What's Changed

• docs(honeytokens): fix broken usage links and clarify setup copy by @jakehulberg in #6367
• feature: tab and stepper components by @scott-ray-wilson in #6334
• feat: add PostHog telemetry events for honey tokens by @devin-ai-integration[bot] in #6373
• fix: see docs to configure github message by @mathnogueira in #6370
• improvement: revamp secret overview secret update and delete confirmation modals by @scott-ray-wilson in #6357
• improvement: require change email confirmation by @scott-ray-wilson in #6375
• fix: add doc on multiple --path for infisical run by @mathnogueira in #6378
• feature: announcements for cloud and self-hosted by @scott-ray-wilson in #6355
• docs: add permissions section to honey tokens documentation by @devin-ai-integration[bot] in #6384
• fix: add ldap dynamic secret template valdiation by @scott-ray-wilson in #6385
• chore(dev): add Bull Board service to docker-compose.dev.yml by @victorvhs017 in #6376
• feat(permission): add project actions for creating and requesting access by @victorvhs017 in #6359
• fix(platfor-339): index identity_access_tokens.subOrganizationId for cascade delete by @PrestigePvP in #6377
• docs(permissions): update organization permissions documentation to include 'request-access' action for projects by @victorvhs017 in #6390
• chore(upgrade-impact): backfill recent release data by @PrestigePvP in #6273
• fix: use UPGRADE_TOOL_GITHUB_TOKEN secret in upgrade impact workflow by @PrestigePvP in #6394

Full Changelog: v0.159.27...v0.159.28

What's Changed

• docs(pki): list supported subject attributes for certificate policies by @saifsmailbox98 in #6337
• fix(aws-auth): escape regex metacharacters in ARN allowlist matching by @saifsmailbox98 in #6344
• feat(pam): add export and cell scroll to postgres web access by @saifsmailbox98 in #6321
• improvement(platfor-315): tolerate newer migration history on startup by @PrestigePvP in #6329
• feat(pam): support RDP access for Active Directory domain accounts by @bernie-g in #6255
• fix(request): rollback saferequest changes by @victorvhs017 in #6353
• fix(inc-52): etag expiration by @PrestigePvP in #6354
• fix(honey-tokens): validate signing key, stack name and region by @mathnogueira in #6352
• fix: resolved dashobard not loading when honey token permission was missing by @akhilmhdh in #6361
• feat: improved logging message for audit log queue by @akhilmhdh in #6363
• docs(projectpage): resize project overview screenshots by @jakehulberg in #6362
• fix: resolved sub org id selection in legacy loading by @akhilmhdh in #6347
• improvement(frontend): fix select default text and icon display by @scott-ray-wilson in #6317

Full Changelog: v0.159.26...v0.159.27

Added

• Add custom CRL distribution points in PKI CAs (#6224)
• Support syncing secrets to Vercel team with all custom environments (#6136)

Changed

• Improve navigation by going to role details when clicking on a row (#6241)

Fixed

• Enforce TLS verification for identity auth providers (#6242)
• Align TLS verification with CA presence and empty CA storage for Kubernetes auth (#6261)
• Make TLS verification configurable for identity Kubernetes auth (#6256)
• Add missing ECDSA_P521 in the UI (#6252)
• Update textarea styling to prevent modal overflow (#6248)
• Add request ID to approval request mail (#6247)
• Limit ACME requests to 5 minutes for external CAs (#6222)
• Default access duration to policy max for PAM (#6206)

Documentation

• Document AI agents callout and MCP setup page (#6240)

Full Changelog: v0.159.24...v0.159.25

What's Changed

• chore: add logout to create org modal by @sheensantoscapadngan in #6103
• fix: enforce TLS verification for identity auth providers by @victorvhs017 in #6242

