RATATOSKRATATOSK
Sign in

Releases

AI-analyzed release notes for CNCF graduated and incubating projects.

Project: BackstageClear ×

Backstage

CI/CD & App DeliveryJun 27, 2026

Backstage v1.52.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryJun 17, 2026

v1.52.0 has three breaking changes (discovery API default, immediate stitching removed, BUI union types) alongside significant catalog PostgreSQL performance fixes and a batch of UX and reliability improvements.

  • breakingCheck discovery.endpoints and remove immediate stitching config

    Two breaking changes need attention before upgrading. First, if you use `discovery.endpoints` with internal-only string targets, convert them to object form with `target.internal` set to the internal URL and `target.external` set to a browser-reachable URL — otherwise the frontend will try to reach internal addresses directly. Second, remove `catalog.stitchingStrategy.mode: 'immediate'` from your config; it's now a no-op and will log deprecation warnings. Both changes are straightforward config edits.

  • breakingMigrate ComboboxProps and SelectProps extensions before upgrading

    `ComboboxProps` and `SelectProps` are now union types. If your codebase has interfaces that extend either type, they will fail to compile — switch them to type intersections. Also audit CSS selectors that target list content as a direct child of `.bui-SelectPopover`, as that structure changed. These are frontend component-layer changes with no runtime fallback.

  • enhancementCatalog query performance improvements for PostgreSQL — no action needed, just upgrade

    Several PostgreSQL-specific query planner fixes ship in this release: multi-column statistics on the search table, a dropped redundant index, tuned vacuum thresholds, and a split count/list query. If your catalog list views are slow with large entity counts, this upgrade is worth prioritizing. No config changes needed — the improvements apply automatically via migration. Teams on MySQL/SQLite won't see the same gains.

Key changes (7)
  • Default discovery API in @backstage/plugin-app changed to FrontendHostDiscovery; internal-only string targets in discovery.endpoints must be migrated to object form
  • catalog.stitchingStrategy.mode: 'immediate' removed — configs still using it will be silently ignored with a warning
  • ComboboxProps and SelectProps changed to union types, breaking any interface that extended them directly
  • Catalog backend gets multiple PostgreSQL query planner fixes — extended statistics, dropped legacy index, split count query — targeting 10-40x slower list views
  • @backstage/connections experimental package added as a preview of the future integrations replacement; not for production use
  • Lazy-loading of react-syntax-highlighter and @dagrejs/dagre cuts ~10 MB from the initial module load of @backstage/core-components
  • Newly scaffolded apps now use Yarn 4.13.0 with npmMinimalAgeGate: 3d enabled as a supply-chain defense
Source

Backstage

CI/CD & App DeliveryJun 10, 2026

Backstage v1.51.2 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryMay 30, 2026

Backstage v1.51.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryMay 20, 2026

v1.51.0 lands six breaking changes alongside major catalog performance wins, a new AiResource entity kind, and MCP/OIDC hardening. Plan migration time before upgrading.

  • breakingRun catalog DB migration SQL before deploying to large installs

    The new catalog migration adds covering indices and a UNIQUE constraint on the search table, which can be slow on large datasets. The release notes explicitly recommend running the provided SQL commands manually before deploying v1.51.0. Skipping this turns a controlled maintenance window into an uncontrolled deployment stall. Check the changelog for the exact SQL before you upgrade.

  • breakingAudit six breaking changes before upgrading — OIDC and MsgGraph need immediate config review

    The OIDC CIMD/DCR patterns changed from wildcard '*' to specific MCP client defaults — any custom MCP clients will silently stop working unless you explicitly add their patterns to the allow list. Separately, Microsoft Graph now excludes disabled user accounts; if your org tracks disabled users in Backstage, add an explicit filter before upgrading. Also migrate NavItemBlueprint usages to PageBlueprint title/icon params, and update PolicyQueryUser code to use credentials instead of the removed token/expiresInSeconds fields.

  • enhancementAdopt incremental Microsoft Graph ingestion for large orgs

    The new msgraph-incremental module processes users and groups one page at a time and persists cursor state, meaning a pod restart no longer forces a full re-ingest. For orgs with tens of thousands of users, this is a practical operational improvement worth switching to. Install the new module and migrate your provider config — the old MicrosoftGraphOrgEntityProvider remains available but holds the full dataset in memory.

