Harness Release Notes Summaries
Explore release notes from the last 30 days across the Harness Platform and modules.
INFO
Please review the full module release notes by selecting a module in the sidebar, or using the View full release notes links beside each module summary.
Platform Release Notes
Platform
View full release notes →Fixes
- Improved authentication security by resolving an exception that could expose valid usernames in error responses.
- Fixed an issue where permission checks for the split user group permissions were not properly controlled by the feature flag.
- Addressed-24049 by pinning the JaCoCo version used in Python.
Delegate
View full release notes →New Features & Enhancements
- Resolved-68121 by upgrading Go to version 1.25.7.
Fixes
- Added support for the delegate environment variable MAX_DOCKER_ARTIFACT_TAGS_PER_IMAGE, which lets you control the maximum number of Docker tags fetched per image. The default value is 10,000 tags. To override the default, set the environment variable on your delegate:.
- name: MAX_DOCKER_ARTIFACT_TAGS_PER_IMAGE.
- Added the tree query parameter to Jenkins API calls to ensure compatibility and unblock API requests in the latest CloudBees Jenkins integration.
- ASG steps using AWS Connector with authentication type OIDC or IRSA will be properly used for deployments.
- We’ve improved accuracy for low-data scenarios. Previously, the Statistical model would mark anomalies that Prophet didn't, leading to occasional inaccuracies.
- Resolved deserialization errors in connector validation results caused by missing constructors.
- Fixed an issue where 'not found' pods triggered retry loops during the event phase.
- We’ve updated the retry logic to always re-evaluate conditions, even if the step previously attempted to run.
- Improved error messaging to suggest checking permissions and installation for the aws-iam-authenticator binary.
- Improved the ECS steady state check. Instead of relying on the event createdAt timestamp, we now store the timestamp before performing any ECS operations and use it to filter out stale AWS events. This fix is gated behind the feature flag CDS_ECS_USE_CREATED_AT_DEPLOYMENT_STEADY_STATE.
AI for DevOps & Automation
Continuous Delivery & GitOps
View full release notes →New Features & Enhancements
- GitOps service now integrates with Open Policy Agent (OPA) for applications, enabling policy-based governance and validation for GitOps applications.
- Harness now supports Blue-Green deployments to [Google Cloud Platform Managed Instance Groups](/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/mig). Deploy GCP VM workloads with zero downtime, gradual traffic shifting using Cloud Service Mesh, and instant rollback. Currently, this feature is governed by the CDS_GOOGLE_MIG feature flag. Contact [Harness Support](mailto:support@harness.io) to enable it.
- Harness now supports multi-account deployments for AWS CDK, allowing you to deploy to different AWS accounts using a single connector by overriding the region and assuming a different IAM role at the step level.
- Harness now supports GCP connector credentials for Terraform steps, enabling authentication with Google Cloud Platform using Manual Credentials, Inherit From Delegate, or OIDC Authentication methods. This feature requires delegate version 88303 or later.
- Harness now supports cross-project access for Google Cloud Operations health sources. You can now specify a GCP Project ID to query metrics and logs from a different project than your connector's default, eliminating the need to create separate connectors for each GCP project.
- Harness now supports Git-based pipeline YAMLs in Dynamic Stages, allowing you to execute pipeline YAMLs stored in Git repositories in addition to inline and runtime-provided YAML. You can optionally specify a commit hash to use a specific version of the file.
- Harness now supports a new "Waiting for User Action" pipeline notification event. You can configure pipeline notifications that are sent whenever a pipeline pauses for user input, such as approvals, manual interventions, or file uploads.
- Harness has improved trigger evaluation resilience. A failure in one trigger no longer blocks or skips the evaluation of other triggers, ensuring all eligible triggers are evaluated independently when an event is received.
- Harness Artifact Registry now supported as an artifact source for all CD deployment types (except Helm). HAR provides native integration for both container images and packaged artifacts (Maven, npm, NuGet, generic). For more information, go to [Harness Artifact Registry](/docs/continuous-delivery/x-platform-cd-features/services/artifact-sources#harness-artifact-registry).
