Release 2026.10.0
Release period: 2026-03-04 to 2026-03-11
This release includes the following issues:
- AWS IAM Identity Center Integration Without SCIM Token
- Fix for Tenant Migration When Payment Methods are Disabled
- Pre-Run Script Support for OpenTofu Building Blocks
- Improved Sorting of Payment Methods by Amount Status
- Redesigned Welcome Experience in the Platform Builder
- Fix Initial Login for New Users
- Hide Actions Needed Card for Workspaces Without Projects
- GitHub Actions Building Blocks Default to Pass Only API URL
- Payment Method CSV Export Now Applies Active Filters and Sorting
- meshLocation API Now Exposes Lifecycle State
Ticket Details
AWS IAM Identity Center Integration Without SCIM Token
Audience: User
Description
We added a new IAM integration option for AWS platforms: the AWS Identity Store API. meshStack integrates with this API using IAM roles, making it compatible with Workload Identity Federation (WIF), whereas the previous SCIM based API required configuration of a long-lived SCIM bearer token.
How to use
In the AWS platform configuration, you can now select "AWS Identity Store API" as the IAM integration type. Configure your Identity Store ID, SSO Instance ARN, group name pattern, sign-in URL, and role mappings. You will need to update your IAM Policies to whitelist additional API calls for the Identity Store. For setup details, refer to the meshStack documentation at https://docs.meshcloud.io/integrations/aws/sso-setup/
Fix for Tenant Migration When Payment Methods are Disabled
Audience: User
Description
When payment methods are disabled in your meshStack setup, moving a tenant to another project that has no payment method set is now correctly allowed. Previously, the migration was incorrectly blocked even though payment methods were not required.
Pre-Run Script Support for OpenTofu Building Blocks
Audience: User
Description
You can now configure an optional pre-run script on your OpenTofu building block definition
versions. This shell script executes after tofu init in the working directory where source files
and tfvars are already in place.
How to use
Pre-run scripts can set up secrets, generate provider configurations, or run pre-flight validation checks without modifying your OpenTofu module. The script can be set via meshPanel or the meshObject API, and is limited to 16 KiB.
The run log captures your script's stdout and stderr as a system message.
You can write user messages for this step to a special file via the MESHSTACK_USER_MESSAGE environment variable.
The run mode (APPLY, or DESTROY) is passed as the first argument.
The full meshBuildingBlockRun object JSON is available on stdin, so you can use jq to read any field.
Improved Sorting of Payment Methods by Amount Status
Audience: User
Description
When sorting payment methods by the "Amount Status" column, we now also consider the total consumption when two payment methods have the same usage percentage. This gives you a more consistent and meaningful ordering when reviewing payment method usage.
Redesigned Welcome Experience in the Platform Builder
Audience: User
Description
We've updated the welcome experience in the Platform Builder. The new dashboard greets you with a "Welcome to meshStack" card that gives you a clear starting point: define reusable building blocks, connect cloud platforms, and let your teams self-service the infrastructure they need.
Fix Initial Login for New Users
Audience: User
Description
We fixed a race condition that could prevent new users from successfully logging in. Previously, users saw an access denied error on their first login and had to click "Login" again to get in. This is now resolved, so you can log in smoothly on the first attempt.
Hide Actions Needed Card for Workspaces Without Projects
Audience: User
Description
The "Actions Needed" card on the workspace overview page is now hidden when your workspace has no projects. This keeps the overview clean and avoids showing actions that are not relevant until you have created at least one project.
GitHub Actions Building Blocks Default to Pass Only API URL
Audience: User
Description
When you create a new GitHub Actions building block, we now enable the "Pass only API URL" option by default. This
means your workflow receives a buildingBlockRunUrl to fetch building block data from the meshStack API, rather than
the full run object as a workflow input.
This is the recommended approach and protects your workflows from failures caused by large payloads exceeding GitHub's 65KB input limit.
Payment Method CSV Export Now Applies Active Filters and Sorting
Audience: User
Description
Previously, exporting payment methods to CSV would always download all payment methods, ignoring any search, filters, or sorting you had applied. We fixed this so the CSV export now reflects exactly what you see in the table, including the active filter and the current sort order, making it much easier to export only the payment methods you care about in the order you expect.
meshLocation API Now Exposes Lifecycle State
Audience: User
Description
The meshLocation API now returns both active and deleted locations. When a location is deleted, it is now
soft-deleted instead of permanently removed, so it remains visible via the API.
Each location response now includes a status.lifecycle field with a state value of either ACTIVE or
DELETED.