Key changes (6)
  • Six breaking changes: NavItemBlueprint removed, PortableSchema.schema now method-only, OIDC/CIMD/DCR patterns hardened, PolicyQueryUser cleaned up, catalog pagination excludes null-sort entities, Microsoft Graph now filters disabled users by default
  • Catalog backend gets substantial query performance improvements — paginated entity lists drop from seconds to milliseconds via index-aware PostgreSQL queries; large installs should run provided SQL migration commands before deploying
  • New AiResource catalog entity kind and mcp-server API subtype added, expanding Backstage's model for AI workloads
  • Microsoft Graph incremental ingestion module added — memory-efficient cursor-based ingestion that resumes from last page after pod restarts
  • Scaffolder form decorators promoted to stable (public API); always() and failure() step control functions added
  • TechDocs gains disableExternalFonts option for air-gapped environments; scheduler fixed for tasks longer than ~24.8 days
Source

Backstage

CI/CD & App DeliveryApr 30, 2026

Backstage v1.50.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 23, 2026

Backstage v1.50.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 19, 2026

Backstage v1.50.2 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 17, 2026

Backstage v1.49.5 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 17, 2026

Backstage v1.47.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 17, 2026

Backstage v1.48.6 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 17, 2026

Backstage v1.46.7 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 17, 2026

Backstage v1.45.6 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 16, 2026

Backstage v1.43.5 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 16, 2026

Backstage v1.45.5 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 16, 2026

Backstage v1.46.6 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 16, 2026

Backstage v1.44.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 16, 2026

Backstage v1.50.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryApr 15, 2026

v1.50.0 is a wide-ranging release with several breaking changes across auth, frontend APIs, and catalog. Key practical upgrades: AWS RDS IAM auth, Auth0 federated logout, catalog deadlock fixes, and security patches for rollup/glob.

  • securityUpdate CLI and build tooling to pick up rollup path traversal fix

    rollup < v4.59 has a high severity path traversal vulnerability (GHSA-mw96-cpmx-2vgc). The @backstage/cli, repo-tools, and several CLI modules have been updated. Run the upgrade helper and update your lockfile. If you pin rollup versions anywhere in your workspace, update those pins to v4.59+. The glob dependency was also bumped to v13 to address vulnerabilities in v7/v8/v11.

  • breakingVerify token decoding code before upgrading — ent claim removed by default

    auth.omitIdentityTokenOwnershipClaim now defaults to true, so Backstage user tokens no longer include the ent ownership claim. Any code that manually decodes tokens and reads ent will silently get nothing. Audit your codebase for raw token decoding and replace it with the userInfo core service. If you need time, set auth.omitIdentityTokenOwnershipClaim: false in your config temporarily, but plan to remove it — the setting will be dropped in a future release.

  • breakingMigrate createSchemaFromZod to configSchema before upgrading frontend-plugin-api

    The deprecated createSchemaFromZod helper is gone in @backstage/[email protected]. Any extension or blueprint using it will fail at runtime. Check the 1.50 migration docs at backstage.io/docs/frontend-system/architecture/migrations#150 and switch to the configSchema option. Note that plain zod v3 schemas are not supported — use import { z } from 'zod/v4' from the zod v3 package or upgrade to zod v4.

Key changes (7)
  • BREAKING: auth.omitIdentityTokenOwnershipClaim now defaults to true — tokens no longer carry the ent claim, which eliminates header size issues in large orgs but may affect code that explicitly decodes Backstage tokens
  • BREAKING: frontend-plugin-api removes deprecated createSchemaFromZod helper; migrate to the new configSchema option with zod v4
  • BREAKING: @backstage/ui drops React 17 support — minimum is now React 18
  • Catalog backend deadlock fix: SELECT ... FOR UPDATE SKIP LOCKED was missing transaction wrapping, causing PostgreSQL deadlocks (40P01) in multi-replica deployments
  • Security: rollup upgraded to v4.59+ (GHSA-mw96-cpmx-2vgc path traversal) and glob bumped to v13 across CLI and repo-tools packages
  • AWS RDS IAM authentication for PostgreSQL now supported in backend-defaults — use short-lived tokens instead of static passwords
  • Auth0 provider now performs federated logout, clearing the Auth0 session on sign-out; set federatedLogout: true to also clear upstream IdP sessions
Source

Backstage

CI/CD & App DeliveryApr 7, 2026

Backstage v1.49.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryMar 28, 2026

Backstage v1.49.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryMar 23, 2026

Backstage v1.49.2 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryMar 21, 2026

Backstage v1.49.1 is a patch release cleaning up new frontend system rough edges, fixing UI issues in TechDocs/Scaffolder, and adding small DX improvements to the create-app template.