- Continuous Verification now supports custom webhook notifications for verification sub-tasks, providing real-time updates on data collection, analysis, and verification status with correlation IDs for event tracking. This feature is behind the feature flag CDS_CV_SUB_TASK_CUSTOM_WEBHOOK_NOTIFICATIONS_ENABLED. Contact [Harness Support](mailto:support@harness.io) to enable it. For more information, go to [Sub-Task Notifications](/docs/continuous-delivery/verify/configure-cv/verify-deployments#sub-task-notifications).
Fixes
- Fixed an issue where deleting an ApplicationSet from the resource tree context menu incorrectly called the delete application API instead of the delete ApplicationSet API, causing the deletion to fail.
- Fixed an issue where ApplicationSets could not be deleted if the associated agent no longer existed, returning a "Permission denied: agent identifier incorrect or agent does not exist" error. Cleanup of ApplicationSets now works correctly when deleting account-level agents.
- Fixed an issue where Harness dashboards failed to load data, returning a PostgreSQL error when attempting to retrieve dashboard information.
- Fixed an issue where saving a freeze window with email notifications configured in delegate mode failed with a YAML validation error. The UI-generated YAML for delegate selectors was incorrectly formatted, causing the save operation to fail even though no manual YAML edits were made.
- Fixed an issue where the Triggered by column in the pipeline executions list displayed a generic Webhook(<id>) label instead of the configured trigger name after adding a CI stage to an existing CD pipeline. The trigger name now displays consistently regardless of the stage types present in the pipeline.
- Fixed an issue where send status back to git does not publish commit status when the pipeline is triggered via the Harness code trigger in custom stages. Status handling was missing in the Harness code repository because it lacks a connectorRef. Added proper handling for the code repository.
- Fixed an issue where executing a pipeline directly from an input set failed with a validation error for a required variable, even though the variable value was already populated. This was caused by an empty pipeline identifier being sent in the input set API call.
- Fixed an issue where the Updated Time column on the pipeline template's referencing entities tab displayed time in 24-hour format with an incorrect AM/PM suffix (for example, 14:11 PM). The timestamp now uses a consistent and valid time format.
- Fixed an issue where the Start button in the Infra Workspace Template creation flow was unresponsive on prod2, preventing users from creating new templates. This occurred even though the workspace templates feature was GA and enabled for the account.
- Fixed a race condition where the built-in expression <+project.identifier> failed to resolve in time during parallel HTTP steps, causing a 400 error. The expression now resolves consistently across all parallel steps during pipeline execution.
Continuous Integration
View full release notes →New Features & Enhancements
- Harness Cloud builds now display CPU and memory usage metrics in pipeline execution logs, providing better visibility into resource consumption.
- Introduced branch-based version counters, allowing build numbering to track independently per branch.
- Container-based step groups now support real-time step status updates during execution.
- Harness Cloud build logs now display the actual machine size name (e.g., medium) instead of the previous flex label, reflecting the updated resource class naming.
- Introduced Save Cache to Azure and Restore Cache to Azure pipeline steps (YAML-only) to enable artifact caching with Azure Blob Storage using Microsoft identity provider authentication.
- Build and Push to Azure Container Registry (ACR) steps now support authentication using delegate-based User Assigned Managed Identity (Azure Workload Identity).
- Kubernetes builds now support additional JWT claims when integrating with HashiCorp Vault for secret management. This feature is currently behind the feature flag PL_ENABLE_GRANULAR_CLAIMS_FOR_VAULT.
Fixes
- Resolved an issue where double quotes within secrets were not handled correctly in CI Run steps.
- Improved error logging when the Initialize step fails due to secret fetch errors, providing more actionable details in the logs.
- Resolved an issue with the <+codebase.repoUrl> expression returning incorrect URLs in Azure Repos commit-based builds.
- Resolved an issue with environment variable resolution in Buildx Bake configurations on self-hosted, VM runners and local runners.
- Improved Test Intelligence security by upgrading the underlying runtime to address known vulnerabilities.
