Skip to main content
Harness

Harness Release Notes Summaries

Explore release notes from the last 30 days across the Harness Platform and modules.

INFO

Please review the full module release notes by selecting a module in the sidebar, or using the View full release notes links beside each module summary.

Platform Release Notes

Platform

View full release notes →
Last updated Feb 20, 2026
New Features & Enhancements
  • Implemented reference creation between user groups and notification channels at the project scope, ensuring user groups cannot be deleted while they are referenced by one or more notification channels.
  • Upgraded yq to version 4.50.1 in the base image to address-61729.
  • Updated the Bouncy Castle (BC) libraries to version 1.80 in the Docker configuration and associated scripts.
  • Enhanced the Google Secrets Manager connector to support [cross-project secret](/docs/platform/secrets/secrets-management/add-a-google-cloud-secret-manager/#enable-cross-project-access) access using a single connector.
  • Upgraded the Java OpenJDK to version 17.0.17 to improve stability, security, and performance.
  • OPA policies are now enforced during token rotation, ensuring rotated tokens follow policy limits and do not use long expiration times.
Fixes
  • Fixed an issue where permission checks for the split user group permissions were not properly controlled by the feature flag.
  • Addressed-24049 by pinning the JaCoCo version used in Python.
  • Enhanced delegate existence checks by including Delegate Group Name along with hostname and IP address, enabling the creation of delegates with identical hostnames and IPs in different infrastructures.
  • Resolved an issue where user search on the Access Control > Users page did not work correctly for emails containing special characters. The search query is now parsed correctly and matches user emails and names as expected.
  • Improved secret handling by correcting metadata mismatches between secrets and their encrypted records.
  • Resolved a virtual service conflict impacting delegate resources.
  • Resolved an issue where ingress routes were updated as part of the change that moved Delegate APIs from ng-manager to harness-manager, but required Istio routes were missing, causing routing issues. The missing routes have now been added to ensure correct traffic routing.

Delegate

View full release notes →
Last updated Feb 26, 2026
New Features & Enhancements
  • Added a check to store the release history of Kubernetes deployments in Secrets instead of ConfigMaps when pruning is enabled. This fix is currently guarded behind the feature flag CDS_STORE_PRUNING_RELEASE_HISTORY_IN_SECRET.
  • Added support for Bitbucket Cloud API tokens in connector authentication, enabling token-based access and easing the transition away from deprecated app passwords.
  • Added support for dynamic port configuration using the {{DELEGATE_HTTP_PORT}} environment variable, allowing each delegate to use a unique port while maintaining backward compatibility with the default port 3460.
  • Resolved-68121 by upgrading Go to version 1.25.7.
  • Upgraded the Delegate Upgrader image with Go v1.25 and Kubernetes Go client v1.35.
Fixes
  • Added support for the delegate environment variable MAX_DOCKER_ARTIFACT_TAGS_PER_IMAGE, which lets you control the maximum number of Docker tags fetched per image. The default value is 10,000 tags. To override the default, set the environment variable on your delegate:.
  • name: MAX_DOCKER_ARTIFACT_TAGS_PER_IMAGE.
  • Added the tree query parameter to Jenkins API calls to ensure compatibility and unblock API requests in the latest CloudBees Jenkins integration.
  • ASG steps using AWS Connector with authentication type OIDC or IRSA will be properly used for deployments.
  • We’ve improved accuracy for low-data scenarios. Previously, the Statistical model would mark anomalies that Prophet didn't, leading to occasional inaccuracies.
  • Resolved deserialization errors in connector validation results caused by missing constructors.
  • Fixed an issue where 'not found' pods triggered retry loops during the event phase.
  • We’ve updated the retry logic to always re-evaluate conditions, even if the step previously attempted to run.
  • Improved error messaging to suggest checking permissions and installation for the aws-iam-authenticator binary.
  • Improved the ECS steady state check. Instead of relying on the event createdAt timestamp, we now store the timestamp before performing any ECS operations and use it to filter out stale AWS events. This fix is gated behind the feature flag CDS_ECS_USE_CREATED_AT_DEPLOYMENT_STEADY_STATE.

