Improvements

• Authentication: OIDC provider settings now support uploading a custom CA certificate and skipping TLS verification. Useful for organizations using self-signed certificates

• User Interface: Error pages now preserve the original URL so users can retry access directly after permissions are granted, and the 403 page now provides clearer guidance

• Organizations: New users signing in via SSO will be guided to contact their administrator or wait for an invitation from the organization. This behaviour is controlled via the organization settings.
  

• Project: Fixed issue where deleting a project, environment, or component would fail with a 404 error if the original stack had been removed from Git. A new ignore_config_files_err flag allows deletions to proceed even when the stack config files are no longer available

• StackForms: Sections and groups now support an optional description field to provide users with additional context directly in the form

• StackForms: Read-only widget support. Values can now be displayed to users without allowing them to edit, useful for computed or immutable fields

• StackForms: Stack form values are now resolved in parallel to significantly speed up form loading for large forms

• API - Licence: Insufficient permissions caused by an invalid or expired licence now return a dedicated InvalidLicence error code, making it easier to identify and resolve licence issues

• API - Authentication: Added OIDC TLS configuration support on the API side, including custom CA certificate and skip TLS verification options

• API - Organizations: New users are prevented from creating their own organization when a root org already exists

• API - Service Catalog: Increased the maximum size of the readme field to support stacks with longer documentation

• API - StackForms: Read-only widget support, widgets can now be marked as read_only to display computed values without allowing user edits

• API - StackForms: Sections and groups now support an optional description field in the StackForms configuration

• API - StackForms: auto_complete widget with empty values_ref responses errors are handled gracefully now

• API - Workers: Added configuration options to customize the interval for background worker tasks

• Other: Version information is now included when copying a stacktrace, making it easier to report issues with the right context

Fixes

• Environments: Component update page no longer breaks when the current stack branch has been deleted

• Environments: Fixed an issue where the component configuration was re-fetched using a stale version ID after a stack version update

• Organizations: Organization on delete modal now shows updated data after creating a new org

• Organizations: Fixed an issue where navigating back in the browser would break context

• Project: Fixed icon selector in project settings

• Service Catalog: API errors during catalog repository refresh are now shown directly in the stack changes modal instead of only as a global alert

• Service Catalog: Component header version tag now updates immediately after applying a stack update

• StackForms: Condition validation errors in the StackForms editor are now displayed appropriately

• API - Components: Component configuration can now be retrieved using an updated version even when the previous version no longer exists on the remote

• API - StackForms: Fixed auto_complete widget validation when no predefined values are provided

• API - StackForms: Fixed URL encoding for values_ref endpoints. Variables containing spaces or special characters are now properly encoded

• API - Other: Fixed component update failing when the previous component version had been removed

• API - Other: Fixed an edge case where the stack use cases endpoint would fail with an empty version ID

Security

• API - Other: JWT hashing updated

Improvements

• Authentication: New option to enforce invite-only access for SSO. When enabled, only users who have been explicitly invited can log in.

• Authentication: Redirect /signup to /login when email authentication is disabled (OIDC-only mode)

• Service Catalog: Version management moved to the Configuration tab. Provides better visibility on available updates and out-of-sync components directly where you manage your stack

• Service Catalog: Disabled refresh versions for shared stacks from other organizations

• Project: Server-side pagination for projects, components, environments and pipelines. Project listing performance improved from ~28s to under 1s for very large organizations.

• Organizations: New Cycloid Special Variable parent_organization. Gives stacks and pipelines access to the parent organization context in multi-tenant setups

• Components: New ignore_config_files_err flag allows deleting components, environments and projects even when the original stack has been removed from Git

• StackForms: Improved error messages when a values_ref source returns an invalid payload or fails to respond

• API - Authentication: New configuration option to enable or disable automatic SSO enrollment

• API - Components: New flag ignore_config_files_err allows successful deletion of components even when config file removal fails

• API - Organizations: New Cycloid Special Variable parent_organization for accessing parent organization context

• API - Performance: Pagination introduced for pipelines, components and environments endpoints

• Other: Catalog repository creation now shows an alert clarifying branch selection for stack discovery

• Other: External analytics are now disabled for on-prem customers to avoid proxy authentication requirements

Fixes

• Authentication: Fixed a login loop when authenticating via SSO on certain browsers

• Authentication: Fixed an extra signup step appearing when signing up through OIDC

• Caching: Frontend upgrades now properly invalidate browser cache, preventing users from running outdated versions after a platform update

• Credentials: SSH key creation no longer fails when pasting keys into a hidden field

• Credentials: SSH keys are now fully visible when the reveal toggle is used

• Environments: Fixed version dropdown overlapping with other component rows in the environments list

• Organizations: Admin permissions now correctly preserved when navigating from a parent to a child organization

• Organizations: Fixed "Unknown error" tooltip for organizations with expired subscriptions

• Organizations: Organization settings sections now hide gracefully instead of showing 403 errors when the user lacks permissions

• Project: Restored component description editing on settings page

• Project: Project list now displays correctly for members with glob-filtered permissions

• StackForms: Editor preview now correctly reflects changes to the values property

• StackForms: Fallback to internal ID variable for resource lookup in widgets

• API - StackForms: Improved error messages when a values_ref source returns an invalid payload or fails to respond, making it easier to diagnose misconfigured remote value sources

• Other: Fixed misleading error when cloning components

Security

• Inventory: Improved access controls for inventory resource attributes, data restricted to organization administrators