- Improved Artifactory plugin security by upgrading the underlying runtime to address known vulnerabilities.
- Resolved an issue with Docker Buildx Bake environment variable handling in Kubernetes builds.
- Improved Test Intelligence security by updating golang version in the split test binary.
- Improved GitLab merge request status updates so pipeline status now reflects execution progress in real time instead of only after stage completion.
- Fixed an issue where pipeline re-runs could fail when delegate selectors were used with codebase tasks (SCM_GIT_REF_TASK).
AI for Testing & Resilience
Chaos Engineering
View full release notes →New Features & Enhancements
- Migrated Action and Probe Variables to Inputs under Chaos Studio.
- Added egress rules support for ecs network restrict fault for specific rule.
- Added linux chaos faults (network, API, JVM, process, service, DNS, disk fill) in machine chaos and its templates in hub.
- Updated ECS Fargate CPU/Memory Sidecar to Use Multi-Arch DDCR Image.
- Added Disaster Recovery (DR) component support with new entity, APIs (DRTest run, getVariables, DRComponentNodes CRUD), and DDCR execution enhancements.
- Added permission to mitmdump in the install script.
- Added live logging support for linux v2 and windows v2 infrastructure.
- Added UI support for experiment templates for Windows and Linux infrastructure.
- Added Resource Selector for probe, action, faults in chaos module.
- Added new submodule routes behind feature flags in chaos web.
Fixes
- Fixes the issue with the load task stuck in the Pending state, and the infrastructure not receiving the load task request.
- harness/chaos-ddcr:1.76.0.
- harness/chaos-ddcr-faults:1.76.0.
- harness/chaos-log-watcher:1.76.0.
- harness/service-discovery-collector:0.56.0.
- Fixed HSM secret mechanism in backend for SecretText case for faults - redis/vmware (password).
- Fixed ACL permission gaps and missing UI error handling across UI/API in Chaos module.
- Implemented start/stop polling control on the onboarding status query. When the user reaches the "Create Application Maps" step, polling is automatically paused so the Network Map table remains stable for interaction (including opening menus and deleting maps). Polling resumes when the user navigates away from the step or advances to the next onboarding phase.
- harness/chaos-ddcr:1.75.0.
- harness/chaos-ddcr-faults:1.75.0.
AI Test Automation
View full release notes →New Features & Enhancements
- Jira Integration.
- Nested Tasks Support.
- Link to Test Run in Jira Ticket.
- Environment Name Filter in Test Run Page.
- Drag-and-Drop Command for Slider Interactions.
- Parameter Support for Prompt Enhancer.
Fixes
- Fixed Duplicate Copilot Task Display.
- Renamed "Validate Test" to "Run Test".
- Added Busy Tag and Renamed API.
AI for Security & Compliance
Security Testing Orchestration
View full release notes →New Features & Enhancements
- [SAST](https://developer.harness.io/docs/security-testing-orchestration/harness-security-scanners/sast) - Scans source code to identify security issues, exposed secrets, and vulnerable Open Source dependencies.
- [SCA](https://developer.harness.io/docs/security-testing-orchestration/harness-security-scanners/sca) - Scans container images to detect vulnerabilities in operating system packages and libraries, with reachability-based risk prioritization.
Fixes
- Fixed an issue where creating pull requests for the Harness Code Repository resulted in an error. Pull requests can now be created successfully.
- Fixed an issue where the STO Exemptions page displayed an incorrect approval time. The correct approval timestamp is now shown ( , (https://harnesssupport.zendesk.com/agent/tickets/102826)).
- Fixed an issue in the Mend scanner where the File Name field displayed incorrectly in SCA issues. The File Name now appears correctly on the Issue Overview page.
Supply Chain Security
View full release notes →New Features & Enhancements
- Added support to filter SBOM components by [Dependency Type](/docs/software-supply-chain-assurance/manage-risk-and-compliance/repository-security-posture-management-rspm#sbomsoftware-bill-of-materials-tab) (Direct, Indirect, No Relationship) for code repositories, enabling classification based on how each component is related in the SBOM and improving component-level traceability across the project. This feature is behind the feature flag SCS_DEPENDENCY_SEGREGATION. Contact [Harness Support](mailto:support@harness.io) to enable this feature.
