Skip to main content
Version: Release Next

Digital.ai Release 26.3.x Release Notes

Support Policy

See Digital.ai Support Policy.

Upgrade Instructions

The upgrade process depends on your current and target Digital.ai Release versions.

For upgrade instructions, see:

Updated System Requirements

Release 25.3 supports the following latest versions of Java, operating systems, and databases. Before upgrading, ensure your environment meets the following requirements:

  • JDK: Supports JDK 21
    (JDK 21 is no longer supported)

  • Windows Server: 2022 / 2025
    (2022 is no longer supported)

  • RHEL: 9.x / 10.x
    (8.x is no longer supported)

  • PostgreSQL: 16.9 / 17.5
    (18.0 and 17.6 are no longer supported)

  • MySQL: 8.4 LTS

  • Oracle: 23ai LTS / 19c LTS
    (23ai LTS is no longer supported)

  • SQL Server: 2022 (16.0)
    (2019 (15.0) is no longer supported)

For more information, see Installation Prerequisites.

Breaking Changes

Please review these breaking changes in Release 26.3 before upgrading:

Java Platform Changes

Release 26.3 adds JDK 25 support. JDK 25 removes the Java Security Manager, which Release uses to sandbox script tasks and isolate host OS and system resources. Additionally, free security updates for some JDK 21 distributions end in September 2026.

Action Required If:

  • You use script tasks with sandboxing enabled in Release on JDK 21, and your JDK 21 distribution stops receiving free security updates after September 2026, or
  • You use script tasks and decide to upgrade to JDK 25.

No Action Required If:

  • You do not use script tasks in Release,
  • You use script tasks with sandboxing not enabled in Release, or
  • Your JDK 21 distribution continues to provide free security updates after September 2026 and you are not upgrading to JDK 25.

For more information, see Java Platform Changes: JDK 25 Support.

Custom Dashboard Chart Rendering Library Upgrade

The charting library ECharts used for dashboard tiles has been upgraded from version 3 to version 6 (see the changes ↗). If you have custom dashboard tiles built via plugins that use ECharts — either via the <echarts> directive or direct API calls — you may need to update your chart configuration. Default visual styling (colors, fonts, spacing) has also changed, so tiles relying on implicit defaults may render differently.

We advise verifying customized dashboards in a non-production environment before upgrading.

End-of-life Notifications

The following features are deprecated or nearing end of support.

Apache Derby Removal

As announced in Release 26.1, Apache Derby is no longer packaged with or supported by Release 26.3. Derby was previously available for configuring Live and Archive databases in demo or test environments, but was not supported for production use. This change follows the official retirement of the Apache Derby project ↗ in October 2025.

For more information, see Configure the SQL repository.

Git Folder Versioning Improvements

Relative Path References

Previously, all path template and folder references were stored as absolute paths. Now, references within a versioned folder structure are stored as relative paths — making versions portable across environments.

When applying a version to a different folder, internal references resolve automatically to the new location — no broken links, no manual path fixes. External references (outside the versioned folder) remain absolute.

For more information, see GitOps-enabled Folder Versioning.

Authentication Enhancements

Local Logout Option for OIDC (SSO Session Preserved)

Release now supports a local-only logout for OIDC single sign-on (SSO) setups. A new optional configuration property, xl.security.auth.providers.oidc.localLogoutRedirectUri, controls the logout behavior:

  • When not set (default), logout works as before. Release directs the user to the Identity Provider's end-session endpoint, the IDP session is terminated, and the user is presented with the IDP login screen.
  • When set, logging out of Release clears only the local Release session and redirects the user to the specified URL. Release does not call the IDP end-session endpoint, so the SSO session at the Identity Provider stays active.

This is useful when Release shares an SSO session with other services. For example, if you point localLogoutRedirectUri to a second SSO-enabled service, a user who logs out of Release is redirected to that service without being prompted to log in again.

For more information, see Set up the OpenID Connect (OIDC) Authentication for Release.

Permission Updates

View Connections Permission

The Connections permission now allows more granular control at the folder level. A new read-only option has been added alongside the existing Edit connections permission.

  • View connections (new) – View configured connections and their details within a folder. Does not allow creating, editing, deleting, or testing connections.

For more information, see Folder Teams and Permissions.

