Release 2025.52.0
Release period: 2025-11-26 to 2025-12-03
This release includes the following issues:
- Security Hardening - Pin Panel Dependencies to Stable Versions
- Fixed Building Block Run API Documentation
- Fix Workload Identity Federation Input Generation in Building Block Definitions
- Enhanced Author Information in meshEventLog API
- Improved User Experience When Creating Tenants With Landing Zones
- Improved Building Block Input Change Detection
- Add workspaceIdentifier Query Parameter for Event Logs API
- Fixed AWS Landing Zone Detection for Control Tower Enrollment
- meshUser API Now Exposes UUID
- Remove Legacy Config-Based Message of the Day Configuration
- Event Logs for Policies
- Event Log API Supports Title Exclusion for Efficient Filtering
- Improved Building Block Definition Form Order
- Improved Event Log Author Information in Admin Area
- New meshIntegration API for Integration Management
- Improved Unmanaged Tenant Import Stability
- Event Logs for API Users
Ticket Details
Security Hardening - Pin Panel Dependencies to Stable Versions
Audience: User
Description
We have proactively pinned all Angular panel dependencies to stable versions that are older than 4 months as a preventive measure against the Shai Hulud 2.0 worm. Based on current information, the library versions we used previously were not known to be affected by this vulnerability. Additionally, our backend already uses fixed dependency versions, and we have secured our CI/CD pipelines following all recommended security measures to protect against this threat.
How to use
No action is required from you. meshStack was not affected by the Shai Hulud 2.0 vulnerability, and we have taken comprehensive preventive measures across the entire platform to ensure continued security.
Fixed Building Block Run API Documentation
Audience: User
Description
We fixed an issue where the "Update source for a building block run" endpoint was not appearing correctly in the API documentation sidebar. The endpoint documentation is now properly displayed and easier to find in the navigation.
Fix Workload Identity Federation Input Generation in Building Block Definitions
Audience: User
Description
Fixed an issue where the workload identity federation (WIF) input generation was broken during building block definition creation. This affected building blocks using Terraform and other runners that require WIF configuration.
Enhanced Author Information in meshEventLog API
Audience: User
Description
The meshEventLog API now provides more detailed information about the author of each event. This enhancement makes it easier to understand who performed specific actions in your meshStack environment.
How to use
When retrieving event logs via the meshEventLog API, you will now receive additional author details for each event. For a complete description of all available author fields and their meanings, please refer to the official meshStack documentation.
Improved User Experience When Creating Tenants With Landing Zones
Audience: User
Description
We improved the user experience when creating tenants for platforms with landing zones that have mandatory building blocks. Previously, it was possible to navigate to the access control screen before all mandatory building blocks were fully loaded, which could result in incomplete tenant configurations. Now, the landing zone selection dropdown displays a clear loading indicator while building blocks are being fetched, and navigation to the next step is disabled until all necessary building block definitions are fully loaded. This ensures that you can only proceed when all mandatory building blocks are properly configured and ready for your tenant.
Improved Building Block Input Change Detection
Audience: User
Description
We fixed an issue where changes to building block input properties were not properly detected when the input value came from another building block's output (dependent inputs). Previously, if you changed properties like the environment flag or sensitivity flag on such inputs, these would not be recognized as changes and could lead to missing variables during building block execution.
Add workspaceIdentifier Query Parameter for Event Logs API
Audience: User
Description
The meshEventLog API now supports filtering by workspace identifier. A new workspaceIdentifier query parameter has
been added to the event logs list endpoint, allowing API consumers to filter event logs by the exact workspace
identifier. This is in addition to the existing workspaceName parameter which performs a partial match on the
workspace display name.
Fixed AWS Landing Zone Detection for Control Tower Enrollment
Audience: User
Description
We resolved an issue where meshStack was unable to detect if an AWS account was already part of an AWS Landing Zone during Control Tower enrollment. This caused enrollment attempts to fail without proper error handling when accounts were already managed by an existing Landing Zone. The fix ensures that the replication process now correctly checks Landing Zone manifests.
How to use
In order to successfully incorporate the AWS Landing Zone detection feature, please ensure that your meshfed-service role for the AWS replication contains the two new permissions for reading landing zone attributes as described in the documentation.
meshUser API Now Exposes UUID
Audience: User
Description
The meshUser meshObject API now includes a unique identifier (UUID) in the metadata section. This UUID uniquely
identifies each user in meshStack. Additionally, you can now filter meshUsers by their UUID using the new uuid
query parameter.
Remove Legacy Config-Based Message of the Day Configuration
Audience: User
Description
We have removed the legacy deployment config-based message of the day (MOTD) system from meshPanel. This simplifies the deployment configuration and reduces complexity.
How to use
You can continue using the built-in message of the day capabilities through the self-service features in meshPanel. The removal of the config-based motd does not affect the functionality of displaying messages to users - it only changes how these messages are configured by administrators.
Event Logs for Policies
Audience: User
Description
We now create event logs for policies. When you create, modify, or delete a policy, these changes are now visible in the Event Logs section in the admin area. This provides you with better visibility and auditability of policy changes in your meshStack installation.
Event Log API Supports Title Exclusion for Efficient Filtering
Audience: User
Description
The meshEventLog API now supports a new excludeTitle query parameter that allows you to filter out event logs by title. This is particularly useful when exporting event logs to SIEM systems or other monitoring tools where you want to exclude high-volume event types like "Building Block Run Requested" to reduce noise and focus on relevant events. You can specify the parameter multiple times to exclude multiple event titles in a single request.
Improved Building Block Definition Form Order
Audience: User
Description
The form layout for creating and editing building block definitions has been reorganized to follow a more logical sequence. Implementation details now appear before runner configuration, making the creation process more intuitive. Additionally, an outdated beta notification for GitLab integrations has been removed.
Improved Event Log Author Information in Admin Area
Audience: User
Description
The event logs in the Admin Area now display more detailed author information. The Author column clearly shows what type of principal performed the action (API key, API user, or human user) and identifies the specific API key/API user/human user that executed the action. This enhancement provides better transparency and traceability for administrative actions in your meshStack installation.
How to use
Navigate to the Admin Area and open the event logs view. You will see the improved author information in the Author column for all newly created event logs. Please note that event logs created before this change was implemented will continue to show the previous author format without the detailed principal type information.
New meshIntegration API for Integration Management
Audience: User
Description
A new meshIntegration API is now available for programmatic access to integrations. The API enables automated management of building block integrations (GitHub, GitLab, Azure DevOps), including creation, modification, and deletion of integration configurations. Users can manage integrations within their workspace scope.
Improved Unmanaged Tenant Import Stability
Audience: User
Description
We improved the reliability of importing unmanaged tenants to projects. The import process is now more stable providing you with a smoother experience when assigning unmanaged tenants to your projects.
Event Logs for API Users
Audience: User
Description
We now create event logs for API Users. When you create, modify, or delete an API User, these changes are now visible in the Event Logs section in the admin area. This provides you with better visibility and auditability of API User changes in your meshStack installation.