Removed

• Service Catalog: Version selector removed from component settings. Version management has been moved to the Configuration tab for a more streamlined workflow

Improvements

• Authentication: New field to set email verification status when creating a user

• Pipeline view: The pipeline editor now opens in fullscreen automatically when entering edit mode, instead of showing in a small inline area

• Service Catalog: Errored stacks are now shown when refreshing a catalog repository, so you can see which stacks failed and why

• StackForms: Dropdowns with only one available option now auto-select it

• Project: Add query params to getComponentConfig endpoint

• Other: App version updates no longer force a logout

• User Interface: Removed the "-saas" suffix from version labels in the UI

• API - Service Catalog: New Cycloid Special Variables stackform_updated_by_user_username and stackform_updated_by_user_email — lets your stack know which user applied the last StackForm change, useful for audit trails or ticket automation

• API - StackForms: values_ref can now return a default value alongside the list of values. Defaults can also be given directly within conditional options, so you no longer need to duplicate conditions for values and defaults separately

• API - Other: Cyclobot AI configuration, exposes config for the Cycloid AI project via the /config endpoint. Disabled by default

• API - Other: New endpoints for fetching and deleting the subscription attached to an organization

• API - Pipeline: Editing a live pipeline no longer applies templating. Templating only runs during pipeline sync from git, using the provided YAML vars

• API - Service Catalog: Catalog refresh now processes each stack independently. If one stack has an error, the rest still refresh, errors are collected and returned in the response

• API - Service Catalog: You can now create new catalog repositories even if they contain invalid stacks. Valid stacks are imported and validation errors for invalid stacks are attached to the response

• API - Performance: Catalog repository version refresh is now faster thanks to increased worker concurrency

• API - Other: API responses can now contain multiple error details in a single response

• API - Other: Config repository branches no longer appear in the stack versions list

Fixes

• Authentication: Email field now pre-fills correctly when using an invitation link

• Credentials: Fixed an error when changing a credential's type (e.g. from custom to basic auth) that caused a backend parsing failure

• Dashboard: Fixed incorrect tooltip content when switching organizations via MSP to a child organization

• Pipeline: Editing a live pipeline no longer fails on save due to templating, live edits now skip templating entirely

• Project: Fixed an issue where creating two projects in a row left the Next button disabled

• StackForms: Fixed autocomplete widget clearing your input unexpectedly

• StackForms: Fixed dropdown widget showing no data on first validation or when changing a key

• StackForms: Default values now display correctly when the saved configuration is empty

• TerraCost: Cost estimation errors are now displayed on the console

• Other: Fixed visual regressions in stack preview panel, tabs and version table styling corrected

• API - Authentication: Direct OIDC login now works for children organizations

• API - Authentication: Incoming OIDC email addresses are now normalized to lowercase, preventing duplicate accounts or login failures from case mismatches

• API - Authentication: OIDC login now automatically accepts pending user invitations, users no longer need to be re-invited after signing in via OIDC for the first time

• API - Roles: Project Creator role now includes list and read permissions for cost accounts and service catalog

• API - StackForms: Fixed a crash when configuring a component with complex mapped values in StackForms

• API - Other: Fixed error handling so the protected or outermost error message is always returned correctly

• API - Other: HTTP requests that previously returned 500 for AlreadyConfigured, Exceeded, and Unavailable error codes now return the correct status codes

• API - Other: Cost estimation returns a user friendly error on invalid stack input

• API - Other: The scs_version parameter is no longer required on various API endpoints. If omitted, it now falls back to the SCS branch

Removed

• API - StackForms: Removed support for values_ref inside conditional options. This was undocumented and unused. Remote values via values_ref at the vars level still works

Security

• Authentication: Client secret in OIDC and GitHub settings is now write-only

• API - Authentication: client_secret is no longer returned by the /authentications endpoint when OIDC is configured.
  

FIXED

• Authentication: The user shouldn't have to confirm his email address if the OIDC email_verified is true

• Roles: Project viewer: added list and read permissions for config_repository.

CHANGED

• Stacks: Shallow copy the git repositories for performance reasons

CHANGED

• Other: On the details error, we now allow to copy details and stacktrace

ADDED

• Other: Added "us-gov-" to the supported AWS cloud provider regions

CHANGED

• Other: Increased the interval between catalog repository version refresh to 10m

• StackForms: Disabled value validation for optional widgets with empty dynamic values

ADDED

• Authentication: Set a label Last Used over the last auth method used by the user

• Credentials: Copy Button Functionality Issue

• Service Catalog: Stack versioning: sorting versions using semver (newest first) and branches alphabetically

FIXED

• Authentication: SSO button had an issue

• Config Repo: Selected item not visible during fetch

• Environments: Stack fetch before component loaded 

• Other: Back button redirect when going from resource to a build page

• Service Catalog: Back button redirection while updating a stack version

• StackForms: Hide group title for widgets not visible to users

CHANGED

• InfraView: Remove unnecessary quotes from Terraform output

• Service Catalog: Hide 'change usecase' button while updating stack version

• Service Catalog: Stack versioning: improvements to the stack preview drawer.

ADDED

• Stacks: Catalog repository versions will now refresh each 10s

• Teams: Added teams to GET organization members response.

FIXED

• Components: Remove the Git configuration when a project componente is deleted

CHANGED

• Stacks: The stack versioning of branch type will always follow the latest commit

• StackForms: Disabled value validation for optional widgets that use values_ref - now the remote values can be empty

• Other: Changed order of unit of work transactions. Now SQL transaction will always run as last, ensuring consistency on Database