Release notes

Platform updates and notable changes to CloudSmith. Newest entries at the top.

2026-05-29

PaaS deploy — managed identity, no service principal required

PaaS deployment via azd up no longer requires you to create an Entra app registration or service principal before deploying. Authentication is handled entirely by az login (interactive) or your CI’s OIDC workload identity federation token.

Required Azure roles (subscription scope):

  • Contributor
  • Role-Based Access Control Administrator

See Prerequisites for the full requirements list.

Platform update flow fix

Platform self-update triggered from the portal now correctly targets the Azure Container Apps application in your deployment. A previous release shipped with a hard-coded application name that caused the update action to fail unless it matched the development environment name exactly.

No action is required for existing deployments — the fix is applied automatically on the next azd up run.

Security: forwarded headers restricted to private ranges

The API’s forwarded-header processing now accepts forwarded IP addresses only from RFC-1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). This closes an IP-spoofing vector through the Azure Container Apps ingress.

Documentation overhaul

  • Navigation sidebar rebuilt: 8 sections with breadcrumbs and prev/next links throughout.
  • New Prerequisites page consolidates hardware, OS, network, and Azure RBAC requirements in one place.
  • Getting Started guide updated to reflect the managed identity deploy model.

2026-05-28

Substrate parity — healthcheck endpoints

The /health/ready and /health/live endpoints are now standardized across both the PaaS and on-premises deployment models. Both return 200 OK with a JSON body when the platform is ready to serve traffic.

Use /health/ready to confirm the platform is running after install.

2026-05-27

End-to-end smoke test — all assertions passing

The full PaaS E2E smoke test (API health, portal load, cluster enrollment, telemetry pipeline) passes on a clean deployment. The on-premises Docker Compose smoke test also passes on a fresh install.

Module catalog updates

  • cluster-mgmt module: v0.2.3
  • monitoring module: v0.1.1