Skip to main content

On-Prem Release Notes - 2026

v0.162.0 — May 11, 2026

New Features

  • HITL audit logging, change tracking, and statistics: Comprehensive audit trail for Human-in-the-Loop reviews — captures per-leaf JSON diffs, classifies row add/delete operations on list-valued fields, and surfaces edit markers in the audit UI.
  • Agentic table extractor plugin: New multi-agent, LLM-powered table extraction plugin (agentic_table_settings_v2) for complex tabular documents.
  • Gemini embedding adapter for Google AI Studio: New embedding adapter with gemini-embedding-001 as the default model. See Gemini embedding adapter for details.
  • DISABLE_SSO_IDP_AUTHORIZATION flag: New configuration flag to control SSO IdP authorization behavior for user management. See Enterprise SSO — On-Prem for details.
  • Live tool-run log streaming: Tool-run logs now stream into the workflow execution UI with markdown rendering.
  • MinIO ILM lifecycle rules codified in Helm: Object lifecycle (ILM) rules for MinIO are now part of the Helm chart, enabling automated cleanup without manual mc commands.

Fixes & Improvements

  • HITL: workflow deletion is no longer blocked when audit logs exist; restored the change history drawer; fixed audit plugin CSS that broke the adapter modal layout.
  • S3 connector: lists only buckets the configured credentials can actually browse and drops cross-region buckets from the picker.
  • SharePoint connector: more reliable site_url/drive_id persistence and safer OAuth token refresh — fewer re-auth prompts on long-running pipelines.
  • LLM & embedding reliability: unified retry logic across LLM and embedding providers reduces transient failures during prompt runs and indexing.
  • CORS: SocketIO and Django now accept wildcard subdomain origins, making multi-tenant subdomain deployments work out of the box.
  • Observability: workerExecutorV2 is now wrapped with OpenTelemetry auto-instrumentation, so worker spans show up alongside backend traces.

Helm Configuration Changes

  • New plugin config agentic_table_settings_v2 added to on-prem configuration and Docker build (required to enable the agentic table extractor).
  • New DISABLE_SSO_IDP_AUTHORIZATION environment flag for SSO user management.
  • MinIO ILM lifecycle rules are now codified in the Helm chart — review existing manual ILM policies before upgrading to avoid conflicts.
  • Removed unused MODEL_PRICES environment variables from platform-service charts.

v0.159.3 — May 7, 2026

New Features

  • AWS Bedrock IAM Role / Instance Profile authentication: New Authentication Type selector on the Bedrock LLM and embedding adapters lets EKS-hosted deployments authenticate via IRSA, instance profile, or task role — no static AWS access keys required. When the IAM Role mode is selected, boto3's default credential chain takes over, picking up the pod's ambient identity. See the AWS IRSA Setup for EKS Deployments guide for end-to-end setup including OIDC provider association, IAM role + trust policy creation, and verification.

v0.158.4 — March 27, 2026

New Features

  • AWS S3 IRSA authentication: Support for IAM Roles for Service Accounts (IRSA) on both S3 storage and S3 connectors, eliminating the need for static credentials in EKS deployments
  • HTTP session lifecycle management: Managed HTTP session pooling for workers API clients, improving connection reuse and reliability

Fixes & Improvements

  • Added TTL to API HITL settings and fixed NaN TTL display
  • Security hardening: cookie security attributes and XSS prevention headers
  • Added input validation and Content Security Policy (CSP) headers across backend and frontend
  • Frontend CSP adjustments for RJSF form rendering (unsafe-eval) and PDF viewer (blob:)
  • Switched litellm to Zipstack fork after PyPI quarantine
  • Upgraded litellm to 1.82.3 to fix Azure OpenAI connection errors
  • Monkey-patched litellm Cohere embed timeout for Bedrock embeddings
  • Added LLMCompat bridge class to fix retriever LLM compatibility with llama-index
  • Handle LLM refusal responses to prevent NoneType errors
  • Include adapter name in error messages for easier debugging

