Release 2026.4.0
Release period: 2026-01-23 to 2026-01-28
This release includes the following issues:
- AWS Replication Now Detects Inactive and Deleted Accounts
- Fixed Issue Where Code Inputs Could Not Be Marked as Sensitive
- Landing Zone Selection Now Respects Project Tag Policies
- Improved Building Block Input Key Validation
- Fix Building Blocks With Author Input
- Improved Error Messages for Building Block Dependency Failures
- Improved Error Messages for Building Block Run Failures
- Building Block Type Selection Now Required During Creation
- Automatic MESHSTACK_ENDPOINT Input for Building Block Definitions
- Improved API Key Permission Descriptions for Tenant Import
Ticket Details
AWS Replication Now Detects Inactive and Deleted Accounts
Audience: User
Description
We improved the AWS account replication to detect inactive or deleted accounts more reliably. Previously, the replication process only checked if an AWS account existed, which could lead to misleading success messages even when the account was actually deleted or inactive in AWS. If an account is found to be deleted or inactive, you will receive a clear replication failure message. This message will prompt you to either ensure the account is active in AWS or initiate the deletion process for the project/tenant in meshStack if the account is no longer needed.
Fixed Issue Where Code Inputs Could Not Be Marked as Sensitive
Audience: User
Description
A recent regression prevented building block definition inputs of type 'Code' from being marked as sensitive (encrypted). This functionality was previously working but was accidentally disabled. The issue has been fixed and code type inputs can now be marked as sensitive again.
This fix also resolves an issue where Kotlin-based building block runners (GitHub, GitLab, Azure DevOps, and Manual runners) were not decrypting sensitive code type inputs during execution, even though the Terraform runner handled them correctly. All runners now properly decrypt code type sensitive inputs.
Landing Zone Selection Now Respects Project Tag Policies
Audience: User
Description
When creating a project, the landing zone selection dropdown now correctly prevents you from selecting landing zones that do not match your project's tag policies. Previously, all landing zones appeared selectable in the dropdown, though backend validation would later prevent the wizard from completing if an incompatible landing zone was selected. Now, incompatible landing zones are visibly disabled in the dropdown with a ban icon, making it immediately clear which landing zones are available for your specific project configuration.
Improved Building Block Input Key Validation
Audience: User
Description
Building block input keys now show a clear, user-friendly error message when you enter an invalid name. The validation now ensures that input keys must follow a certain pattern to not cause problems during building block execution.
Fix Building Blocks With Author Input
Audience: User
Description
Fixed a regression introduced in release v2026.2.0 where building block runs would fail when using Author assignment type inputs. The author information is now correctly passed as a structured JSON object to Terraform, preventing "Variables not allowed" errors.
How to use
No action required. Building blocks with Author assignment type inputs will now execute successfully. The author information (including user identifier, display name, username, email, and euid) is automatically provided as a properly formatted JSON object to your Terraform code.
Improved Error Messages for Building Block Dependency Failures
Audience: User
Description
We improved the error messages displayed when a building block cannot be created due to a missing dependency output. Previously, you would only see a generic internal error message when a dependent output key could not be found on the parent building block. Now, you see a clear message indicating which output key is missing and on which parent building block, helping you quickly identify and resolve dependency configuration issues.
Improved Error Messages for Building Block Run Failures
Audience: User
Description
Previously, some errors (such as SSH authentication or git connection issues) were only logged internally and were not visible in the building block run details. We now provide you with the full error information, making it easier to diagnose and resolve issues with your building block configurations.
Building Block Type Selection Now Required During Creation
Audience: User
Description
When creating a new building block definition, you must now explicitly choose between workspace-level or tenant-level type. Previously, the form defaulted to workspace-level, which could lead to incorrect choices that cannot be changed later. This improvement ensures you make a conscious decision about the building block type during creation.
Automatic MESHSTACK_ENDPOINT Input for Building Block Definitions
Audience: User
Description
New or updated building block definitions now automatically include a system-generated MESHSTACK_ENDPOINT environment variable input. This input provides building blocks with the meshStack API endpoint URL, enabling them to interact with meshStack APIs during execution without manual configuration.
Additionally, when importing OpenTofu variables for building block definitions with ephemeral API key permissions enabled, meshStack authentication inputs (MESHSTACK_API_KEY, MESHSTACK_API_SECRET, MESHSTACK_ENDPOINT) are no longer suggested, since these are automatically provided by the system.
Improved API Key Permission Descriptions for Tenant Import
Audience: User
Description
We improved the descriptions for tenant import permissions to better reflect their actual behavior and to be more consistent with other API key permission descriptions. The descriptions now more clearly state that these permissions allow importing "unmanaged tenants" and specify the scope more accurately. No functional behavior was changed, only the text descriptions were updated.