AI for DevOps & Automation

Continuous Delivery & GitOps

View full release notes →
Last updated Feb 27, 2026
New Features & Enhancements
  • GitOps service now integrates with Open Policy Agent (OPA) for applications, enabling policy-based governance and validation for GitOps applications.
  • Harness now supports Blue-Green deployments to [Google Cloud Platform Managed Instance Groups](/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/mig). Deploy GCP VM workloads with zero downtime, gradual traffic shifting using Cloud Service Mesh, and instant rollback. Currently, this feature is governed by the CDS_GOOGLE_MIG feature flag. Contact [Harness Support](mailto:support@harness.io) to enable it.
  • Harness now supports multi-account deployments for AWS CDK, allowing you to deploy to different AWS accounts using a single connector by overriding the region and assuming a different IAM role at the step level.
  • Harness now supports GCP connector credentials for Terraform steps, enabling authentication with Google Cloud Platform using Manual Credentials, Inherit From Delegate, or OIDC Authentication methods. This feature requires delegate version 88303 or later.
  • Harness now supports cross-project access for Google Cloud Operations health sources. You can now specify a GCP Project ID to query metrics and logs from a different project than your connector's default, eliminating the need to create separate connectors for each GCP project.
  • Harness now supports Git-based pipeline YAMLs in Dynamic Stages, allowing you to execute pipeline YAMLs stored in Git repositories in addition to inline and runtime-provided YAML. You can optionally specify a commit hash to use a specific version of the file.
  • Harness now supports a new "Waiting for User Action" pipeline notification event. You can configure pipeline notifications that are sent whenever a pipeline pauses for user input, such as approvals, manual interventions, or file uploads.
  • Harness has improved trigger evaluation resilience. A failure in one trigger no longer blocks or skips the evaluation of other triggers, ensuring all eligible triggers are evaluated independently when an event is received.
  • Harness Artifact Registry now supported as an artifact source for all CD deployment types (except Helm). HAR provides native integration for both container images and packaged artifacts (Maven, npm, NuGet, generic). For more information, go to [Harness Artifact Registry](/docs/continuous-delivery/x-platform-cd-features/services/artifact-sources#harness-artifact-registry).
  • Continuous Verification now supports custom webhook notifications for verification sub-tasks, providing real-time updates on data collection, analysis, and verification status with correlation IDs for event tracking. This feature is behind the feature flag CDS_CV_SUB_TASK_CUSTOM_WEBHOOK_NOTIFICATIONS_ENABLED. Contact [Harness Support](mailto:support@harness.io) to enable it. For more information, go to [Sub-Task Notifications](/docs/continuous-delivery/verify/configure-cv/verify-deployments#sub-task-notifications).
Fixes
  • Fixed an issue where Harness dashboards failed to load data, returning a PostgreSQL error when attempting to retrieve dashboard information.
  • Fixed an issue where saving a freeze window with email notifications configured in delegate mode failed with a YAML validation error. The UI-generated YAML for delegate selectors was incorrectly formatted, causing the save operation to fail even though no manual YAML edits were made.
  • Fixed an issue where the Triggered by column in the pipeline executions list displayed a generic Webhook(<id>) label instead of the configured trigger name after adding a CI stage to an existing CD pipeline. The trigger name now displays consistently regardless of the stage types present in the pipeline.
  • Fixed an issue where send status back to git does not publish commit status when the pipeline is triggered via the Harness code trigger in custom stages. Status handling was missing in the Harness code repository because it lacks a connectorRef. Added proper handling for the code repository.
  • Fixed an issue where executing a pipeline directly from an input set failed with a validation error for a required variable, even though the variable value was already populated. This was caused by an empty pipeline identifier being sent in the input set API call.
  • Fixed an issue where the Updated Time column on the pipeline template's referencing entities tab displayed time in 24-hour format with an incorrect AM/PM suffix (for example, 14:11 PM). The timestamp now uses a consistent and valid time format.
  • Fixed an issue where the Start button in the Infra Workspace Template creation flow was unresponsive on prod2, preventing users from creating new templates. This occurred even though the workspace templates feature was GA and enabled for the account.
  • Fixed a race condition where the built-in expression <+project.identifier> failed to resolve in time during parallel HTTP steps, causing a 400 error. The expression now resolves consistently across all parallel steps during pipeline execution.
  • Google MIG Blue-Green deployment updates: All Blue-Green deployment plugin images have been updated from 0.0.1 to 0.1.0. This release includes the following changes:.
  • The targetSize field in the Blue-Green Deploy step no longer defaults to 1. If not specified, Harness automatically fetches the current instance count from the stable MIG and applies it to the stage MIG. If an autoscaler is configured, the autoscaler controls the final instance count. Existing pipelines with an explicit targetSize value are not affected.