Full Changelog: v0.159.23...v0.159.24

What's Changed

• feat: updated secret sharing delete to have 7 day grace by @akhilmhdh in #6160
• fix(vercel-sync): filter team shared env vars to sync-owned set by @victorvhs017 in #6144
• chore(cache-keys): move cache keys to single file by @adilsitos in #6162
• feat(secret-rotation): support supabase by @mathnogueira in #6130
• improvement(secrets-overview): remove tooltip delay duration on overview page table actions and add more options tooltip by @scott-ray-wilson in #6145
• feat(frontend): add button to reveal secret reference values by @scott-ray-wilson in #6143
• fix(pki): reject EST simple re-enroll with revoked client cert by @saifsmailbox98 in #6163
• docs(pki-discovery): document ALLOW_INTERNAL_IP_CONNECTIONS option by @saifsmailbox98 in #6157
• fix(pki): report correct enrollment type in auto-renewal error by @saifsmailbox98 in #6159
• fix(signup): restore "Team Invite" attribution source for invited users by @devin-ai-integration[bot] in #6141
• docs: rename Agent Sentinel to Agent Vault with external link in Products nav by @devin-ai-integration[bot] in #6176
• fix(ui): brighten "Create New Connection" option in connection dropdown by @devin-ai-integration[bot] in #6192
• fix(ui): auto-switch environment view after uploading secrets by @devin-ai-integration[bot] in #6188
• chore: delete .github/workflows/one-time-secrets.yaml by @maidul98 in #6203
• fix(db): gate OAuth verified migration on accepted users by @victorvhs017 in #6173
• fix(scim): preserve orgId when listing groups by @victorvhs017 in #6207
• improvement: add rotation icon to rotated secrets in single env display by @scott-ray-wilson in #6053
• docs: remove projectName from audit log documentation by @devin-ai-integration[bot] in #6209
• chore: removed dependencies and api key service by @akhilmhdh in #6161
• docs: add Prevent Value Reuse constraint to secret validation rules by @devin-ai-integration[bot] in #6212
• feat: add gateway pools for high-availability failover by @bernie-g in #6050
• improvement: unrevert upgrade aws-sdk v2 to v3 by @PrestigePvP in #5905
• feat(pam): per-tab Postgres connections with isolated transactions by @saifsmailbox98 in #6154
• feat: add Venafi TPP external CA integration by @carlosmonastyrski in #6032
• improvement(eng-4874): memoize org findByID by @PrestigePvP in #6164
• improvement(frontend): update secret sharing UI by @scott-ray-wilson in #6121
• fix(docs): replace broken Kubernetes icon URL with Font Awesome dharmachakra by @devin-ai-integration[bot] in #6217
• feat(e2e-tests): fips mode by @varonix0 in #6214
• feat(secrets-overview): add tag, metadata and multiline encoding support to csv upload by @scott-ray-wilson in #6156
• fix(email): include confirmation code in email subject line by @devin-ai-integration[bot] in #6218
• feat: added filter to audit log and improves the crypto by @akhilmhdh in #6155
• feat(auth): store machine identity auth as identity actor by @mathnogueira in #6101
• feat: user controlled ssl rejection option for dynamic secret by @akhilmhdh in #6204
• feat: resolved hashedPassword not set for bootstrap admin by @akhilmhdh in #6221
• improvement(secret-migration): add more paths in vault migration by @adilsitos in #6215
• fix: fail on Schema generation for analytics by @maidul98 in #6223
• improvement(frontend): add design.md and new batch of component stories by @scott-ray-wilson in #6211
• fix(gateway): add support for gateway v2 on vault migration by @adilsitos in #6227
• improvement(secrets-rotation): allow move between environments and folders by @adilsitos in #6220
• fix: missing gateway-v2 handling on venafi tpp by @carlosmonastyrski in #6226
• feat(smtp): add SMTP_HELO_HOST to set the EHLO/HELO hostname by @quarckster in #6229

New Contributors

• @quarckster made their first contribution in #6229

Full Changelog: v0.159.22...v0.159.23

What's Changed

• feat(secret-sync): add support for gitpod (Ona) by @adilsitos in #6119
• fix(api): use Bitbucket user workspaces endpoint for listing by @victorvhs017 in #6152
• chore: rename developer to member by @varonix0 in #6148

Full Changelog: v0.159.21...v0.159.22

What's Changed

• fix(group): run filters, ordering and pagination in backend by @mathnogueira in #6114

Full Changelog: v0.159.20...v0.159.21

What's Changed

• fix: table re-render without debounce by @varonix0 in #6104
• fix: only lockout if identity lockout is enabled by @varonix0 in #6120
• fix: cert-manager nav by @carlosmonastyrski in #6126
• fix: resolved the user id going null by @akhilmhdh in #6128
• chore: address read after write issue for secret folders by @sheensantoscapadngan in #6056
• improvement(secrets-232): memoize project ID look up and remove unneeded checks. by @PrestigePvP in #6118
• fix(frontend): prevent Add Sync modal overflow on small/zoomed viewports by @devin-ai-integration[bot] in #6133
• fix(frontend): invalidate approval request queries at project scope by @victorvhs017 in #6135
• feat(kms): bulk export private keys by @victorvhs017 in #6083
• feat: add a reason field before PAM account access by @carlosmonastyrski in #6096
• fix(migration): drop queue_jobs trigger before dropping table by @leeyspaul in #6110
• feat: prevent reuse of previous secret values by @varonix0 in #6123
• feat: display pam aws credentials for cli access by @x032205 in #6122
• feat(sync-secret): add app connection and secret sync for Travis CI by @adilsitos in #6097
• feat: add DigiCert CertCentral External CA by @carlosmonastyrski in #6125

New Contributors

• @leeyspaul made their first contribution in #6110

Full Changelog: v0.159.19...v0.159.20

What's Changed

• feat(pam): move ad server resources to dedicated domains section by @x032205 in #5982
• feat: remove upgrade-path page and backend service by @mathnogueira in #6085
• feat: updated default config for request by @akhilmhdh in #6099
• feat(pki): pqc readiness pie + trend chart and inventory preset views by @saifsmailbox98 in #6084
• feat: resovled ts error and new token type by @akhilmhdh in #6100
• docs(selfhost): render kubernetes logo on self-hosting overview card by @jakehulberg in #6098
• fix(pki): rename Unstable* v3 imports in PQC dashboard by @saifsmailbox98 in #6102
• feat: removed secret rotation v1 by @akhilmhdh in #6105
• feat(frontend): show systemd CLI command in re-enroll gateway modal by @devin-ai-integration[bot] in #6107
• fix: pam nav by @x032205 in #6109
• fix: resolved user group addition failing by @akhilmhdh in #6113
• feat(pki): add AWS ACM Public CA support by @saifsmailbox98 in #6069

Full Changelog: v0.159.18...v0.159.19

What's Changed

• fix(frontend): prevent duplicated 'v' in on-prem version badge by @Erwan-loot in #6068
• fix: resolved recovery account failing in frontend by @akhilmhdh in #6092
• feat: add new vercel sync feature by @maidul98 in #6093

Full Changelog: v0.159.17...v0.159.18