Harness Release Notes Summaries
Explore release notes from the last 30 days across the Harness Platform and modules.
INFO
These are AI-generated summaries intended to help you scan what changed. They are not complete release notes.
Please review the full module release notes by selecting a module in the sidebar, or using the View full release notes links beside each module summary.
Platform Release Notes
Platform
View full release notes →New Features & Enhancements
- Implemented reference creation between user groups and notification channels at the project scope, ensuring user groups cannot be deleted while they are referenced by one or more notification channels.
- Upgraded yq to version 4.50.1 in the base image to address-61729.
- Updated the Bouncy Castle (BC) libraries to version 1.80 in the Docker configuration and associated scripts.
- Enhanced the Google Secrets Manager connector to support [cross-project secret](/docs/platform/secrets/secrets-management/add-a-google-cloud-secret-manager/#enable-cross-project-access) access using a single connector.
- Upgraded the Java OpenJDK to version 17.0.17 to improve stability, security, and performance.
- OPA policies are now enforced during token rotation, ensuring rotated tokens follow policy limits and do not use long expiration times.
Fixes
- Fixed an issue where permission checks for the split user group permissions were not properly controlled by the feature flag.
- Addressed-24049 by pinning the JaCoCo version used in Python.
- Enhanced delegate existence checks by including Delegate Group Name along with hostname and IP address, enabling the creation of delegates with identical hostnames and IPs in different infrastructures.
- Resolved an issue where user search on the Access Control > Users page did not work correctly for emails containing special characters. The search query is now parsed correctly and matches user emails and names as expected.
- Improved secret handling by correcting metadata mismatches between secrets and their encrypted records.
- Resolved a virtual service conflict impacting delegate resources.
- Resolved an issue where ingress routes were updated as part of the change that moved Delegate APIs from ng-manager to harness-manager, but required Istio routes were missing, causing routing issues. The missing routes have now been added to ensure correct traffic routing.
Delegate
View full release notes →New Features & Enhancements
- Added a check to store the release history of Kubernetes deployments in Secrets instead of ConfigMaps when pruning is enabled. This fix is currently guarded behind the feature flag CDS_STORE_PRUNING_RELEASE_HISTORY_IN_SECRET.
- Added support for Bitbucket Cloud API tokens in connector authentication, enabling token-based access and easing the transition away from deprecated app passwords.
- Added support for dynamic port configuration using the {{DELEGATE_HTTP_PORT}} environment variable, allowing each delegate to use a unique port while maintaining backward compatibility with the default port 3460.
- Upgraded the Delegate Upgrader image with Go v1.25 and Kubernetes Go client v1.35.
Fixes
- We’ve improved accuracy for low-data scenarios. Previously, the Statistical model would mark anomalies that Prophet didn't, leading to occasional inaccuracies.
- Resolved deserialization errors in connector validation results caused by missing constructors.
- Fixed an issue where 'not found' pods triggered retry loops during the event phase.
- We’ve updated the retry logic to always re-evaluate conditions, even if the step previously attempted to run.
- Improved error messaging to suggest checking permissions and installation for the aws-iam-authenticator binary.
- Improved the ECS steady state check. Instead of relying on the event createdAt timestamp, we now store the timestamp before performing any ECS operations and use it to filter out stale AWS events. This fix is gated behind the feature flag CDS_ECS_USE_CREATED_AT_DEPLOYMENT_STEADY_STATE.
- Adjusted request object logging for CV connectors.
- Adjusted request object logging for CV connectors.
- Added env variable MAX_BUILD_NEXUS_TRIGGERS to specify maximum tags fetched in a Nexus3 trigger polling task.
- Added env variable DISABLE_NEXUS_DOCKER_V2_CATALOG to disable validation of artifact path in the specified repository using v2/_catalog in Nexus3.
AI for DevOps & Automation
Continuous Delivery & GitOps
View full release notes →New Features & Enhancements
- GitOps service now integrates with Open Policy Agent (OPA) for applications, enabling policy-based governance and validation for GitOps applications.
