Release 2025.53.0
Release period: 2025-12-03 to 2025-12-10
This release includes the following issues:
- Automatic User Access Control Assignment
- Edit User Access During Workspace and Project Creation
- Open GitHub Workflow Files Directly from Building Block Definition
- Improved Structure for Platform Authentication Configuration in meshPlatform API
- Runner Selection for Building Block Integrations
- Communication Email Header Logo in Preview and Sent Emails
- Communication Center Email Preview Matches Actual Emails
- Azure Subscription Name Enforcement
- Built-In Integrations Exposed via meshIntegration API
- Streamlined Adding User Access with Modal Dialog
- Drift Detection of Secrets for meshPlatform API v2-preview
Ticket Details
Automatic User Access Control Assignment
Audience: User
Description
When you create a new project, you are now automatically added with the highest-ranking role available to you, matching the existing behavior during workspace creation. Asides the Admin Area Workspace Management, where you can still add yourself directly as a workspace manager, the "Add Myself" button has been removed from workspace and project access control overview screens, streamlining the interface and reducing clutter.
Note: This change only affects customers who have access to the new access control v2 feature. If you are using the standard access control interface, this change does not apply to you.
Edit User Access During Workspace and Project Creation
Audience: User
Description
You can now edit user access assignments directly during workspace and project creation. Previously, you could only add or remove users during the creation process, but not modify their roles or expiration dates. This improvement allows you to adjust access settings in the creation flow.
Note: This change only affects customers who have access to the new access control v2 feature. If you are using the standard access control interface, this change does not apply to you.
Open GitHub Workflow Files Directly from Building Block Definition
Audience: User
Description
When configuring a GitHub Actions Building Block Definition, you can now open the workflow files directly in GitHub from the meshPanel. This makes it easier to verify your configuration and review the workflow implementation without manually navigating to the GitHub repository.
How to use
In the Building Block Definition configuration, after entering your GitHub workflow file names (deploy and destroy workflows), click the "Open workflow" button next to each field to open the corresponding workflow file in a new tab. The button becomes available once you have provided the integration, repository, and branch details.
Improved Structure for Platform Authentication Configuration in meshPlatform API
Audience: User
Description
The meshPlatform API v2-preview now uses an improved and more consistent structure for configuring platform authentication
credentials. The authentication configuration has been reorganized to use a unified auth pattern across
all cloud platforms (AWS, Azure, GCP, and AKS). This change makes it easier to understand and configure different
authentication methods (credentials vs. workload identity) by using a consistent structure with a type field
that clearly identifies the authentication method being used.
How to use
If you are using the meshPlatform API preview-v2 to manage platform configurations, you need to update your API requests to use the new structure. Please refer to the updated API documentation for detailed examples of the new configuration structure for each platform type.
Runner Selection for Building Block Integrations
Audience: User
Description
You can now select a specific building block runner when creating or editing integrations for GitHub, GitLab, and Azure DevOps. This allows you to choose which runner will execute the building block definitions that use this integration.
How to use
When creating or editing an integration, a new "Building Block Runner" section appears below the integration configuration. You can select from available runners that match the integration type (e.g., GitHub Workflow runners for GitHub integrations). If you change the runner for an existing integration that stores secrets (GitHub or Azure DevOps), you'll need to re-enter those secrets as they are encrypted per runner.
Communication Email Header Logo in Preview and Sent Emails
Audience: User
Description
The email preview in the communication center now displays your organization's logo at the top of the message, matching what recipients will see. Additionally, the logo display in actual sent emails has been improved to ensure consistent and professional formatting regardless of the original logo size.
How to use
When creating a communication, the email preview will show your configured logo at the top of the message. This preview accurately reflects how the logo will appear in emails sent to workspace members, helping you ensure your communications maintain a professional appearance.
Communication Center Email Preview Matches Actual Emails
Audience: User
Description
When you create communications in the communication center, the email preview now shows exactly what recipients will receive. The greeting and message content are now displayed in the same format in both the preview and the actual sent emails.
How to use
When creating a communication, use the email preview feature to see exactly how your message will appear to recipients. The preview accurately reflects the final email layout, including the personalized greeting (when applicable) and the message content. This helps you ensure your communication looks professional before sending it to workspace members.
Azure Subscription Name Enforcement
Audience: User
Description
During Azure replication, meshStack now ensures that the Azure subscription name is correctly applied according to the configured subscription name pattern. This step was added to the replication process to guarantee that subscription names remain consistent with your naming conventions, even if they were changed manually or through other means.
Built-In Integrations Exposed via meshIntegration API
Audience: User
Description
The meshIntegration API now exposes built-in integrations (Replicator and Metering) as read-only resources. You can retrieve Workload Identity Federation (WIF) configuration details including OIDC issuer, subject identifiers, and token paths for GCP, AWS, and Azure. This enables you to fully automate platform setup by retrieving WIF information via the API before creating the platform in meshStack.
How to use
Filter by integration type (replicator or metering) or retrieve individual integrations by their static UUID. Use the WIF configuration from the status field to configure your cloud platform's identity provider before creating the platform in meshStack. Built-in integrations are read-only and cannot be created, updated, or deleted via the API.
Streamlined Adding User Access with Modal Dialog
Audience: User
Description
We improved the user experience when adding users to workspaces and projects in the new access control interface (access control v2). Instead of using a dropdown popover, the "Add Users" functionality now opens in a clear modal dialog, providing a more focused and intuitive interface. You can now add multiple users at once and invite new users by email in the same flow, streamlining the process of managing workspace and project access.
Note: This change only affects customers who have access to the new access control v2 feature. If you are using the standard access control interface, this change does not apply to you.
Drift Detection of Secrets for meshPlatform API v2-preview
Audience: User
Description
The meshPlatform API v2-preview now supports drift detection for platform configuration secrets. Previously, GET responses returned a placeholder value for secrets, making it impossible to detect when secrets were changed outside of Terraform or other API clients. Now, secrets are returned with a hash value that enables drift detection while maintaining security by never exposing the actual secret values. This is a breaking change for the v2-preview API, so existing API clients need to adapt to the new secret representation structure.
How to use
When creating or updating platforms via the API, you can provide secret values using a "plaintext" property. GET responses return a "hash" property instead of the actual secret or a placeholder. Terraform providers and other API clients can store this hash and compare it on subsequent reads to detect when secrets have been changed outside of their control. When updating a platform, you can either provide a new secret value to update it, or provide the hash from a previous response to keep the existing secret unchanged. For details on the new secret structure, see the API documentation at https://docs.meshcloud.io/api/mesh-platform-post-v/.