New Functionality

• Admins can now download requests from the admin tab

Bug Fixes

• Fixed UAR cells getting cut off to prevent content truncation in the user interface

• Fixed inventory tag and inventory owner links to navigate to the correct tab on the details page when clicked

• Fixed requests incorrectly indicating requested assets as never used

User Experience Improvements

• Improved owner escalation policy validation to prevent setting values below 5 minutes or above 1440 minutes

New Functionality

• Added custom date option to bulk expirations menu

• Added connector group and connector resource app identifiers to sublabels and hovercards

• Added ability to filter inventory/owners by specific users

Feature Enhancements

• Reworked access rules failsafe threshold for better accuracy

  • The threshold is now evaluated against additions and removals separately (as opposed to cumulative changes)
  • The threshold no longer has a 20 user minimum, this will make the failsafe useful for smaller single-team rules.

• Updated notification styling

Bug Fixes

• Fixed GitHub connection creation sync failure

Self-hosted only

• Added support for SMTP connections on port 25, with or without STARTTLS

Feature Enhancements

User Experience Improvements

• Added explore to the KBar
• Improved request approver flow with slight visual changes
• Added a new table view in User Settings to display active request reviewer delegations, making it easier to manage and track who can review requests on your behalf
• Added manager full name and manager ID to user export CSVs
• Display Role name on soon to expire notification subevent table

Search and Filtering

• Enhanced search filter on Inventory group users or resource user tables to now filter on names, email, or position
• Added the ability to filter resources by remote ID and resource type in the Resources API, enabling more precise resource lookups based on external system identifiers

API Enhancements

• Added REST Public API support for Github Org Roles

Bug Fixes

• Updated errors to include more details when Jira credentials are incorrect

Self-hosted only

• Added ability to tune memory requests and limits for some key opal pods

Feature Enhancements

Access Review Improvements

• Enhanced Resource Preview with pagination, sorting, and filtering capabilities
• Added pagination and sorting to Group Preview, improving performance for large datasets
• Replaced "Other Reviewers" column with a comprehensive list view instead of an icon

API Enhancements

• Added ability to request all resources a user has access to via the API

Integrations

• Added support for GitHub app installations
• Implemented app validations for Tailscale and allow authentication via OAuth instead of API keys
• Enabled automatic provisioning of Snowflake users
• Updated roles dropdown under User Access tab on resources

User Experience Improvements

• Changed resource creation flow to use modal instead of full page
• URLs are now clickable links in custom field descriptions and labels
• Performance improvements for the Risk Center

Bug Fixes

• Fixed issue where Soon To Expire notifications were being sent multiple times for the same asset
• Fixed conjugation/pluralization issue in Request Ticket banner
• (Self-Hosted only): Resolved a bug in Kubernetes manifest formatting that was preventing upgrades

• [Airgap Self-Hosted Only] Fixed a bug where customers could not toggle dry-run/read-only modes, nor update org-wise notification settings.
• [Self-Hosted only]: Fixed a bug in kubernetes manifest formatting that prevented upgrades.

• Fix bug in ensuring Soon To Expire notifications aren't sent twice for the same asset and notification period
• Replace Other Reviewers column in Access Reviews with a list rather than an icon
• URLs are now linked in custom field descriptions and labels
• Fixed conjugation/pluralization issue in Request Ticket banner
• Updated Creating resources UX to use modal instead of full page

• Fixed a bug where assets were still selected after removing from Bundle
• Updated Jira integration to use their new search endpoint. You must update or Opal cannot query the status of existing tickets during sync.

• Fix bug on Owners group escalation policy where opening the edit form would not reflect the current state of the policy when on
• Adding support for startTLS over smtp connections using port 587

• Improved Risk Center page performance
• Fixed a bug in UARs where some groups and resources were not appearing in the generated PDF

• Fixed an issue where grants and ipsets would be dropped from the Tailscale policy file.
• Fixed an issue where propagating access to two Okta roles at the same time would sometimes result in the user gaining access to only one of the roles.
• Fixed an issue that caused duplicate events to be created when removing a group from another group.
• Fixed an issue where Manage in Inventory was missing in the group details modal.
• Fixed issues related to bulk selecting bundle assets.
• Added target_user_id and requester_id to requests API filters.
• Added database support for request reviewer delegations, allowing users to delegate their request review responsibilities to other users for a specified time period.
• Added lastSuccessfulSyncto groups API.
• Added lastSuccessfulSync to resources API.
• Updated Event Filters modal styling.
• Increased task timeout for most tasks to 3 hours.
• Moved remote events to the Usage tab for Okta apps, AWS IAM roles, and resources in custom connectors.
  • Note: The Events tab on all resources, as well as CSV exports, the Events API, and Event Streaming, will contain only events originating in Opal.