Helm Configuration Changes

  • Hardcoded image references now configurable via values.yaml — previously hardcoded container image paths can be overridden for air-gapped or custom registry deployments

v0.158.0 — March 19, 2026

New Features

  • Platform API keys for programmatic access to the Unstract Platform API. Organization admins can create, list, update, rotate, and delete API keys via the UI under Platform > Platform API Keys. Keys provide Bearer token authentication for all Platform API endpoints. See Platform API Keys documentation for details.
  • Service account access bypass for pluggable apps, enabling automated integrations without manual permission grants
  • Agentic Prompt Studio (beta): new backend and frontend for agentic document extraction workflows. See Agentic Prompt Studio for details.
  • HITL enhancements: sidebar navigation, queue deletion, nested table support, fetch-specific for targeted document review, reviewer name display on in-review documents, and default TTL changed from unlimited to 90 days. See HITL documentation for details.
  • CSV, TXT, and Excel file support in Prompt Studio file converter
  • Dashboard metrics system with plan banner, welcome card, and subscription usage tab
  • Card-based layout for Pipelines and API Deployments listing pages
  • Profile page now displays role and organization info
  • 1M context support for Anthropic LLM adapters
  • Vertex AI vertex_location support for regional endpoint configuration. See Gemini Pro adapter for details.
  • total_pages_processed exposed in execution API response and worker destination metadata
  • SharePoint/OneDrive connector for filesystem integration. See Connectors for details.
  • Azure AI Foundry adapter for LLM access
  • Redis Sentinel HA support with dual-mode configuration for backend, Celery, cache, tool containers, sidecars, and manual review queue. See HA Deployment for details.
  • RabbitMQ HA with configurable quorum queues. See HA Deployment for details.
  • MinIO HA support via optional MinIO Operator. See HA Deployment for details.
  • OAuth product scope added to login/signup authorization requests
  • Dynamic plugin loading infrastructure for enterprise components, migrations, and rule engine
  • Sidebar expand-on-hover UX improvement
  • Documentation link popover for connectors in the UI
  • Workflow deletion errors now show specific pipeline/API deployment names

Fixes & Improvements

  • HITL reliability: PostgreSQL count mismatch and slow query optimizations, bulk queries with lrange, soft-delete for DB-synced records, TTL display in days, rule engine nested array flattening fix, API rules evaluation fix after removal, add-row race condition fix, and queue metadata backfill migration
  • Custom data support added to single pass extraction; fixed string values being wrapped in extra quotes. See Custom Data for details.
  • PostgreSQL race condition in concurrent table creation handled
  • Memory and resource leak fixes: database cursor closure in subscription usage handler, platform-service resource leaks
  • Ollama adapters fixed post LiteLLM migration. See Ollama adapter for details.
  • Packet processing final fetch response API fix
  • Role update failures for existing users resolved
  • LLMWhisperer API key lookup database fallback added; client retry backoff configuration added
  • SIGTERM trap handlers for graceful container shutdown
  • Worker API timeout increased to prevent stuck executions during cron storms
  • Vertex AI thinking config skip for pro models when disabled
  • Azure OpenAI cost tracking now uses actual model name
  • Worker query optimization and retry configuration improvements
  • fsspec directory listing cache fix on connectors (including Azure listings expiry regression)
  • SharePoint walk() now supports detail=True
  • Secure cookie settings and CSRF cookie secure attribute enabled
  • Forbidden email handling in Auth0 OAuth callback
  • PDF viewer error fallback when document fails to load
  • Frontend migrated from Create React App to Vite
  • Export reminder state persists across page reloads
  • HTTP 409 returned when tool image not found in container registry
  • Legacy Celery file processing workers and dead code removed

Helm Configuration Changes

  • Redis Sentinel HA: new REDIS_SENTINEL_MODE env var added to prompt, runner, and multi-az values for dual-mode (standalone/sentinel) support
  • RabbitMQ HA: configurable quorum queues support added
  • MinIO HA: optional MinIO Operator support (operator deployed separately)
  • HITL worker secrets added to on-prem secret template
  • Agentic Studio apps and URLs added to on-prem configuration
  • Backfill metrics enabled by default for on-prem deployments
  • MODEL_PRICES_TTL_IN_DAYS changed from 7 to 1
  • Legacy worker templates removed: useUnifiedWorkers toggle and workerLogging config no longer needed