Continuous Integration

View full release notes →
Last updated Feb 26, 2026
New Features & Enhancements
  • Introduced Save Cache to Azure and Restore Cache to Azure pipeline steps (YAML-only) to enable artifact caching with Azure Blob Storage using Microsoft identity provider authentication.
  • Build and Push to Azure Container Registry (ACR) steps now support authentication using delegate-based User Assigned Managed Identity (Azure Workload Identity).
  • Kubernetes builds now support additional JWT claims when integrating with HashiCorp Vault for secret management. This feature is currently behind the feature flag PL_ENABLE_GRANULAR_CLAIMS_FOR_VAULT.
  • Build Intelligence (background step) logs are now visible during stage execution.
Fixes
  • Resolved an issue with the <+codebase.repoUrl> expression returning incorrect URLs in Azure Repos commit-based builds.
  • Resolved an issue with environment variable resolution in Buildx Bake configurations on self-hosted, VM runners and local runners.
  • Improved Test Intelligence security by upgrading the underlying runtime to address known vulnerabilities.
  • Improved Artifactory plugin security by upgrading the underlying runtime to address known vulnerabilities.
  • Resolved an issue with Docker Buildx Bake environment variable handling in Kubernetes builds.
  • Improved Test Intelligence security by updating golang version in the split test binary.
  • Improved GitLab merge request status updates so pipeline status now reflects execution progress in real time instead of only after stage completion.
  • Fixed an issue where pipeline re-runs could fail when delegate selectors were used with codebase tasks (SCM_GIT_REF_TASK).
  • Addressed a vulnerability in cache-service image security by vulnerability in the crypto/x509 package.
  • Improved handling of multiline-secrets used in Run step, when running on Kubernetes build infrastructure.

Artifact Registry

View full release notes →
Last updated Jan 20, 2026
New Features & Enhancements
  • Built-in CI step: New "Upload Artifacts to Harness Artifact Registry" step available in all CI pipelines.
  • Multi-format (non-OCI) support: Upload artifacts in formats such as Maven JARs, npm packages, Python wheels, Conda packages, Generic artifacts, and more.
Fixes
  • Metadata Management: Set, get, and delete custom metadata on registries, packages, and specific versions. Use metadata for tagging environments, tracking ownership, managing approval workflows, and maintaining compliance information.
  • Artifact Copy: Copy specific versions of artifacts between registries within your Harness Artifact Registry, with support for artifact type specification (e.g., model, dataset).
  • Artifact Version Delete: Delete specific versions of artifacts or all versions of an artifact. This provides granular control over artifact lifecycle management.
  • Registry Delete: Remove entire registries from your projects through the CLI.
  • Python and NuGet Support: Manage Python (PyPI) and NuGet packages directly from the command line.