- Harness now supports Blue-Green deployments to [Google Cloud Platform Managed Instance Groups](/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/mig). Deploy GCP VM workloads with zero downtime, gradual traffic shifting using Cloud Service Mesh, and instant rollback. Currently, this feature is governed by the CDS_GOOGLE_MIG feature flag. Contact [Harness Support](mailto:support@harness.io) to enable it.
- Harness now supports multi-account deployments for AWS CDK, allowing you to deploy to different AWS accounts using a single connector by overriding the region and assuming a different IAM role at the step level.
- Harness now supports GCP connector credentials for Terraform steps, enabling authentication with Google Cloud Platform using Manual Credentials, Inherit From Delegate, or OIDC Authentication methods. This feature requires delegate version 88303 or later.
- Harness now supports cross-project access for Google Cloud Operations health sources. You can now specify a GCP Project ID to query metrics and logs from a different project than your connector's default, eliminating the need to create separate connectors for each GCP project.
- Harness now supports Git-based pipeline YAMLs in Dynamic Stages, allowing you to execute pipeline YAMLs stored in Git repositories in addition to inline and runtime-provided YAML. You can optionally specify a commit hash to use a specific version of the file.
- Harness now supports a new "Waiting for User Action" pipeline notification event. You can configure pipeline notifications that are sent whenever a pipeline pauses for user input, such as approvals, manual interventions, or file uploads.
- Harness has improved trigger evaluation resilience. A failure in one trigger no longer blocks or skips the evaluation of other triggers, ensuring all eligible triggers are evaluated independently when an event is received.
- Harness Artifact Registry now supported as an artifact source for all CD deployment types (except Helm). HAR provides native integration for both container images and packaged artifacts (Maven, npm, NuGet, generic). For more information, go to [Harness Artifact Registry](/docs/continuous-delivery/x-platform-cd-features/services/artifact-sources#harness-artifact-registry).
- Continuous Verification now supports custom webhook notifications for verification sub-tasks, providing real-time updates on data collection, analysis, and verification status with correlation IDs for event tracking. This feature is behind the feature flag CDS_CV_SUB_TASK_CUSTOM_WEBHOOK_NOTIFICATIONS_ENABLED. Contact [Harness Support](mailto:support@harness.io) to enable it. For more information, go to [Sub-Task Notifications](/docs/continuous-delivery/verify/configure-cv/verify-deployments#sub-task-notifications).
Fixes
- Fixed an issue where the Jenkins step stopped working after upgrading to 2.516.1.28665. Added query params (tree) to Jenkins API calls to unblock API calls in the latest CloudBees Jenkins integration.
- Fixed an issue where the WinRM service artifact source displayed every artifact as a Docker artifact in the UI. The artifact source template now shows the actual artifact type in the icon if the user has not provided a custom icon.
- Fixed an issue where the tag dropdown was not populating with any tags generated in the last day.
- Fixed an issue where Google Cloud Run deployments did not work on rerun when a service was scaled to zero.
- Fixed an issue where Harness ASG deployment did not fail when the AWS instance refresh was manually moved to a rollback state.
- Fixed an issue where bulk reconciliation of pipelines referencing shared templates and stored in remote repositories could fail. The error occurred when the system incorrectly attempted to access a "HARNESS" branch in the remote repository. Improved logging has been added to provide better visibility into the Git branch and repository being accessed during reconciliation.
- Fixed an issue where the "Enforce OAuth For Commits" setting incorrectly blocked pipeline saves, even when users had already configured Bitbucket OAuth with a custom provider. Users with Bitbucket OAuth configured can now successfully save pipelines when "Enforce OAuth For Commits" is enabled.
- Fixed an issue where the account-level "Skip Git Webhook Registration" setting incorrectly restricted administrators from enabling or disabling Git webhooks. Administrators can now manage all Git webhooks, regardless of the "Skip Git Webhook Registration" setting, respecting their administrative permissions.
- Fixed an issue where the log viewer would unexpectedly jump to the bottom, interrupting users while reviewing logs during pipeline executions. The log viewer now maintains the user's scroll position when manually scrolling or when a log section is collapsed, preventing unwanted auto-scrolling behavior.
