|
| 1 | +--- |
| 2 | +author: meshcloud |
| 3 | +title: Release 2025.52.0 |
| 4 | +--- |
| 5 | + |
| 6 | +Release period: 2025-11-26 to 2025-12-03 |
| 7 | + |
| 8 | +This release includes the following issues: |
| 9 | +* Security Hardening - Pin Panel Dependencies to Stable Versions |
| 10 | +* Fixed Building Block Run API Documentation |
| 11 | +* Fix Workload Identity Federation Input Generation in Building Block Definitions |
| 12 | +* Enhanced Author Information in meshEventLog API |
| 13 | +* Improved User Experience When Creating Tenants With Landing Zones |
| 14 | +* Improved Building Block Input Change Detection |
| 15 | +* Add workspaceIdentifier Query Parameter for Event Logs API |
| 16 | +* Fixed AWS Landing Zone Detection for Control Tower Enrollment |
| 17 | +* meshUser API Now Exposes UUID |
| 18 | +* Remove Legacy Config-Based Message of the Day Configuration |
| 19 | +* Event Logs for Policies |
| 20 | +* Event Log API Supports Title Exclusion for Efficient Filtering |
| 21 | +* Improved Building Block Definition Form Order |
| 22 | +* Improved Event Log Author Information in Admin Area |
| 23 | +* New meshIntegration API for Integration Management |
| 24 | +* Improved Unmanaged Tenant Import Stability |
| 25 | +* Event Logs for API Users |
| 26 | +<!--truncate--> |
| 27 | + |
| 28 | +## Ticket Details |
| 29 | +### Security Hardening - Pin Panel Dependencies to Stable Versions |
| 30 | +**Audience:** User<br> |
| 31 | + |
| 32 | +#### Description |
| 33 | +We have proactively pinned all Angular panel dependencies to stable versions that are older than 4 months as a preventive |
| 34 | +measure against the Shai Hulud 2.0 worm. Based on current information, the library versions we used previously were not |
| 35 | +known to be affected by this vulnerability. Additionally, our backend already uses fixed dependency versions, and we have |
| 36 | +secured our CI/CD pipelines following all recommended security measures to protect against this threat. |
| 37 | + |
| 38 | +#### How to use |
| 39 | +No action is required from you. meshStack was not affected by the Shai Hulud 2.0 vulnerability, and we have taken |
| 40 | +comprehensive preventive measures across the entire platform to ensure continued security. |
| 41 | + |
| 42 | +### Fixed Building Block Run API Documentation |
| 43 | +**Audience:** User<br> |
| 44 | + |
| 45 | +#### Description |
| 46 | +We fixed an issue where the "Update source for a building block run" endpoint was not appearing correctly in the API |
| 47 | +documentation sidebar. The endpoint documentation is now properly displayed and easier to find in the navigation. |
| 48 | + |
| 49 | +### Fix Workload Identity Federation Input Generation in Building Block Definitions |
| 50 | +**Audience:** User<br> |
| 51 | + |
| 52 | +#### Description |
| 53 | +Fixed an issue where the workload identity federation (WIF) input generation was broken during building block |
| 54 | +definition creation. This affected building blocks using Terraform and other runners that require |
| 55 | +WIF configuration. |
| 56 | + |
| 57 | +### Enhanced Author Information in meshEventLog API |
| 58 | +**Audience:** User<br> |
| 59 | + |
| 60 | +#### Description |
| 61 | +The meshEventLog API now provides more detailed information about the author of each event. This enhancement makes |
| 62 | +it easier to understand who performed specific actions in your meshStack environment. |
| 63 | + |
| 64 | +#### How to use |
| 65 | +When retrieving event logs via the meshEventLog API, you will now receive additional author details for each event. |
| 66 | +For a complete description of all available author fields and their meanings, please refer to the official meshStack |
| 67 | +documentation. |
| 68 | + |
| 69 | +### Improved User Experience When Creating Tenants With Landing Zones |
| 70 | +**Audience:** User<br> |
| 71 | + |
| 72 | +#### Description |
| 73 | +We improved the user experience when creating tenants for platforms with landing zones that have mandatory building |
| 74 | +blocks. Previously, it was possible to navigate to the access control screen before all mandatory building blocks |
| 75 | +were fully loaded, which could result in incomplete tenant configurations. Now, the landing zone selection dropdown |
| 76 | +displays a clear loading indicator while building blocks are being fetched, and navigation to the next step is |
| 77 | +disabled until all necessary building block definitions are fully loaded. This ensures that you can only proceed |
| 78 | +when all mandatory building blocks are properly configured and ready for your tenant. |
| 79 | + |
| 80 | +### Improved Building Block Input Change Detection |
| 81 | +**Audience:** User<br> |
| 82 | + |
| 83 | +#### Description |
| 84 | +We fixed an issue where changes to building block input properties were not properly detected when the input value |
| 85 | +came from another building block's output (dependent inputs). Previously, if you changed properties like the |
| 86 | +environment flag or sensitivity flag on such inputs, these would not be recognized as |
| 87 | +changes and could lead to missing variables during building block execution. |
| 88 | + |
| 89 | +### Add workspaceIdentifier Query Parameter for Event Logs API |
| 90 | +**Audience:** User<br> |
| 91 | + |
| 92 | +#### Description |
| 93 | +The meshEventLog API now supports filtering by workspace identifier. A new `workspaceIdentifier` query parameter has |
| 94 | +been added to the event logs list endpoint, allowing API consumers to filter event logs by the exact workspace |
| 95 | +identifier. This is in addition to the existing `workspaceName` parameter which performs a partial match on the |
| 96 | +workspace display name. |
| 97 | + |
| 98 | +### Fixed AWS Landing Zone Detection for Control Tower Enrollment |
