps): bump lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in #2493
• npm(deps-dev): bump tar from 7.5.3 to 7.5.6 by @dependabot[bot] in #2491
• composer(deps): bump laravel/reverb from 1.6.0 to 1.7.0 by @dependabot[bot] in #2490
• npm(deps-dev): bump vite from 7.1.12 to 7.3.1 by @dependabot[bot] in #2489
• npm(deps): bump @dicebear/avataaars from 9.2.4 to 9.3.0 by @dependabot[bot] in #2488
• npm(deps): bump vue-chartjs from 5.3.2 to 5.3.3 by @dependabot[bot] in #2487
• npm(deps): bump @wordpress/hooks from 4.36.0 to 4.38.0 by @dependabot[bot] in #2486
• composer(deps): bump brick/math from 0.12.3 to 0.14.1 by @dependabot[bot] in #2485
• npm(deps-dev): bump @tailwindcss/postcss from 4.1.13 to 4.1.18 by @dependabot[bot] in #2482
• composer(deps): bump picqer/php-barcode-generator from 3.2.3 to 3.2.4 by @dependabot[bot] in #2481
• npm(deps-dev): bump laravel-echo from 2.2.0 to 2.3.0 by @dependabot[bot] in #2480
• composer(deps): bump laravel/telescope from 5.11.1 to 5.16.1 by @dependabot[bot] in #2484
• composer(deps): bump laravel/sanctum from 4.2.0 to 4.2.3 by @dependabot[bot] in #2483
• composer(deps): bump nikic/php-parser from 5.6.2 to 5.7.0 by @dependabot[bot] in #2479
• WIP by @Blair2004 in #2506

New Contributors

• @Copilot made their first contribution in #2470

Full Changelog: v6.0.9...v6.1.0

This version introduces a minor update to the Action Permission feature, which was implemented in version 6.

As a reminder, the Action Permission allows you to grant access to sensitive actions by using our Authorization mobile app, which we've created.

So, the issue was that the verification of the authorization was always forced. We've added a way to make it optional.

Changelog:

• Fixed: Adding a toggle feature to the Action Permission.

Urgent Security Update Available:

We have released a critical security update for your NexoPOS. We urge all users, especially those running self-hosted environments, to update immediately to protect their data and maintain application stability.

v6.0.7 and - Security & Stability Patch

This urgent release addresses two critical security vulnerabilities related to the application's initial setup process. These vulnerabilities could potentially cause a Denial of Service (DoS) or unauthorized configuration changes.

Key Fixes in This Update: Critical Access Control Fix: We have restricted access to the Setup API endpoints (/api/setup/database) after installation. This prevents unauthorized, unauthenticated users from interacting with these internal configuration tools. **

Security Hardening of Configuration: We have patched a critical vulnerability that allowed for the injection of arbitrary values into the application's configuration file (.env) via the setup process, which could have exposed sensitive credentials or led to a complete database connection break (DoS).

Action Required:

Please update your NexoPOS module to the latest version as soon as possible to ensure your environment is fully protected.

Thank you for taking the time to look into this matter. Your security is our top priority.

Full Changelog: v6.0.7...v6.0.8

This update comes with few changes that aim to improve the compatibility with NexoPOS for Windows.

Changelog:

• New Symlink options
• Module Trigger when App Installed

Changelog:

We're doing a minor update to improve the compatibility with NexoPOS for Windows that is currently cooked. We've also approved a few Pull requests and made some slight changes to the core.

What's Changed

• npm(deps): bump @babel/runtime and @wordpress/hooks by @dependabot[bot] in #2460
• V6.0.x by @Blair2004 in #2463
• Add Indonesian language by @huiralb in #2450

New Contributors

• @huiralb made their first contribution in #2450

Full Changelog: v6.0.5...v6.0.6

This minor update fixes issues reported by @ayoub-hs. We've also changed the way NexoPOS was tested through CI/CD. Here is a full breakdown.

Changelog:

• Fix: Unhandled accounting misconfiguration #2430
• Fix: unit test with missing module directory
• Fix: no validation error for invalid on the quick products #2429
• Fixed: Component Visual Sizes
• Updating instructions

What's Changed

• Fixed: deprecated usage of the library SnackBar.
• Added: new guides for AI training

• V6.0.x by @Blair2004 in #2425

Full Changelog: v6.0.3...v6.0.4

What's Changed

• V6.0.x by @Blair2004 in #2423

Full Changelog: v6.0.2...v6.0.3