- Fixed an issue in the GitOps UI where ApplicationSet validation was not functioning correctly. Users can no longer create ApplicationSets with invalid YAML configurations, preventing deployment errors.
Continuous Integration
View full release notes →New Features & Enhancements
- Build and Push to Azure Container Registry (ACR) steps now support authentication using delegate-based User Assigned Managed Identity (Azure Workload Identity).
- Kubernetes builds now support additional JWT claims when integrating with HashiCorp Vault for secret management. This feature is currently behind the feature flag PL_ENABLE_GRANULAR_CLAIMS_FOR_VAULT.
- Build Intelligence (background step) logs are now visible during stage execution.
Fixes
- Improved GitLab merge request status updates so pipeline status now reflects execution progress in real time instead of only after stage completion.
- Fixed an issue where pipeline re-runs could fail when delegate selectors were used with codebase tasks (SCM_GIT_REF_TASK).
- Addressed a vulnerability in cache-service image security by vulnerability in the crypto/x509 package.
- Improved handling of multiline-secrets used in Run step, when running on Kubernetes build infrastructure.
- Improved Build and Push step error messages to display the full Dockerfile path when the file is not found.
- Fixed an issue where double-quoted secrets in expressions caused Run step failures.
- Resolved an issue reducing the size of the Kubernetes pod YAML generated by CI, preventing failures where oversized YAML causes the cluster’s etcd server to reject the request (“request is too large”). This feature is behind the CI_COMMON_ENV_POD feature flag. This was deployed as a hotfix.
- Improved error logging for intermittent failures caused by Bitbucket rate-limiting.
- Resolved an issue where Kaniko builds failed when using the same Docker connector for both base image and push operations.
- Pod failure logs are now visible in the console UI when running builds on Kubernetes infrastructure, improving troubleshooting.
Artifact Registry
View full release notes →New Features & Enhancements
- Built-in CI step: New "Upload Artifacts to Harness Artifact Registry" step available in all CI pipelines.
- Multi-format (non-OCI) support: Upload artifacts in formats such as Maven JARs, npm packages, Python wheels, Conda packages, Generic artifacts, and more.
Fixes
- Metadata Management: Set, get, and delete custom metadata on registries, packages, and specific versions. Use metadata for tagging environments, tracking ownership, managing approval workflows, and maintaining compliance information.
- Artifact Copy: Copy specific versions of artifacts between registries within your Harness Artifact Registry, with support for artifact type specification (e.g., model, dataset).
- Artifact Version Delete: Delete specific versions of artifacts or all versions of an artifact. This provides granular control over artifact lifecycle management.
- Registry Delete: Remove entire registries from your projects through the CLI.
- Python and NuGet Support: Manage Python (PyPI) and NuGet packages directly from the command line.
AI for Testing & Resilience
Chaos Engineering
View full release notes →New Features & Enhancements
- Updated Overview Page in chaos to incorporate Resilience Testing and YT videos.
- Added Risk UI present in the project, org and account level scopes.
- Added Resilience Risk backend and DB schema with the new db approach.
- Moved application maps to chaos testing and added banner for simplified nav.
- Added aks-node-down fault.
- Added Experiment Timeline Builder with options menu by hovering over existing node.
- Added initial setup for load test.
- harness/chaos-ddcr:1.73.0.
- harness/chaos-ddcr-faults:1.73.0.
- harness/chaos-log-watcher:1.73.0.
Fixes
- Fixed container probe is erroring out incase of failed condition.
- Fixed apm probe template creation.
- Fixed helper annotation issue for helper daemonset pods.
- Fixed RESILIENCE SCORE and RESILIENCE COVERAGE not updating in application maps with v1beta1 experiments. The fix introduces enhancements to the chaos experiment pipeline by adding logic to update the target network map and target services, thereby improving resiliency coverage for v1beta1 experiments.
- Fixed tune fault functionality broken in beta1 experiments. All fault tunables are working correctly.