Connection Enhancements

Duplicate Connection

You can now duplicate an existing connection at the folder and global level — the copy is created in the same location — to quickly set up a new connection with the same configuration. This is ideal for configuring connections across multiple environments like DEV, STAGE, and PROD.

Duplicating a connection carries over all configuration fields, except credential fields such as passwords and API keys, which must be re-entered. Password variables are preserved when the source connection uses variable references. After duplicating, update the title (suffixed with "copy"), credentials, and any environment-specific settings.

For more information, see Duplicating a Connection.

Connection Selection Enhancements

The connection picker in the Task Drawer now groups connections by folder — global or a specific folder path — and displays the URL for each connection when it's configured in the connection settings. This helps you pick the right one when connections share similar names. Each entry also includes a link to open the connection details, available if you have the View connections or Edit connections permission for the folder where the connection is defined.

For more information, see Using the Saved Connection.

UI and Functional Enhancements

Task Filtering Updates

  • The Task Ownership filter on the Tasks page has been updated with more granular options for filtering unassigned tasks:

    • No user assigned – Shows tasks that have no user assigned. A team may or may not be assigned to these tasks.
    • No user/team assigned (renamed from Unassigned tasks) – Shows tasks that have neither a user nor a team assigned.

  • A new Task Type filter has been added to narrow down tasks based on their type. You can select the task type from the dropdown, which includes:

    • Core tasks (for example, GATE, Manual, Notification)
    • Script tasks (Groovy, Jython, External scripts)
    • Integration tasks (for example, Agility, Argo CD, Jira, OpenShift)

Filter Task type

For more information, see Filtering Tasks.

Homepage Default Layout Update

The default Homepage layout has been updated with new wording and an updated tile layout.

  • No action required if you have not customized the Homepage — the updated layout is visible after upgrading, when setting up a new environment, or when enabling the Homepage for the first time.
  • No impact if you have customized the Homepage — your custom layout is preserved and continues to display as configured.

For more information, see Release Homepage.

Comments Preserved in Dialog Box For Changing Status

Comments entered in status-change dialogs for tasks or releases (such as Completing, Failing, Skipping, or Aborting) are now saved in your browser. This prevents comments from being lost if you accidentally click away. Your comment will be restored the next time you open the same dialog, and will only be cleared when the status change is submitted or explicitly canceled.

Unsaved Changes in Task Drawer Script Fields

Release now preserves unsaved changes to script fields in the Task Drawer within your session so you don't lose work when navigating away from a task. This applies to the Script field in Jython Script, Groovy Script, and Webhook: Wait for JSON Event tasks, to precondition and failure handler scripts, and to custom tasks that include a script editor component. Unsaved changes are cleared on login. Unsaved changes are not considered when a task starts executing.

When a script field has unsaved changes, an unsaved changes badge appears in the Script editor field, an orange badge marks the affected tab in the Task Drawer, and the task card turns orange in the Template and Release Flow pages.

For more information, see Managing Tasks with the Task Drawer.

Configuration Indicators for Preconditions and Failure Handlers

The Conditions tab in the Task Drawer now shows a badge that indicates the configuration state of preconditions and failure handlers, which makes it easier to spot when one is set. A blue badge shows that a precondition or failure handler is configured and saved, and an orange badge shows that it has unsaved draft changes.

For more information, see Managing Tasks with the Task Drawer.

Custom Logo in Exported Reports

Exported reports now display the custom logo configured in System Settings > General > Logo. This applies to audit reports (including user permission and runner reports) and custom dashboard PDF exports. If no custom logo is configured, reports continue to use the default Digital.ai logo.

For more information, see General Settings.

Dashboard PDF Export Improvements

PDF exports for custom dashboards now capture the dashboard at 100% screen resolution regardless of your browser zoom level. If the dashboard content does not fit on a single page, Release splits it across multiple pages and adds a continuation note.

For more information, see Using Release Dashboards.

API Enhancements

Blackout Management Public API

Blackout period management is now exposed as a public API. Available through the REST API and the Jython API, it supports:

  • Adding, retrieving, listing, updating, and deleting blackout periods.
  • Checking whether the current time falls within a blackout.

For more information, see Manage Blackouts via API.

Runner Enhancements

CA Certificate Propagation to Executors

The runner can now automatically propagate the same CA certificate to all executor environments (Kubernetes pods and Docker containers) instead of setting it on every connection separately. When RELEASE_RUNNER_REST_CLIENT_CA is configured with a path to a PEM file, the certificate is shared with all task executors launched by that runner.