AI for Testing & Resilience

Chaos Engineering

View full release notes →
Last updated Feb 24, 2026
New Features & Enhancements
  • Added live logging support for linux v2 and windows v2 infrastructure.
  • Added UI support for experiment templates for Windows and Linux infrastructure.
  • Added Resource Selector for probe, action, faults in chaos module.
  • Added new submodule routes behind feature flags in chaos web.
  • Added changes in linux infrastructure and infrastructure server to support load tests.
  • Updated go-billing package for flex licensing to fix memory leak.
  • Upgraded base image for Chaos components to RapidFort.
  • Updated Overview Page in chaos to incorporate Resilience Testing and YT videos.
  • Added Risk UI present in the project, org and account level scopes.
  • Added Resilience Risk backend and DB schema with the new db approach.
Fixes
  • Fixed HSM secret mechanism in backend for SecretText case for faults - redis/vmware (password).
  • Fixed ACL permission gaps and missing UI error handling across UI/API in Chaos module.
  • Implemented start/stop polling control on the onboarding status query. When the user reaches the "Create Application Maps" step, polling is automatically paused so the Network Map table remains stable for interaction (including opening menus and deleting maps). Polling resumes when the user navigates away from the step or advances to the next onboarding phase.
  • harness/chaos-ddcr:1.75.0.
  • harness/chaos-ddcr-faults:1.75.0.
  • harness/chaos-log-watcher:1.75.1.
  • harness/service-discovery-collector:0.55.0.
  • Fixes AZ Blackhole target selection to cause chaos on all the derived subnets.
  • Fixed Experiment Inputs Not Visible in the Chaos Step.
  • harness/chaos-ddcr:1.74.1.

AI Test Automation

View full release notes →
Last updated Jan 28, 2026
New Features & Enhancements
  • AI-Powered Prompt Enhancement.
  • Updated Default LLM Model to.2.
Fixes
  • Optimized Test Suite Parallel Execution.
  • Enhanced Calendar Date Range Selection.
  • Improved Session Storage Compatibility.
  • Streamlined Slack Notifications.
  • Fixed Calendar Modal Interaction.

AI for Security & Compliance

Security Testing Orchestration

View full release notes →
Last updated Feb 20, 2026
New Features & Enhancements
  • [SAST](https://developer.harness.io/docs/security-testing-orchestration/harness-security-scanners/sast) - Scans source code to identify security issues, exposed secrets, and vulnerable Open Source dependencies.
  • [SCA](https://developer.harness.io/docs/security-testing-orchestration/harness-security-scanners/sca) - Scans container images to detect vulnerabilities in operating system packages and libraries, with reachability-based risk prioritization.
  • Added support for surfacing external policy failures as a distinct Issue Type in Harness STO. You can now view external policy failures alongside other scan results. Previously, these were treated as Info level issues. This feature is currently behind the STO_EXTERNAL_POLICY_FAILURES_AS_VULNS feature flag. Learn more about the [supported scanners](/docs/security-testing-orchestration/view-security-test-results/view-scan-results#external-policy-failures).
  • Added a support to add the comment to the [checkmarx](/docs/security-testing-orchestration/sto-techref-category/checkmarx/checkmarx-scanner-reference/#additional-cli-flags) scan step. This is useful for attaching metadata. When specified, the value is added under Issue Raw Details in the Issue Details view as a CLI Comment.
  • Added support for the Components field in Jira ticket. Previously, users had to type values manually, but now they can select from existing components when creating Jira tickets.