- Fixed JVM experiment not respecting JAVA_HOME setting set on the spec. Fixed JVM chaos experiments to support custom JavaHome paths - experiments now succeed when java is not in the system PATH but JavaHome is specified in the experiment configuration.
- Fixed API not sending updated details in response when updating metadata of a fault template.
- harness/chaos-ddcr:1.72.0.
- harness/chaos-ddcr-faults:1.72.0.
- harness/chaos-log-watcher:1.72.0.
AI Test Automation
View full release notes →New Features & Enhancements
- AI-Powered Prompt Enhancement.
- Updated Default LLM Model to.2.
Fixes
- Optimized Test Suite Parallel Execution.
- Enhanced Calendar Date Range Selection.
- Improved Session Storage Compatibility.
- Streamlined Slack Notifications.
- Fixed Calendar Modal Interaction.
AI for Security & Compliance
Security Testing Orchestration
View full release notes →New Features & Enhancements
- [SAST](https://developer.harness.io/docs/security-testing-orchestration/harness-security-scanners/sast) - Scans source code to identify security issues, exposed secrets, and vulnerable Open Source dependencies.
- [SCA](https://developer.harness.io/docs/security-testing-orchestration/harness-security-scanners/sca) - Scans container images to detect vulnerabilities in operating system packages and libraries, with reachability-based risk prioritization.
- Added support for surfacing external policy failures as a distinct Issue Type in Harness STO. You can now view external policy failures alongside other scan results. Previously, these were treated as Info level issues. This feature is currently behind the STO_EXTERNAL_POLICY_FAILURES_AS_VULNS feature flag. Learn more about the [supported scanners](/docs/security-testing-orchestration/view-security-test-results/view-scan-results#external-policy-failures).
- Added a support to add the comment to the [checkmarx](/docs/security-testing-orchestration/sto-techref-category/checkmarx/checkmarx-scanner-reference/#additional-cli-flags) scan step. This is useful for attaching metadata. When specified, the value is added under Issue Raw Details in the Issue Details view as a CLI Comment.
- Added support for the Components field in Jira ticket. Previously, users had to type values manually, but now they can select from existing components when creating Jira tickets.
AI for Cost & Optimization
Cloud Cost Management
View full release notes →Fixes
- Governance Recommendations: Resolved an issue where multiple "remove from ignore list" options were appearing for ignored Governance recommendations. The interface now correctly shows a single option to remove from the appropriate ignore level.
- Fixed an issue where the resource name and tags overlapped in the Anomalies resources table.
- Replaced the Cost Impact column with One-Day Change in the Anomalies drill-down resource table for clearer day-over-day insights.
- Improved UX and consistency across the Anomalies home and drill-down pages. Spend metrics were renamed for clarity, Expected Spend and % Change were added, layouts were simplified to reduce visual noise, and date comparisons and spend calculations were corrected. We also fixed several long-standing UI issues (multi-cloud sorting, table labels/layout, missing tooltips, and comment ordering) to improve reliability and usability.
- Enhanced the Anomalies fetch API to support Perspective-based filters. Anomalies can now be mapped using AWS Account Name/ID, AWS Service, and AWS Usage Type.
- Daily budget alert emails now display the date the cost was incurred instead of the alert generation time, ensuring accurate context when cloud cost data arrives with a delay.
- Multi-Container Workload Downloads: Since multi-container workload recommendations are split into individual line items during download, the total count increases even though the actual recommendation count remains the same. We’ve added a message in the product during download to surface this behavior.
- Default Folder Visibility: Perspectives moved to Default folder after a folder deletion will now show up during the creation of a new folder.
- Recommendations Breakdown: We’ve added realized savings from Recommendations to the Recommendations Breakdown widget on the CCM Overview page.
- Cost Tooltips for Cluster Orchestrator: We’ve added tooltips across Cluster Orchestrator to clarify that in Cluster Schedules savings, on-demand instances use netamortizedcost and spot instances use unblendedcost. In Cluster Savings, on-demand instances use publicondemandcost and spot instances use unblendedcost.
On this page