| 99 | +**Audience:** User<br> |
| 100 | + |
| 101 | +#### Description |
| 102 | +We resolved an issue where meshStack was unable to detect if an AWS account was already part of an AWS Landing Zone |
| 103 | +during Control Tower enrollment. This caused enrollment attempts to fail without proper error handling when accounts |
| 104 | +were already managed by an existing Landing Zone. The fix ensures that the replication process now correctly checks |
| 105 | +Landing Zone manifests. |
| 106 | + |
| 107 | +#### How to use |
| 108 | +In order to successfully incorporate the AWS Landing Zone detection feature, please ensure |
| 109 | +that your meshfed-service role for the AWS replication contains the two new permissions for reading |
| 110 | +landing zone attributes as described in the documentation. |
| 111 | + |
| 112 | +### meshUser API Now Exposes UUID |
| 113 | +**Audience:** User<br> |
| 114 | + |
| 115 | +#### Description |
| 116 | +The meshUser meshObject API now includes a unique identifier (UUID) in the metadata section. This UUID uniquely |
| 117 | +identifies each user in meshStack. Additionally, you can now filter meshUsers by their UUID using the new `uuid` |
| 118 | +query parameter. |
| 119 | + |
| 120 | +### Remove Legacy Config-Based Message of the Day Configuration |
| 121 | +**Audience:** User<br> |
| 122 | + |
| 123 | +#### Description |
| 124 | +We have removed the legacy deployment config-based message of the day (MOTD) system from meshPanel. This |
| 125 | +simplifies the deployment configuration and reduces complexity. |
| 126 | + |
| 127 | +#### How to use |
| 128 | +You can continue using the built-in message of the day capabilities through the self-service features in |
| 129 | +meshPanel. The removal of the config-based motd does not affect the functionality of displaying |
| 130 | +messages to users - it only changes how these messages are configured by administrators. |
| 131 | + |
| 132 | +### Event Logs for Policies |
| 133 | +**Audience:** User<br> |
| 134 | + |
| 135 | +#### Description |
| 136 | +We now create event logs for policies. When you create, modify, or delete a policy, these changes |
| 137 | +are now visible in the Event Logs section in the admin area. This provides you with better visibility and |
| 138 | +auditability of policy changes in your meshStack installation. |
| 139 | + |
| 140 | +### Event Log API Supports Title Exclusion for Efficient Filtering |
| 141 | +**Audience:** User<br> |
| 142 | + |
| 143 | +#### Description |
| 144 | +The meshEventLog API now supports a new excludeTitle query parameter that allows you to filter out event logs by |
| 145 | +title. This is particularly useful when exporting event logs to SIEM systems or other monitoring tools where you |
| 146 | +want to exclude high-volume event types like "Building Block Run Requested" to reduce noise and focus on relevant |
| 147 | +events. You can specify the parameter multiple times to exclude multiple event titles in a single request. |
| 148 | + |
| 149 | +### Improved Building Block Definition Form Order |
| 150 | +**Audience:** User<br> |
| 151 | + |
| 152 | +#### Description |
| 153 | +The form layout for creating and editing building block definitions has been reorganized to follow a more logical |
| 154 | +sequence. Implementation details now appear before runner configuration, making the creation process more intuitive. |
| 155 | +Additionally, an outdated beta notification for GitLab integrations has been removed. |
| 156 | + |
| 157 | +### Improved Event Log Author Information in Admin Area |
| 158 | +**Audience:** User<br> |
| 159 | + |
| 160 | +#### Description |
| 161 | +The event logs in the Admin Area now display more detailed author information. The Author column clearly shows what |
| 162 | +type of principal performed the action (API key, API user, or human user) and identifies the specific API |
| 163 | +key/API user/human user that executed the action. This enhancement provides better transparency and traceability |
| 164 | +for administrative actions in your meshStack installation. |
| 165 | + |
| 166 | +#### How to use |
| 167 | +Navigate to the Admin Area and open the event logs view. You will see the improved author information in the |
| 168 | +Author column for all newly created event logs. Please note that event logs created before this change was |
| 169 | +implemented will continue to show the previous author format without the detailed principal type information. |
| 170 | + |
| 171 | +### New meshIntegration API for Integration Management |
| 172 | +**Audience:** User<br> |
| 173 | + |
| 174 | +#### Description |
| 175 | +A new meshIntegration API is now available for programmatic access to integrations. The API |
| 176 | +enables automated management of building block integrations (GitHub, GitLab, Azure DevOps), including |
| 177 | +creation, modification, and deletion of integration configurations. Users can manage integrations within |
| 178 | +their workspace scope. |
| 179 | + |
| 180 | +### Improved Unmanaged Tenant Import Stability |
| 181 | +**Audience:** User<br> |
| 182 | + |
| 183 | +#### Description |
| 184 | +We improved the reliability of importing unmanaged tenants to projects. The import process is now more stable |
| 185 | +providing you with a smoother experience when assigning unmanaged tenants to your projects. |
| 186 | + |
| 187 | +### Event Logs for API Users |
| 188 | +**Audience:** User<br> |
| 189 | + |
| 190 | +#### Description |
| 191 | +We now create event logs for API Users. When you create, modify, or delete an API User, these changes |
| 192 | +are now visible in the Event Logs section in the admin area. This provides you with better visibility and |
| 193 | +auditability of API User changes in your meshStack installation. |
| 194 | + |
0 commit comments