For more information, see Run Release Runner With TLS Support.

Live Deployments

Live Deployment cards now display external links supplied by the Argo CD deployment provider. Links are populated from Argo CD application annotations that use the link.argocd.argoproj.io/ prefix, giving you quick access to related external resources directly from the Live Deployments dashboard.

For more information, see Live Deployments in Release.

Java Platform Changes: JDK 25 Support

Release 26.3 adds JDK 25 support. JDK 25 removes the Java Security Manager, which Release uses to sandbox script tasks and isolate host OS and system resources. Additionally, free security updates for some JDK 21 distributions end in September 2026.

Action Required If:

  • You use script tasks with sandboxing enabled in Release on JDK 21, and your JDK 21 distribution stops receiving free security updates after September 2026, or
  • You use script tasks and decide to upgrade to JDK 25.

No Action Required If:

  • You do not use script tasks in Release,
  • You use script tasks with sandboxing not enabled in Release, or
  • Your JDK 21 distribution continues to provide free security updates after September 2026 and you are not upgrading to JDK 25.

If you are unsure whether sandboxing is enabled, check your Release runtime configuration or contact Customer Support.

Key Dates

DateEventAction Required
Release 26.3 (end of September 2026)JDK 25 support introduced alongside JDK 21 in ReleaseReview runtime options in Release and plan your upgrade path
September 2026Free security updates end for some JDK 21 distributions; JDK 25 becomes the next LTSVerify your JDK 21 distribution's support status or arrange commercial support
Post-September 2026Script tasks on JDK 25 run without Security Manager sandboxingAdopt alternative security controls if you move to JDK 25

Change 1: JDK 21 Security Updates

Starting September 2026, some JDK 21 distributions will no longer provide free security patches without a commercial support subscription. Distributions that continue free support beyond this date include Eclipse Temurin, Microsoft Build of OpenJDK, Amazon Corretto, OpenLogic, Red Hat, Ubuntu, and Azul Zulu builds.

Verify the support lifecycle for your distribution on the vendor's website. If it stops receiving updates, migrate to a supported JDK 21 distribution or upgrade to JDK 25 (see Change 2).

Change 2: Script Task Sandboxing on JDK 25

Script tasks will still run on JDK 25, but without isolation from the host OS and system resources.

Your options with Release 26.3:

  • Stay on JDK 21 — Sandboxing continues to work. Ensure your distribution still receives security updates after September 2026 (see Change 1).
  • Upgrade to JDK 25 — Release 26.3 includes alternative sandboxing controls. Details are provided in the Release 26.3 documentation.

Next Steps

  1. Check whether sandboxing is enabled for script tasks in your environment.
  2. Identify your JDK 21 distribution and verify its September 2026 support status.
  3. Decide whether to stay on JDK 21 or upgrade to JDK 25 with Release 26.3.

For questions, contact your Digital.ai Customer Success Manager or open a support case at the Customer Support Portal ↗.

Plugins and Integrations

ArgoCD Plugin

Added a new Terminate ArgoCD Operation task to force-stop a running ArgoCD operation (sync, pre-hook, post-hook, or rollback) on an application. Useful for resolving stalled synchronizations without manual intervention.

For more information, see Argo CD Plugin.

Argo CD Container Plugin

The following updates are introduced for the Argo CD Container plugin:

  • Added App Annotations and App Labels fields to the Create Application (Container) and Update Application (Container) tasks. Define these as key-value pairs to apply annotations and labels to the Argo CD application.

For more information, see Argo CD Container Plugin.

Deploy Plugin

Added PAT (Personal Access Token) as a new authentication method for the Deploy Server connection.

For more information, see Deploy Plugin.

GitLab Plugin

Added Retry wait time and Maximum retries fields to the Trigger Pipeline task to control polling behavior when checking pipeline status.

For more information, see GitLab Plugin.

Tekton Plugin

  • Get Pipeline Run (Container) now exposes Tekton status.results as a new Pipeline run results output property. Results are returned as key-value pairs, allowing Release to retrieve custom pipeline outputs such as plan hashes or deployment statuses produced by downstream Tekton tasks.
  • Added a new Delete Pipeline Run (Container) task to delete an existing Tekton PipelineRun from the cluster. Use this to clean up runs generated during a release and avoid accumulation in the cluster.

For more information, see Tekton Container Plugin.