Skip to content

Release Notes

Release 1.0.1

Enhancements:

  • Improved page navigation with new URL routes and reordered sidebar
  • License usage page now updates in real-time with time-since-verified indicator and graceful handling of connectivity interruptions
  • Added OAuth2 resource parameter support for OIDC identity providers
  • Improved interactive API documentation with reordered sidebar sections

Security:

  • Updated Netty to 4.1.133.Final (CVE-2026-41417)
  • Updated ayza to 10.0.5, resolving bundled Bouncy Castle vulnerability (CVE-2026-5598)
  • Removed sensitive implementation details from entitlements-related log output

Bugfixes:

  • Fixed authentication for OIDC providers that use distinct access token issuers (e.g., ADFS)
  • Fixed authentication failure when the identity provider returns a single role instead of a role array (e.g., ADFS)
  • Fixed stream acknowledgment ordering to prevent potential data reprocessing on restart
  • Fixed license usage page displaying incorrect last-contacted time
  • Fixed API documentation not displaying discriminated union types correctly
  • Fixed sidebar collapse button not accessible after expanding on narrow viewports

Updates:

  • AWS SDK to 2.42.41
  • Tapir to 1.13.19
  • Amazon Kinesis Client to 3.4.3
  • commons-codec to 1.22.0
  • caffeine to 3.2.4
  • msgpack-core to 0.9.12
  • jcl-over-slf4j to 2.0.18

Release 1.0.0

Enhancements:

  • NEW: Redesigned web interface with modernized layout, sidebar navigation, and consistent theming across all pages

  • NEW: Official release of API V2 which is now the default in the UI; API V1 is still available for backwards compatibility but will be deprecated in the future

    • Follows the Google API style guides with established patterns and strategies for modern REST APIs
    • Comprehensive developer documentation with examples is built in and enhanced

  • NEW: Role-Based Access Control (RBAC) with OIDC authentication

    • Added OIDC Authorization Code Flow with login and callback endpoints
    • Added direct session support for browser consumers with session invalidation on logout
    • Integrated RBAC into UI with login/logout functionality and permission-based component rendering
    • API V2 is required when RBAC is enabled

  • Cassandra database is now supported

  • "Contexts" are now referred to as "models" and function as namespaces throughout APIs, UI, and configuration; model namespaces must now be explicitly created before use

  • Added model namespace creation dialog to the upload page

  • Enhanced audit logging with SP 800-53 compatibility and configurable rolling logs

  • Docker base image to eclipse-temurin 21.0.10_7-jre-noble

Security Fixes:

  • AWS credentials are automatically redacted in API responses and logs
  • Kafka configuration sensitive values (SSL passwords, SASL credentials) are redacted in API responses and logs
  • Disallow unsafe-eval from Content Security Policy
  • Updated Bouncy Castle to 1.84 (CVE-2026-5598)
  • Switched lz4 compression library to maintained fork (CVE-2025-66566)
  • Updated Netty to patched version (CVE-2025-67735)
  • Updated msgpack (CVE-2026-21452)
  • Fixed multiple JavaScript dependency vulnerabilities

Bugfixes:

  • Fixed upload progress reporting showing incorrect cumulative counts
  • Fixed reverse proxy path prefix support for UI routing and V2 OpenAPI endpoints
  • Fixed GraalJS 25+ compatibility with Multi-Release JAR manifest

Updates:

  • Apache Pekko to 1.5.0
  • Pekko HTTP to 1.3.0
  • Pekko Connectors (CSV, Kinesis, S3, SNS, SQS) to 1.3.0
  • RocksDB JNI to 10.10.1.1
  • Tapir to 1.13.15
  • Scala to 2.13.18
  • Cats Effect to 3.7.0
  • Circe JSON libraries to 0.14.15
  • GraalVM JS engine to 25.0.2
  • protobuf-java to 4.34.1
  • Kafka clients to 3.9.2
  • Amazon Kinesis Client to 3.4.2
  • Netty to 4.1.130.Final
  • AWS SDK to 2.42.24
  • jwt-scala to 11.0.4
  • sttp client4 to 4.0.22
  • logback-classic to 1.5.32
  • Dropwizard Metrics to 4.2.38
  • PureConfig to 0.17.10
  • commons-codec to 1.21.0
  • commons-text to 1.15.0
  • sttp-oauth2 to 0.21.0
  • OIDC authentication library to 0.13.5
  • Pekko Management to 1.2.1
  • boopickle to 1.5.0
  • jnr-posix to 3.1.22
  • schema-registry-serde to 1.1.27
  • Docker base image to eclipse-temurin 21.0.10_7-jre-noble

Release 0.15.0

Enhancements:

  • License key and internet access required to run Novelty
  • Added license usage UI with visual reporting of entitlements and consumption
  • Improved graph query performance by limiting edges returned during traversals
  • Increased default max SSE line and event sizes to 5MB to prevent infinite retry loops on large messages

Security Fixes

  • File ingest operations now require an allowedDirectories configuration; files loaded by from ./file_ingests are allowed by default
  • Reduced in-memory lifecycle of passwords by using character arrays that are blanked after use
  • Enhanced UUID generation to use FIPS 140-2 compliant cryptographically secure random values
  • Enforced strict-transport-security HTTP header across all endpoints
  • Added additional HTTP security headers including tightened CSP
  • Added authentication serialization improvements
  • Improved secret redaction in configuration printing
  • ClickHouse persistence now requires credentials to be set via environment variables instead of configuration files