Supply Chain Security

View full release notes →
Last updated Feb 19, 2026
New Features & Enhancements
  • Added support to filter SBOM components by [Dependency Type](/docs/software-supply-chain-assurance/manage-risk-and-compliance/repository-security-posture-management-rspm#sbomsoftware-bill-of-materials-tab) (Direct, Indirect, No Relationship) for code repositories, enabling classification based on how each component is related in the SBOM and improving component-level traceability across the project. This feature is behind the feature flag SCS_DEPENDENCY_SEGREGATION. Contact [Harness Support](mailto:support@harness.io) to enable this feature.
  • Extended SBOM vulnerability support to all STO scanners (previously limited to Snyk and Trivy). The SBOM page now displays vulnerabilities identified by any STO scanner.
  • Added Docker:Dind base image support to ensure SCS plugin compatibility with Docker v29 and later versions ( (https://harnesssupport.zendesk.com/agent/tickets/103871)).
  • We have pinned our Harness SCS plugins to use Docker API version 1.41, which is supported by Docker engine versions 20.10 – 28.0. Docker engine versions 29 and above are not supported as it require a newer Docker API version 1.44 that the plugins do not support. As a result, all SCS plugin versions will fail if Docker 29 or later is used.
  • If you use docker:dind as the image, it pulls Docker Engine version 29, which relies on Docker API version 1.44 that all plugins do not support and as a result, all SCS plugin versions will fail. Make sure to use docker:28-dind as the image to resolve the issue.
  • Added extended [Java support in cdxgen](https://developer.harness.io/docs/software-supply-chain-assurance/open-source-management/generate-sbom-for-repositories/#configure-cdxgen-with-extended-java-support) to properly handle JAVA_HOME error ( (https://harnesssupport.zendesk.com/agent/tickets/96323)), ( (https://harnesssupport.zendesk.com/agent/tickets/91015)).
Fixes
  • Fixed an issue where the OSS Risks – Known Vulnerabilities in dependencies filter on the SBOM page was not working as expected.
  • Fixed an issue where CD events were missing from the Chain of Custody during artifact redeployments. Events are now properly captured and displayed, ensuring complete traceability.
  • Fixed an issue where the SBOM count displayed on the Overview page did not match the count shown in the SBOM tab.
  • Fixed an issue in the [SBOM Score API](https://apidocs.harness.io/sbom/getsbomscoreforartifact) to correctly generate the SBOM score when the repository name is provided with the https:// prefix.
  • Fixed search bar responsiveness and image layer filter visibility.
  • Fixed inconsistent HAR artifact names across all SCS steps.

AI for Cost & Optimization

Cloud Cost Management

View full release notes →
Last updated Feb 25, 2026
Fixes
  • Cluster Orchestrator Pagination: Fixed two pagination-related issues:.
  • Page numbers now reset correctly when filters are changed in Cluster Orchestrator Logs.
  • Switching between Cluster Orchestrator tabs no longer persists page numbers in the URL, preventing unintended pagination carryover.
  • Anomaly Alert Recipients Display: The Anomalies Overview screen now displays the email and Slack recipients to whom alerts were sent for each anomaly, providing better visibility into alert distribution.
  • Anomaly Filtering by Cost Buckets: Added a quick filter to view anomalies by Resource or Cost Buckets. In the Cost Buckets view, you can see which cost bucket each anomaly belongs to, drill down for details, and redirect to a Perspective with the cost bucket filter applied. You can also filter by cost categories within the Cost Buckets view. This feature is behind a feature flag. Contact [Harness Support](https://harness.io/support) to enable it.
  • Enhanced Anomaly-to-Perspective Mapping: The anomaly fetch API now supports enhanced perspective query filters. Anomalies can now be mapped to perspectives using AWS Account Name/ID, AWS Service, and AWS Usage Type filters, providing more granular anomaly analysis.
  • Improved Budget Alert Email Accuracy: Daily budget alert emails now display the date when the cost was actually incurred, rather than when the alert was generated. This improves accuracy when alerts are processed with a delay due to cloud provider cost data latency.
  • Kubernetes AutoStopping Rules V2: Kubernetes AutoStopping rules have been upgraded to V2. The new template is now available on the K8s rule creation step:.
  • ingress_name: <name_of_ingress>.
  • <unique_id_of_dependee_workload>.
View all modules (card view)
On this page