#Release Notes

#Compatibility and support matrix

The following table shows the compatibility and support matrix between the Alauda DevOps Connectors operator and ACP versions.

#v1.10.0 (LTS)

#Features and Enhancements

New Connectors

• Support integration with GitHub by using GitHub Connector. More details:
  • GitHub Connector Quick Start
• Support integration with JFrog Artifactory by using JFrog Connector. More details:
  • JFrog Connector Quick Start
• Support integration with Nexus Repository by using Nexus Connector. More details:
  • Nexus Connector Quick Start

Permission and Access Control

• Added an additional connectors/apis permission validation for Connector API access.
  • When enable-connector-apis-permissions is enabled, the system performs an additional connectors/apis permission check for Connectors API requests that browse tool data. This change separates Connector discovery from actual Connector API usage.
  • For more details, see Connectors Permission Model and Connector API.
• Added an additional connectors/proxy permission validation for Connectors Proxy access.
  • When enable-connector-proxy-permissions is enabled, the system performs an additional connectors/proxy permission check before workloads or CLIs use proxy-based Connector access. This change separates Connector discovery from actual runtime use.
  • For more details, see Connectors Permission Model and Connectors Proxy.
• Added approval-gated access control for protected Connectors Proxy usage.
  • When enable-connectors-approval is enabled together with enable-connector-proxy-permissions, administrators can use AccessPolicy and AccessRequest to require approval before a workload is allowed to use protected Connector proxy access.
  • For more details, see Connectors Approval & Permission Gating.
• Added ACP platform roles for AccessPolicy and AccessRequest resources, so approval resources follow the expected platform, project, and namespace permission model.

Feature Flag Management

• Support declarative feature flag configuration through the ConnectorsCore CR spec.featureFlags field. CR values override manifest defaults during reconciliation, eliminating the need to manually edit the connectors-config ConfigMap. For more details, see Feature Flags.

Harbor Connector Enhancements

• Support mounting harbor-cli-config from Harbor Connector so workloads can use harbor-cli through the connector proxy without exposing the original Harbor credential. More details:
  • Harbor CLI configuration
• Provide the harbor-connector-automatic-creation Tekton Task to automate Harbor connector initialization and credential refresh for Alauda Container Platform tenants and namespaces. More details:
  • It can create or reconcile Harbor projects, robot accounts, Connector Secrets, Harbor Connectors, and target namespace imagePullSecrets.
  • Automatically Create and Reconcile Harbor Connector Resources with Tekton

Custom CA Certificates

• Support custom CA certificates for Connectors that target tools served by an internal or private Certificate Authority (CA), preserving TLS verification instead of disabling it. When the enable-custom-ca-certs feature flag is enabled, administrators can register cluster-wide CA bundles via labeled Secrets in the system namespace and Connector authors can additionally provide a per-Connector CA via spec.caCertSecretRef. The resulting trust pool is additive (system + global + per-connector) and load status is surfaced through the informational CACertReady condition. More details:
  • Configure Custom CA Certificates
  • Connector concepts: Custom CA Certificates

Other Enhancements

• Add ca.crt to the Connectors-CSI built-in configuration as a replacement for ca.cert.
• When CSI approval is rejected, the driver now mounts a .error.json file (google.rpc.Status JSON) instead of blocking the Pod, allowing the workload to fail promptly. For more details, see Connectors Approval.

Deprecation Notice

• ca.cert will be deprecated soon in the Connectors-CSI built-in configuration. Please use ca.crt instead. For more details, see: Connectors CSI Built-In Configurations

Security updates

Updated base images, dependencies, and resolved security vulnerabilities

#Breaking Changes

• The Maven ResourceInterface has been renamed from MavenArtifact to MavenRepository. The groupId, artifactId, and version parameters have been removed; the ResourceInterface now exposes a single repository attribute derived from the Connector address. Existing pipelines that reference the old MavenArtifact ResourceInterface or its removed parameters need to be updated.

#Fixed Issues

No issues in this release.

#Known Issues

No issues in this release.