- Extended SBOM vulnerability support to all STO scanners (previously limited to Snyk and Trivy). The SBOM page now displays vulnerabilities identified by any STO scanner.
- Added Docker:Dind base image support to ensure SCS plugin compatibility with Docker v29 and later versions ( (https://harnesssupport.zendesk.com/agent/tickets/103871)).
- We have pinned our Harness SCS plugins to use Docker API version 1.41, which is supported by Docker engine versions 20.10 – 28.0. Docker engine versions 29 and above are not supported as it require a newer Docker API version 1.44 that the plugins do not support. As a result, all SCS plugin versions will fail if Docker 29 or later is used.
- If you use docker:dind as the image, it pulls Docker Engine version 29, which relies on Docker API version 1.44 that all plugins do not support and as a result, all SCS plugin versions will fail. Make sure to use docker:28-dind as the image to resolve the issue.
- Added extended [Java support in cdxgen](https://developer.harness.io/docs/software-supply-chain-assurance/open-source-management/generate-sbom-for-repositories/#configure-cdxgen-with-extended-java-support) to properly handle JAVA_HOME error ( (https://harnesssupport.zendesk.com/agent/tickets/96323)), ( (https://harnesssupport.zendesk.com/agent/tickets/91015)).
Fixes
- Fixed an issue where the OSS Risks – Known Vulnerabilities in dependencies filter on the SBOM page was not working as expected.
- Fixed an issue where CD events were missing from the Chain of Custody during artifact redeployments. Events are now properly captured and displayed, ensuring complete traceability.
- Fixed an issue where the SBOM count displayed on the Overview page did not match the count shown in the SBOM tab.
- Fixed an issue in the [SBOM Score API](https://apidocs.harness.io/sbom/getsbomscoreforartifact) to correctly generate the SBOM score when the repository name is provided with the https:// prefix.
- Fixed search bar responsiveness and image layer filter visibility.
- Fixed inconsistent HAR artifact names across all SCS steps.
AI for Cost & Optimization
Cloud Cost Management
View full release notes →Fixes
- Perspective Rule Reset Issue: Fixed an issue on the Perspective page where editing rules in the rule builder and then changing the name or folder caused the rules to reset to the originally saved configuration.
- Applied Recommendations Chart Aggregation: Improved the Recommendations vs. Savings chart to prevent clutter when large time ranges are selected. Aggregation now switches to monthly when the range exceeds three months and to yearly when it exceeds one year.
- Recommendation createdAt Field Population: Fixed an issue where the createdAt field was not populated when generating recommendations. The field is now correctly populated upon recommendation generation.
- In-Place Pod Resizing with VPA 1.5.1: The highlight of this release is the upgrade to VPA 1.5.1, which introduces in-place pod resizing. This feature allows the Vertical Pod Autoscaler to adjust CPU and memory resource requests for running pods without requiring pod restarts, significantly reducing disruption to your workloads.
- Enhanced Security:.
- AWS IMDSv2 Support: Full compatibility with AWS Instance Metadata Service Version 2, providing improved security for EC2 instance metadata access.
- Rapidfort Hardened Container Images: All container images are now hardened using Rapidfort's security scanning and optimization, reducing attack surface and improving security posture.
- AutoStopping Logs Improvements: AutoStopping logs now include pagination and 30-day retention. You can download logs and select your preferred timezone when exporting.
- Anomalies Widget Enhancement: The Anomalies legend in the Cloud and Cluster Spend widget is now automatically disabled when both Cluster Spend and Cloud Spend are deselected, ensuring anomalies are only displayed alongside relevant cost data.
- Cluster Orchestrator Refresh Button: Added a refresh button to Cluster Orchestrator tables, allowing you to quickly check for updates to nodes, workloads, schedules, and logs.