Releases

The OpenMetadata community is on a monthly release cadence. At every 4-5 weeks we will be releasing a new version.

Upgrade OpenMetadata

Learn how to upgrade your OpenMetadata instance to 2.0.0!

1.13.1 Release

27th June 2026

You can find the GitHub release here.

Changelog

OpenMetadata 1.13.1 is a maintenance release delivering MCP tool improvements, search and reindexing fixes, security patches, connector updates, glossary and governance enhancements, and UI fixes.

🔒 Security

Netty CVE-2026-44249 #28880: Bumped netty-bom to 4.1.135.Final.
Jackson-databind CVE-2026-54512/513/514 #29389: Bumped jackson-databind from 2.18.7 to 2.18.8.
Spring, Micrometer & OpenTelemetry CVE patches #29111: Spring 6.2.18 → 6.2.19, Micrometer upgraded, and OpenTelemetry pinned to patch reported CVEs.
ws CVE-2026-48779 #29122: Bumped ws to 8.21.0.
handlebars CVE-2026-55760 #29221: Bumped handlebars to 4.5.2 to patch a path-traversal vulnerability.
sudo CVE-2026-35535 #29343: Upgraded sudo in the ingestion Docker image.
UI dependency vulnerability fixes #29223 #29241: Bumped undici 6.25.0 → 6.27.0, form-data, dompurify, markdown-it, and js-yaml.
form-data bumped #29349: Updated the form-data package to address reported vulnerabilities.

🤖 MCP (Model Context Protocol)

MCP Registry publishing #27982: Added server.json for publishing openmetadata-mcp to the official MCP Registry, enabling discovery across aggregators like PulseMCP.
MCP tool usage analytics #28352: MCP tool calls now track usage metrics including per-tool latency percentiles, ok/fail counts, and client classification (VS Code, Claude CLI, etc.) with reservoir sampling.
Cap search_metadata response size #28383: Capped search_metadata response size to prevent LLM context overflow and guides LLM clients to use smaller page sizes.
Map MCP error responses to correct HTTP status codes #28622: MCP tool error responses now return the correct HTTP status codes instead of generic errors.
Slim get_entity_lineage payload #28618: Optimized get_entity_lineage MCP tool payload with a slim transform to reduce response size.
Compact create tool responses #28633: create_metric, create_test_case, and create_glossary_term tools now return compact entity representations.
Slim root_cause_analysis payload #28632: Slimmed the root_cause_analysis tool payload to fit within LLM context limits.
Return similarityScore in search_metadata #28512: search_metadata results now include _score as similarityScore for relevance ranking.
Fix entityType filtering in search_metadata #28698: Resolved index routing by entityType to prevent cross-type result leaks and hardened parameter validation.
Search test cases and test suites via search_metadata #28743: search_metadata now supports searching test cases and test suites.
Shared trim util and global response size-budget #28764: Introduced shared response-trim utilities and a global size-budget net across all MCP tools.
Trim wide-table payload in get_entity_details #28776: get_entity_details now trims wide-table payloads (column descriptions, schema/model SQL) to stay within size budgets.
MCP OAuth login fix #29228: Fixed /mcp/callback handling of the active-session shortcut and implicit-flow id_token returned in the URL fragment by SSO.
Fix OAuth state double-encoding #28952: OAuth state is now echoed without double-encoding in the redirect URI.

🔍 Search & Reindexing

Vectorize testSuite/testCase for hybrid search #28669: Test suites and test cases are now vectorized, enabling hybrid (keyword + semantic) search over data quality entities.
Make users and admins searchable by email #28800: Users and admins are now searchable by their email address.
Recreate all indexes on major/minor version upgrade #28885: All search indexes are now recreated on major or minor version upgrades to pick up mapping changes.
Reindex-drift and index health checks #28856: Added reindex-drift detection and index health checks in /system/validate.
Fix reindex OOM on wide tables #28888: Switched to a covering cursor query and added entity name indexes to prevent out-of-sort-memory errors during reindex.
Re-add —recreate-indexes flag #29087: Restored the --recreate-indexes flag to the reindex CLI for backward compatibility.
Staged-index rescue uses index_total #29108: Uses index_total instead of docs.count for staged-index rescue so a failed reindex doesn’t delete a populated index.
Never apply refresh_interval=-1 as live serving value #29153: Prevents refresh_interval=-1 from being applied as a live serving value on index promote.
Cap oversized dataModel column tree at index time #29212: Containers/tables with pathologically large dataModel schemas now have nested column children stripped at index time to prevent OOM.
Regenerate embeddings on dimension change #29437: Embeddings are regenerated when vector dimensions change instead of reusing stale vectors.
Backfill name indexes for distributed reindex pagination #29361: Name indexes are backfilled to support distributed reindex pagination.
Bound column-index fan-out #29377: Bounded table column-index fan-out to prevent reindex OOM on wide tables.
Surface exact/prefix matches first in QuickFilter #29231: QuickFilter aggregations now surface exact and prefix matches first.
Extend best-match ordering to sourceFields/topHits #29296: Extended the best-match ordering logic to sourceFields and topHits requests.
My Data defaults to dataAsset index #29209: Changed the My Data page from the all index to dataAsset for more relevant results.
Stop time-series field propagation #29499: Stopped time-series field propagation to prevent stale data in downstream indexes.

