Skip to main content
Harness

Harness Release Notes Summaries

Explore release notes from the last 30 days across the Harness Platform and modules.

INFO

These are AI-generated summaries intended to help you scan what changed. They are not complete release notes.

Please review the full module release notes by selecting a module in the sidebar, or using the View full release notes links beside each module summary.

Platform Release Notes

Platform

View full release notes →
Last updated Feb 20, 2026
New Features & Enhancements
  • Implemented reference creation between user groups and notification channels at the project scope, ensuring user groups cannot be deleted while they are referenced by one or more notification channels.
  • Upgraded yq to version 4.50.1 in the base image to address-61729.
  • Updated the Bouncy Castle (BC) libraries to version 1.80 in the Docker configuration and associated scripts.
  • Enhanced the Google Secrets Manager connector to support [cross-project secret](/docs/platform/secrets/secrets-management/add-a-google-cloud-secret-manager/#enable-cross-project-access) access using a single connector.
  • Upgraded the Java OpenJDK to version 17.0.17 to improve stability, security, and performance.
  • OPA policies are now enforced during token rotation, ensuring rotated tokens follow policy limits and do not use long expiration times.
Fixes
  • Fixed an issue where permission checks for the split user group permissions were not properly controlled by the feature flag.
  • Addressed-24049 by pinning the JaCoCo version used in Python.
  • Enhanced delegate existence checks by including Delegate Group Name along with hostname and IP address, enabling the creation of delegates with identical hostnames and IPs in different infrastructures.
  • Resolved an issue where user search on the Access Control > Users page did not work correctly for emails containing special characters. The search query is now parsed correctly and matches user emails and names as expected.
  • Improved secret handling by correcting metadata mismatches between secrets and their encrypted records.
  • Resolved a virtual service conflict impacting delegate resources.
  • Resolved an issue where ingress routes were updated as part of the change that moved Delegate APIs from ng-manager to harness-manager, but required Istio routes were missing, causing routing issues. The missing routes have now been added to ensure correct traffic routing.

Delegate

View full release notes →
Last updated Feb 20, 2026
New Features & Enhancements
  • Added a check to store the release history of Kubernetes deployments in Secrets instead of ConfigMaps when pruning is enabled. This fix is currently guarded behind the feature flag CDS_STORE_PRUNING_RELEASE_HISTORY_IN_SECRET.
  • Added support for Bitbucket Cloud API tokens in connector authentication, enabling token-based access and easing the transition away from deprecated app passwords.
  • Added support for dynamic port configuration using the {{DELEGATE_HTTP_PORT}} environment variable, allowing each delegate to use a unique port while maintaining backward compatibility with the default port 3460.
  • Upgraded the Delegate Upgrader image with Go v1.25 and Kubernetes Go client v1.35.
Fixes
  • We’ve improved accuracy for low-data scenarios. Previously, the Statistical model would mark anomalies that Prophet didn't, leading to occasional inaccuracies.
  • Resolved deserialization errors in connector validation results caused by missing constructors.
  • Fixed an issue where 'not found' pods triggered retry loops during the event phase.
  • We’ve updated the retry logic to always re-evaluate conditions, even if the step previously attempted to run.
  • Improved error messaging to suggest checking permissions and installation for the aws-iam-authenticator binary.
  • Improved the ECS steady state check. Instead of relying on the event createdAt timestamp, we now store the timestamp before performing any ECS operations and use it to filter out stale AWS events. This fix is gated behind the feature flag CDS_ECS_USE_CREATED_AT_DEPLOYMENT_STEADY_STATE.
  • Adjusted request object logging for CV connectors.
  • Adjusted request object logging for CV connectors.
  • Added env variable MAX_BUILD_NEXUS_TRIGGERS to specify maximum tags fetched in a Nexus3 trigger polling task.
  • Added env variable DISABLE_NEXUS_DOCKER_V2_CATALOG to disable validation of artifact path in the specified repository using v2/_catalog in Nexus3.