Bugfixes

  • Removed application base url configuration in favor of runtime inference
  • Improved error response formatting by using correlation codes that link user-facing errors to detailed server logs for easier troubleshooting
  • Replaced documented IP addresses with RFC 5737 TEST-NET addresses
  • Removed CloudTrail ingestion functionality including RabbitMQ and Redis dependencies

Updates

  • Updated amazon-kinesis-client to 3.1.3
  • Updated logback-classic to 1.5.20
  • Updated caffeine to 3.2.3
  • Updated pekko-actor, pekko-cluster, and related components to 1.2.1
  • Updated avro to 1.12.1
  • Updated commons-csv to 1.14.1
  • Updated commons-codec to 1.19.0
  • Updated commons-io to 2.20.0
  • Updated netty-handler to 4.1.127.Final (security update)
  • Updated ayza (formerly sslcontext-kickstart) to 10.0.1
  • Updated AWS SDK components (aws-core, aws-query-protocol, kinesis, kinesis-video, and others) to 2.31.78
  • Updated scalajs-dom to 2.8.1
  • Updated msgpack-core to 0.9.10
  • Updated java-driver-core and java-driver-query-builder to 4.19.1
  • Updated metrics-core, metrics-jmx, and metrics-json to 4.2.37
  • Updated amqp-client to 5.26.0
  • Updated scalacheck to 1.19.0
  • Updated scala-logging to 3.9.6
  • Updated pprint to 0.9.4
  • Updated kind-projector to 0.13.4
  • Updated org.eclipse.jgit to 7.3.0.202506031305-r
  • Updated sbt and related components to 1.11.7
  • Updated sbt-scalafmt to 2.5.6
  • Updated sbt-jmh to 0.4.8
  • Updated sbt-sbom to 0.5.0
  • Updated sbt-scalajs and scalajs-compiler to 1.20.1

Release 0.14.2

Bugfixes

  • Initialize browser history on UI page load, correcting behavior of browser navigation when navigating between tabs, and using the back/forward browser buttons

Release 0.14.1

This patch release includes foundational changes in preparation for an upcoming major release; current functionality remains unaffected.

Enhancements

  • Show Java runtime version in admin build-info endpoint
  • Handle yaml format errors in API endpoint requests

Updates

  • Remove now-redundant reactor-netty-* dependency overrides
  • Update aws-sdk, ... to 2.31.54
  • Update pekko-http-circe to 3.0.1
  • Update pureconfig to 0.17.9
  • Update embedded-cassandra to 5.0.2
  • Update cats-effect to 3.6.1
  • Update kafka-clients to 3.9.1
  • Update tapir-core, tapir-json-circe, ... to 1.11.33
  • Update pekko-management, ... to 1.1.1
  • Update protobuf-java to 3.25.8
  • Update amazon-kinesis-client to 3.0.3
  • Update pekko-http, pekko-http-spray-json, ... to 1.2.0
  • Update graalvm.js to 24.2.1
  • Update bootstrap to 5.3.6
  • Update @stoplight/elements to 9.0.1
  • Update plotly.js to 2.25.2

Release 0.14.0

Enhancements

  • Optionally support NGINX in Docker image for basic auth by setting USE_NGINX and USE_BASIC_AUTH env vars to “true”

Updates

  • Update circe-core, circe-generic, ... to 0.14.12
  • Update logback-classic to 1.5.18
  • Update marketplacemetering, s3, sso, ssooidc, ... to 2.30.38
  • Update shapeless to 2.3.13
  • Update flatbuffers-java to 25.2.10
  • Update tapir-core, tapir-json-circe, ... to 1.11.20
  • Update circe-yaml from 0.11.7 to 0.11.9

Release 0.13.8

Enhancements:

  • Enable thatDot products to stream data directly to each other using reactive streams

Bugfixes:

  • Fix Novelty Exploration UI to correctly show observation node relationship from plots
  • Fix Novelty Exploration UI quick queries
  • Update selected namespace when user selects new namespace from dropdown on Novelty plots page
  • Add netty-handler override for CVE-2025-24970

Updates:

  • Update Pekko dependencies to 1.1.3
  • Update pekko-connectors-*, ... to 1.1.0
  • Update Tapir dependencies to 1.11.16
  • Update sttp:tapir/sttp:apispec to 1.10.15 / 0.11.2
  • Update rocksdbjni 9.7.3
  • Update logback-classic to 1.5.17
  • Update jnr-posix to 3.1.20
  • Update kafka-clients to 3.9.0
  • Update project reactor netty version
  • Update cats-effect to 3.5.7
  • Update marketplacemetering, s3, sso, ssooidc, ... to 2.30.31
  • Update pureconfig to 0.17.8
  • Update amqp-client to 5.25.0
  • Update schema-registry-serde to 1.1.22
  • Update openapi-circe-yaml to 0.11.7
  • Update protobuf-java to 3.25.6
  • Update js to 24.1.2
  • Update scala-library to 2.13.16
  • Update cats-core to 2.13.0
  • Update caffeine to 3.2.0
  • Update msgpack-core to 0.9.9
  • Update software.amazon.glue:schema-registry-serde to 1.1.23
  • Update rsocket-core, rsocket-transport-netty to 1.1.5
  • Update jcl-over-slf4j to 2.0.17
  • Update rocksdbjni to 9.7.4
  • Update commons-text to 1.13.0
  • Update commons-codec to 1.18.0
  • Update commons-csv to 1.13.0