🔌 Connectors & Ingestion

PowerBI datamarts support #28896: Added support for Power BI datamarts.
Fivetran improvements #27270: Various improvements to the Fivetran connector.
Athena: pass catalogId for S3 Tables enumeration #28929: Passes catalogId to get_tables for Athena S3 Tables enumeration.
Athena: ingest Iceberg table properties #27715: Ingests Iceberg table properties from the $properties metatable.
Athena: remove Trino stats #29446: Removed Trino-specific stats from the Athena table profiler.
MySQL: refresh RDS IAM auth token per connection #28730: IAM auth tokens are now refreshed per connection instead of reusing stale tokens.
MySQL: default stored-procedure language to SQL #28898: Unknown stored-procedure languages now default to SQL instead of None.
MySQL: parameterize routines query #29077: Parameterized the MySQL routines query to avoid SQL string interpolation.
Metabase: StarRocks SQL dialect for lineage #29033: StarRocks connections now route to the StarRocks SQL dialect so StarRocks-specific syntax parses correctly for lineage.
Metabase: strip optional clause blocks #29390: Strips [[...]] optional clause blocks before lineage parsing.
Datalake: parse array type nested structures in JSON #27798: Fixed parsing of array type nested structure fields inside JSON files.
Iceberg/Delta: ingest metadata.json with real table columns #28422: Iceberg/Delta metadata.json files are now ingested with real table columns instead of placeholder schema.
Upgrade collate-sqllineage #27413: Upgraded collate-sqllineage to ≥2.1.1 with regression tests.
OpenLineage: reset Kinesis poll inactivity timer #29276: Resets the Kinesis poll inactivity timer per shard to prevent premature stream abandonment.
OpenLineage: de-aggregate KPL records #29037: De-aggregates KPL (Kinesis Producer Library) records in the Kinesis source.
SAP HANA: profiler fix #27483: Fixed CREATE_TIME lookup to use SYS.TABLES with uppercase catalog matching.
Unity Catalog: incremental extraction flag #28906: Added the missing supportsIncrementalMetadataExtraction flag.
dbt Cloud: stale FQN and null timestamp #29525: Fixed dbt Cloud pipeline status using stale FQN and null timestamp.
Secret serialization fixes #28625 #29198 #29216: Preserved secret: prefix during Python SDK serialization, handled empty connection passwords with CustomSecretStr, and hardened serialization for null secrets.
Fix lineage script_exception in ADD_UPDATE_LINEAGE open-metadata/openmetadata-collate#4481: Fixed script exceptions during lineage add/update operations.

📖 Glossary

Cascade glossary rename to child terms in search index #29159: Renaming a glossary now updates the denormalized glossary.name / glossary.fullyQualifiedName on every child term’s search-index doc.
Keep approvals valid after move #29214: Approvals remain valid after a glossary term is moved.
Skip move consolidation #29266: Fixes glossary term move operations by skipping unnecessary consolidation.
Preserve domains through CSV import/export #29509: Glossary term domains are now preserved during CSV bulk import/export, and a domains column is added to the CSV format.
Show approve/reject buttons after Expand All #29295: The Expand-All tree fetch now requests the reviewers field so nested In-Review terms retain their approve/reject buttons.

🛡️ Data Governance & Quality

ODPS Support for Data Products #29154: Added ODPS support for data products with custom intake forms.
Data product support in Observability #28713: Added data product support in the Observability UI and backend.
Preserve data products across domain deletes #29137: When a data product’s domain is changed and the original domain is hard-deleted, the stale relationship is now removed so data products are preserved.
Delete orphaned test cases + guard test-definition deletion #29081: Orphaned test cases can now be hard-deleted, and test-definition deletion is guarded against missing relationships.
Redeploy workflow BPMN on upgrade #29465: Workflow BPMN definitions are redeployed on upgrade so moved or renamed approvals resolve correctly.
Allow bare function references in SpEL conditions #28946: Governance policy SpEL conditions now allow bare references to approved functions.
Snapshot entityStatus for Data Insights #29313: Snapshots entityStatus so Data Insights charts can filter by lifecycle status.
Project tags to DI snapshot #29382: Projects classificationTags and glossaryTags to the Data Insights snapshot.
Add documentation panel to test definition form #29430: Added a documentation panel to the test definition creation form.

🔔 Alerts & Notifications

Match Entity FQN filter against descendants #28833: Entity FQN filters now match against both the entity and its descendants.
Dedup successful change events #28827: Deduplicates successful change events to prevent Postgres ON CONFLICT abort errors.
Observability triggers skip thread events #29112: Observability status triggers no longer fire on thread events.
Owner/user name filters match dotted usernames #29523: Owner and user name filters now correctly match usernames containing a dot.