AI for DevOps & Automation

Continuous Delivery & GitOps

View full release notes →
Last updated Feb 20, 2026
New Features & Enhancements
  • GitOps service now integrates with Open Policy Agent (OPA) for applications, enabling policy-based governance and validation for GitOps applications.
  • Harness now supports Blue-Green deployments to [Google Cloud Platform Managed Instance Groups](/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/mig). Deploy GCP VM workloads with zero downtime, gradual traffic shifting using Cloud Service Mesh, and instant rollback. Currently, this feature is governed by the CDS_GOOGLE_MIG feature flag. Contact [Harness Support](mailto:support@harness.io) to enable it.
  • Harness now supports multi-account deployments for AWS CDK, allowing you to deploy to different AWS accounts using a single connector by overriding the region and assuming a different IAM role at the step level.
  • Harness now supports GCP connector credentials for Terraform steps, enabling authentication with Google Cloud Platform using Manual Credentials, Inherit From Delegate, or OIDC Authentication methods. This feature requires delegate version 88303 or later.
  • Harness now supports cross-project access for Google Cloud Operations health sources. You can now specify a GCP Project ID to query metrics and logs from a different project than your connector's default, eliminating the need to create separate connectors for each GCP project.
  • Harness now supports Git-based pipeline YAMLs in Dynamic Stages, allowing you to execute pipeline YAMLs stored in Git repositories in addition to inline and runtime-provided YAML. You can optionally specify a commit hash to use a specific version of the file.
  • Harness now supports a new "Waiting for User Action" pipeline notification event. You can configure pipeline notifications that are sent whenever a pipeline pauses for user input, such as approvals, manual interventions, or file uploads.
  • Harness has improved trigger evaluation resilience. A failure in one trigger no longer blocks or skips the evaluation of other triggers, ensuring all eligible triggers are evaluated independently when an event is received.
  • Harness Artifact Registry now supported as an artifact source for all CD deployment types (except Helm). HAR provides native integration for both container images and packaged artifacts (Maven, npm, NuGet, generic). For more information, go to [Harness Artifact Registry](/docs/continuous-delivery/x-platform-cd-features/services/artifact-sources#harness-artifact-registry).
  • Continuous Verification now supports custom webhook notifications for verification sub-tasks, providing real-time updates on data collection, analysis, and verification status with correlation IDs for event tracking. This feature is behind the feature flag CDS_CV_SUB_TASK_CUSTOM_WEBHOOK_NOTIFICATIONS_ENABLED. Contact [Harness Support](mailto:support@harness.io) to enable it. For more information, go to [Sub-Task Notifications](/docs/continuous-delivery/verify/configure-cv/verify-deployments#sub-task-notifications).
Fixes
  • Fixed an issue where the Service step in pipelines took significantly longer than expected to complete, sometimes exceeding five minutes for operations that typically finish in under 15 seconds. This inconsistent delay affected multiple services across different projects and produced no logs during the wait period. The root cause was in the wait-notify mechanism, which has been optimized for scenarios involving more than one notifyId.
  • Fixed an issue where the "Enforce OAuth For Commits" setting incorrectly blocked pipeline saves for users with Bitbucket OAuth configured through a custom provider (Bitbucket Server). The enforce OAuth flow relied on the connector type (BITBUCKET) to fetch user OAuth profiles, but on-prem setups registered profiles as BITBUCKET_SERVER, preventing the correct profile from being matched. Users with Bitbucket OAuth configured can now successfully save pipelines when "Enforce OAuth For Commits" is enabled.
  • Fixed an issue where Harness ASG deployments did not fail when an AWS instance refresh was manually moved to a rollback state (e.g., RollbackInProgress) from the AWS Console. Although Harness detected the rollback state in the execution logs, it continued the deployment instead of treating it as a failure condition. Harness now correctly fails the deploy step when an externally initiated rollback is detected during an instance refresh.
  • Fixed an issue where the Jenkins step stopped working after upgrading to 2.516.1.28665. Added query params (tree) to Jenkins API calls to unblock API calls in the latest CloudBees Jenkins integration.
  • Fixed an issue where the WinRM service artifact source displayed every artifact as a Docker artifact in the UI. The artifact source template now shows the actual artifact type in the icon if the user has not provided a custom icon.
  • Fixed an issue where the tag dropdown was not populating with any tags generated in the last day.
  • Fixed an issue where Google Cloud Run deployments did not work on rerun when a service was scaled to zero.
  • Fixed an issue where bulk reconciliation of pipelines referencing shared templates and stored in remote repositories could fail. The error occurred when the system incorrectly attempted to access a "HARNESS" branch in the remote repository. Improved logging has been added to provide better visibility into the Git branch and repository being accessed during reconciliation.
  • Fixed an issue where the account-level "Skip Git Webhook Registration" setting incorrectly restricted administrators from enabling or disabling Git webhooks. Administrators can now manage all Git webhooks, regardless of the "Skip Git Webhook Registration" setting, respecting their administrative permissions.
  • Fixed an issue where the log viewer would unexpectedly jump to the bottom, interrupting users while reviewing logs during pipeline executions. The log viewer now maintains the user's scroll position when manually scrolling or when a log section is collapsed, preventing unwanted auto-scrolling behavior.