#v1.9.0

#Features and Enhancements

• Support Multiple Connectors in Connectors CSI Driver.
  • Using Multiple Connectors in Connectors CSI Driver
• Support permission control for Connectors Proxy capabilities via AccessPolicy.
• Security updates: Updated base images, dependencies, and resolved security vulnerabilities

#Breaking Changes

#Fixed Issues

No issues in this release.

#Known Issues

No issues in this release.

#v1.8.0

#Features and Enhancements

• Connectors Core Capabilities and existing connectors (Git, OCI, Maven, PyPI, NPM, Kubernetes) have been promoted to Beta maturity level. For more details, see Feature Maturity.
• Add performance description and tuning guide to the documentation. For more details, see Performance Guide.

Deprecation Notice

• Added registry-config configuration to OCI and Harbor ConnectorClasses. The legacy docker-config(oci) and config(harbor) configuration is now deprecated but remains functional for backward compatibility. It will be removed in a future release. When mounting Connector configurations, use registry-config instead of docker-config or config.
• Added registry-config workspace to OCIArtifact and HarborOCIArtifact ResourceInterfaces. The legacy docker-credentials workspace is now deprecated but remains functional for backward compatibility. It will be removed in a future release.

Security updates

Updated base images, dependencies, and resolved security vulnerabilities

#Breaking Changes

No breaking changes.

#Fixed Issues

No issues in this release.

#Known Issues

No issues in this release.

#v1.7.0

#Features and Enhancements

• Support integration with SonarQube and SonarCloud by using SonarQube Connector. more details:
  • SonarQube Connector Quick Start
• Support to deploy the Connectors system in a high availability (HA) configuration to ensure service continuity and fault tolerance. more details:
  • Deploy Connectors in High Availability (HA) Configuration

#Breaking Changes

• When using the built-in forward proxy, proxy authentication information must be included.

#Fixed Issues

No issues in this release.

#Known Issues

No issues in this release.

#v1.6.0 (LTS)

#Features and Enhancements

More Connectors

• Support integration with GitLab Server by using GitLab Connector. more details:
  • GitLab Connector Quick Start
• Support integration with NPM Registries by using NPM Connector. more details:
  • NPM Connector Quick Start
• Support integration with Harbor Registries by using Harbor Connector. more details:
  • Harbor Connector Quick Start

ResourceInterface for Pipeline Integration

• Provides out-of-the-box definitions for GitCodeRepository, OCIArtifact, and MavenArtifact resources, enabling seamless integration of external resources (Git repositories, OCI artifacts, Maven artifacts) into TektonCD pipelines through a unified UI interface. For more details, see
  • ResourceInterface
  • Pipeline Integration
• Support Dynamic Form in ResourceInterface for Pipeline Integration. For more details, see ResourceInterface Dynamic Form.

Connector API Enhancement

• Support accessing tool's original API through the Connector API when the ConnectorClass provides Proxy Service capabilities. The system now supports two ways to access tool resources: using the tool's original API via Proxy Service, or using custom APIs provided for the ConnectorClass. For more details, see Connector API.

ConnectorClass Customization Flexibility

• Support using Rego rules to extract tokens from client requests when using the built-in HTTP reverse proxy. Combined with the existing ability to inject authentication credentials into backend requests through Rego rules, you can now extend the built-in reverse proxy's capabilities to support tools with non-standard HTTP authentication mechanisms.
  • For token extraction configuration, see Custom Rego-based Authentication.
  • For authentication injection configuration, see Injecting Authentication Credentials into Backend Request when using built-in Reverse Proxy.
• Support using request variables in spec.auth.types[].generator.rego to inject authentication credentials into backend requests. more details: Variables Available in Rego.

OCI Connector Forward Proxy

• OCI Connector supports using forward proxy for image operations. For more details, see OCI Connector Forward Proxy.

CSI Driver Built-in Configurations

• Connectors CSI Driver provides built-in configuration files that are always mounted into Pods. For more details, see Built-in Configurations.

Other Enhancements

• Add docs to explain credential permissions required for each connector. more details: Credential Permissions Required.

#Breaking Changes

• Remove the input.xxx variable from spec.auth.types[].generator.rego. Use input.data.xxx instead.

#Fixed Issues

No issues in this release.

#Known Issues

No issues in this release.