  • enhancementUnprocessed entities DevTools tab is now on by default

    If you're debugging entity ingestion issues, you no longer need to configure the DevTools unprocessed entities tab manually. Upgrade and it's there. Useful for catching catalog processing failures faster in development and staging environments.

  • enhancementNew frontend system adopters: pick up layout fixes now

    If your team is migrating to or testing the new Backstage frontend system, this patch fixes concrete layout problems in both the Scaffolder and Catalog entity pages. Skip 1.49.0 and go straight to 1.49.1 to avoid dealing with those visual regressions.

  • enhancementPlugin headers can now carry navigation links

    The new titleLink prop on PageLayoutProps lets plugin header titles act as navigation anchors back to the plugin root. Worth adopting if you're building or maintaining custom plugins — it aligns with the expected UX pattern for Backstage's evolving plugin header system.

Key changes (5)
  • TechDocs alpha plugin pages migrated to BUI header system, resolving the double scrollbar bug
  • Scaffolder plugin page layout fixed for the new frontend system
  • Catalog entity page header disabled in new frontend system to avoid layout conflicts
  • Unprocessed entities now appear as a DevTools tab by default — no manual wiring needed
  • titleLink prop added to PageLayoutProps so plugin headers can link back to the plugin root
Source

Backstage

CI/CD & App DeliveryMar 18, 2026

v1.49.0 is a landmark release: the New Frontend System hits 1.0 RC, the CLI becomes extensible via modules, and there are multiple breaking changes in UI components, integrations, and entity cards requiring migration work.

  • breakingMigrate entity cards and BUI components before upgrading `@backstage/plugin-catalog`

    The major version bump on `@backstage/plugin-catalog` means direct action is required. Remove all `variant` prop usage from EntityAboutCard, EntityLinksCard, EntityLabelsCard, GroupProfileCard, and UserProfileCard. Wrap your app in a `BUIProvider` inside a React Router context — without it, Link, ButtonLink, Tabs, Menu, and Table lose client-side navigation. Also rename any CSS selectors using old `bui-HeaderPage` class patterns and camelCase data attributes. Audit custom components that implement the old `Checkbox` `selected`/`indeterminate` props and switch to `isSelected`/`isIndeterminate`.

  • breakingRemove all deprecated Bitbucket and legacy integration config immediately

    The old `bitbucket` config key and Azure DevOps `token`/`credential` fields are gone — not deprecated, gone. If your `app-config.yaml` still references these, your backend will fail to start after upgrading. Replace `bitbucket` with `bitbucketCloud` or `bitbucketServer`, migrate Azure DevOps to the `credentials` array, and update any Gerrit URL utility calls. Check scaffolder templates too, as `parseRepoUrl` no longer handles `bitbucket`.

  • enhancementAdd `@backstage/cli-defaults` as a devDependency now, not later

    The CLI module system is live, and the fallback to built-in commands already emits a deprecation warning. Add `@backstage/cli-defaults` to your root `devDependencies` today to silence the warning and future-proof your setup before the fallback is removed entirely. If you maintain custom CLI tooling, look at `createCliModule` in `@backstage/cli-node` to package it properly as a first-class CLI extension.

Key changes (7)
  • New Frontend System reaches 1.0 RC — new apps use it by default, `--next` flag replaced by `--legacy`
  • Multiple breaking UI changes in Backstage UI (BUI): Checkbox props renamed, CSS classes renamed, `BUIProvider` now required for routing, deprecated types removed
  • Entity cards (`EntityAboutCard`, `EntityLinksCard`, etc.) migrated from MUI to BUI with `variant` prop removed — `@backstage/plugin-catalog` receives a major version bump
  • Deprecated Bitbucket integration and legacy fields fully removed from `@backstage/integration`, `@backstage/backend-defaults`, and scaffolder packages
  • CLI refactored into modular `cli-module` packages — add `@backstage/cli-defaults` as a devDependency now to avoid future fallback removal warning
  • Predicate-based catalog filtering added to `queryEntities()`, `getEntitiesByRefs()`, and `getEntityFacets()` via new POST endpoints
  • Permission checks batched per tick for better performance on permission-heavy pages
Source

Backstage

CI/CD & App DeliveryMar 12, 2026

Backstage v1.48.5 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryMar 4, 2026

Backstage v1.48.4 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryFeb 26, 2026

Backstage v1.48.3 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryFeb 24, 2026

Backstage v1.48.2 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source

Backstage

CI/CD & App DeliveryFeb 19, 2026

Backstage v1.48.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

Source