Continuous Integration

View full release notes →
Last updated Feb 20, 2026
New Features & Enhancements
  • Build and Push to Azure Container Registry (ACR) steps now support authentication using delegate-based User Assigned Managed Identity (Azure Workload Identity).
  • Kubernetes builds now support additional JWT claims when integrating with HashiCorp Vault for secret management. This feature is currently behind the feature flag PL_ENABLE_GRANULAR_CLAIMS_FOR_VAULT.
  • Build Intelligence (background step) logs are now visible during stage execution.
Fixes
  • Resolved an issue with Docker Buildx Bake environment variable handling in Kubernetes builds.
  • Improved Test Intelligence security by updating golang version in the split test binary.
  • Improved GitLab merge request status updates so pipeline status now reflects execution progress in real time instead of only after stage completion.
  • Fixed an issue where pipeline re-runs could fail when delegate selectors were used with codebase tasks (SCM_GIT_REF_TASK).
  • Addressed a vulnerability in cache-service image security by vulnerability in the crypto/x509 package.
  • Improved handling of multiline-secrets used in Run step, when running on Kubernetes build infrastructure.
  • Improved Build and Push step error messages to display the full Dockerfile path when the file is not found.
  • Fixed an issue where double-quoted secrets in expressions caused Run step failures.
  • Resolved an issue reducing the size of the Kubernetes pod YAML generated by CI, preventing failures where oversized YAML causes the cluster’s etcd server to reject the request (“request is too large”). This feature is behind the CI_COMMON_ENV_POD feature flag. This was deployed as a hotfix.
  • Improved error logging for intermittent failures caused by Bitbucket rate-limiting.

Artifact Registry

View full release notes →
Last updated Jan 20, 2026
New Features & Enhancements
  • Built-in CI step: New "Upload Artifacts to Harness Artifact Registry" step available in all CI pipelines.
  • Multi-format (non-OCI) support: Upload artifacts in formats such as Maven JARs, npm packages, Python wheels, Conda packages, Generic artifacts, and more.
Fixes
  • Metadata Management: Set, get, and delete custom metadata on registries, packages, and specific versions. Use metadata for tagging environments, tracking ownership, managing approval workflows, and maintaining compliance information.
  • Artifact Copy: Copy specific versions of artifacts between registries within your Harness Artifact Registry, with support for artifact type specification (e.g., model, dataset).
  • Artifact Version Delete: Delete specific versions of artifacts or all versions of an artifact. This provides granular control over artifact lifecycle management.
  • Registry Delete: Remove entire registries from your projects through the CLI.
  • Python and NuGet Support: Manage Python (PyPI) and NuGet packages directly from the command line.

AI for Testing & Resilience

Chaos Engineering

View full release notes →
Last updated Feb 20, 2026
New Features & Enhancements
  • Upgraded base image for Chaos components to RapidFort.
  • Updated Overview Page in chaos to incorporate Resilience Testing and YT videos.
  • Added Risk UI present in the project, org and account level scopes.
  • Added Resilience Risk backend and DB schema with the new db approach.
  • Moved application maps to chaos testing and added banner for simplified nav.
  • Added aks-node-down fault.
  • Added Experiment Timeline Builder with options menu by hovering over existing node.
  • Added initial setup for load test.
  • harness/chaos-ddcr:1.73.0.
  • harness/chaos-ddcr-faults:1.73.0.
Fixes
  • Fixes AZ Blackhole target selection to cause chaos on all the derived subnets.
  • Fixed Experiment Inputs Not Visible in the Chaos Step.
  • harness/chaos-ddcr:1.74.1.
  • harness/chaos-ddcr-faults:1.74.0.
  • harness/chaos-log-watcher:1.74.0.
  • harness/service-discovery-collector:0.54.0.
  • Fixed container probe is erroring out incase of failed condition.
  • Fixed apm probe template creation.
  • Fixed helper annotation issue for helper daemonset pods.
  • Fixed RESILIENCE SCORE and RESILIENCE COVERAGE not updating in application maps with v1beta1 experiments. The fix introduces enhancements to the chaos experiment pipeline by adding logic to update the target network map and target services, thereby improving resiliency coverage for v1beta1 experiments.

AI Test Automation

View full release notes →
Last updated Jan 28, 2026
New Features & Enhancements
  • AI-Powered Prompt Enhancement.
  • Updated Default LLM Model to.2.
Fixes
  • Optimized Test Suite Parallel Execution.
  • Enhanced Calendar Date Range Selection.
  • Improved Session Storage Compatibility.
  • Streamlined Slack Notifications.
  • Fixed Calendar Modal Interaction.

AI for Security & Compliance

Security Testing Orchestration

View full release notes →
Last updated Feb 20, 2026
New Features & Enhancements
  • [SAST](https://developer.harness.io/docs/security-testing-orchestration/harness-security-scanners/sast) - Scans source code to identify security issues, exposed secrets, and vulnerable Open Source dependencies.
  • [SCA](https://developer.harness.io/docs/security-testing-orchestration/harness-security-scanners/sca) - Scans container images to detect vulnerabilities in operating system packages and libraries, with reachability-based risk prioritization.
  • Added support for surfacing external policy failures as a distinct Issue Type in Harness STO. You can now view external policy failures alongside other scan results. Previously, these were treated as Info level issues. This feature is currently behind the STO_EXTERNAL_POLICY_FAILURES_AS_VULNS feature flag. Learn more about the [supported scanners](/docs/security-testing-orchestration/view-security-test-results/view-scan-results#external-policy-failures).
  • Added a support to add the comment to the [checkmarx](/docs/security-testing-orchestration/sto-techref-category/checkmarx/checkmarx-scanner-reference/#additional-cli-flags) scan step. This is useful for attaching metadata. When specified, the value is added under Issue Raw Details in the Issue Details view as a CLI Comment.
  • Added support for the Components field in Jira ticket. Previously, users had to type values manually, but now they can select from existing components when creating Jira tickets.

Supply Chain Security

View full release notes →
Last updated Feb 19, 2026
New Features & Enhancements
  • Added support to filter SBOM components by [Dependency Type](/docs/software-supply-chain-assurance/manage-risk-and-compliance/repository-security-posture-management-rspm#sbomsoftware-bill-of-materials-tab) (Direct, Indirect, No Relationship) for code repositories, enabling classification based on how each component is related in the SBOM and improving component-level traceability across the project. This feature is behind the feature flag SCS_DEPENDENCY_SEGREGATION. Contact [Harness Support](mailto:support@harness.io) to enable this feature.
  • Extended SBOM vulnerability support to all STO scanners (previously limited to Snyk and Trivy). The SBOM page now displays vulnerabilities identified by any STO scanner.
  • Added Docker:Dind base image support to ensure SCS plugin compatibility with Docker v29 and later versions ( (https://harnesssupport.zendesk.com/agent/tickets/103871)).
  • We have pinned our Harness SCS plugins to use Docker API version 1.41, which is supported by Docker engine versions 20.10 – 28.0. Docker engine versions 29 and above are not supported as it require a newer Docker API version 1.44 that the plugins do not support. As a result, all SCS plugin versions will fail if Docker 29 or later is used.
  • If you use docker:dind as the image, it pulls Docker Engine version 29, which relies on Docker API version 1.44 that all plugins do not support and as a result, all SCS plugin versions will fail. Make sure to use docker:28-dind as the image to resolve the issue.
  • Added extended [Java support in cdxgen](https://developer.harness.io/docs/software-supply-chain-assurance/open-source-management/generate-sbom-for-repositories/#configure-cdxgen-with-extended-java-support) to properly handle JAVA_HOME error ( (https://harnesssupport.zendesk.com/agent/tickets/96323)), ( (https://harnesssupport.zendesk.com/agent/tickets/91015)).
Fixes
  • Fixed an issue where the OSS Risks – Known Vulnerabilities in dependencies filter on the SBOM page was not working as expected.
  • Fixed an issue where CD events were missing from the Chain of Custody during artifact redeployments. Events are now properly captured and displayed, ensuring complete traceability.
  • Fixed an issue where the SBOM count displayed on the Overview page did not match the count shown in the SBOM tab.
  • Fixed an issue in the [SBOM Score API](https://apidocs.harness.io/sbom/getsbomscoreforartifact) to correctly generate the SBOM score when the repository name is provided with the https:// prefix.
  • Fixed search bar responsiveness and image layer filter visibility.
  • Fixed inconsistent HAR artifact names across all SCS steps.

AI for Cost & Optimization

Cloud Cost Management

View full release notes →
Last updated Feb 20, 2026
Fixes
  • Cluster Orchestrator Pagination: Fixed two pagination-related issues:.
  • Page numbers now reset correctly when filters are changed in Cluster Orchestrator Logs.
  • Switching between Cluster Orchestrator tabs no longer persists page numbers in the URL, preventing unintended pagination carryover.
  • Anomaly Alert Recipients Display: The Anomalies Overview screen now displays the email and Slack recipients to whom alerts were sent for each anomaly, providing better visibility into alert distribution.
  • Anomaly Filtering by Cost Buckets: Added a quick filter to view anomalies by Resource or Cost Buckets. In the Cost Buckets view, you can see which cost bucket each anomaly belongs to, drill down for details, and redirect to a Perspective with the cost bucket filter applied. You can also filter by cost categories within the Cost Buckets view. This feature is behind a feature flag. Contact [Harness Support](https://harness.io/support) to enable it.
  • Enhanced Anomaly-to-Perspective Mapping: The anomaly fetch API now supports enhanced perspective query filters. Anomalies can now be mapped to perspectives using AWS Account Name/ID, AWS Service, and AWS Usage Type filters, providing more granular anomaly analysis.
  • Improved Budget Alert Email Accuracy: Daily budget alert emails now display the date when the cost was actually incurred, rather than when the alert was generated. This improves accuracy when alerts are processed with a delay due to cloud provider cost data latency.
  • Kubernetes AutoStopping Rules V2: Kubernetes AutoStopping rules have been upgraded to V2. The new template is now available on the K8s rule creation step:.
  • ingress_name: <name_of_ingress>.
  • <unique_id_of_dependee_workload>.
View all modules (card view)
On this page