🔐 Authentication

OIDC/SAML self-signup persists mapped email claim #29227: Self-signup now persists the mapped email claim from OIDC/SAML.

🧬 Lineage

Render traced edges and nodes #29195: Lineage now visually renders traced edges and nodes.
Restore edges in lineage PNG export #29250: Edges are restored after canvas re-render in the lineage PNG export.
Fix PNG lineage export download #29362: Fixed PNG lineage export download and late loading spinner.
Correct nodeDepth for fetched nodes #27477: Updates nodeDepth on fetched nodes using the base nodeDepth.
Drop nodeDepth partitioning for ELK #29224: Dropped nodeDepth partitioning so ELK derives lineage layers from edges.

⚙️ Platform

Re-arm audit log consumer trigger on startup #28821: The audit log consumer trigger is now re-armed on startup instead of being skipped when the Quartz job already exists, preventing silent audit event loss after restarts.
Validate Flowable pool connections for DB failover #28835: Enabled MyBatis pool-ping validation (SELECT 1) on the Flowable runtime engine so connections idle past 30 seconds are validated and replaced before reuse, surviving Aurora/RDS failovers and maintenance restarts.
Defer row fetch in audit logs list query #28851: Avoids a full-row scan when listing audit logs.
AuditLogConsumer offset gap resilience #29252: The audit log consumer no longer skips events when change_event.offset gaps appear under concurrent writes.
Concatenate multi-line SSE data fields #28945: Multi-line SSE data: fields are now concatenated instead of overwritten.
Force UTF-8 decoding in SSE #29532: Forces UTF-8 decoding in SSE streams to prevent JSON truncation on multibyte characters.
Persist nested column changes on PATCH #28837: Nested column changes are now persisted on optimistic-locking PATCH operations.
Sync IngestionPipeline schedule on app changes #28702: When an app’s schedule changes, the backing IngestionPipeline.scheduleInterval is now synced so K8s/Argo/Hybrid runners pick up the new schedule.
Support double-quotes in FQN #28697: Fully qualified names now support double-quoted segments, with guard and repair logic for corrupt FQNs.
Surface external secret read failures #28767: External secret read failures are now surfaced instead of being misrouted to create.
Fix SocketAddressFilter NPE #29263: Fixed NPE on WebSocket handshake without a query string.
Fix RDF Fuseki bulk write timeouts #28564: Fixed bulk write timeouts in the RDF Fuseki integration.
RDF: index additional entity types #29327: Dashboard, DashboardDataModel, Table, and StoredProcedure are now properly indexed in the knowledge graph.
RDF glossary term filtering #29368: Added support for RDF glossary term filtering.
Slow Data Retention cleanup fix #29363: Fixed slow, memory-bound Data Retention entity relationship cleanup.
Backfill pipeline service edges #29529: Migration backfills pipeline service edges in 1.13.1.
Disabled new sidebar items by default for existing personas #29032: New sidebar items are disabled by default for existing personas to avoid unexpected navigation changes.
Remove content/column name split for classification #29203: Removed the content/column name split for classification processing.

🎛️ UI

Prevent ontology graph crash on large glossaries #29270: Prevented the ontology relations graph from crashing on large glossaries.
Block-editor link modal in drawers #29374: Kept the link modal usable inside focus-trapping drawers.
Preserve Persona navigation ordering #29353: Saved Persona navigation ordering is now preserved on reload.
Scope “between” operator to numeric custom properties #29335: The between operator now correctly sends the upper bound for numeric custom properties only.
Tag column filter on nested tables #29075: Tag column filter on nested schema/column tables now shows only matching fields.
Hide disabled Tiers from dropdown #29466: Disabled Tiers are now hidden from the Tier selection dropdown.
Data product filter in Data Quality #29456: Included data product filter in Data Quality parameters.
Data Quality pagination #29512: Forwarded showPagination to the DataQualityTab component.
FQN double-quote support in UI #28697: Added double-quoted name support in the UI FQN utility.
Untitled-UI dropdowns for Add Assets drawer #29168: Replaced quick-filters in the Add Assets drawer with Untitled-UI dropdowns.

1.13.0 Release

8th June 2026

You can find the GitHub release here.

What’s New

MCP Services

MCP (Model Context Protocol) is now a first-class service category with service entities, server entities, execution logs, test-connection support, REST resources, and UI pages.

Usage analytics expose summary, history, tool breakdown, user breakdown, and current-user usage
MCP OAuth now supports SAML SSO authentication
Client secrets are not issued to public clients
get_entity_details now surfaces custom properties in responses

Knowledge Graph and RDF

Requires Apache Jena. Run the RDF Knowledge Graph Index App after upgrade for first-time users.

Distributed RDF indexing with state tables for jobs, partitions, locks, and server stats
Glossary membership scoping, relation cleanup, distributed mode, and compaction
Revamped graph with custom nodes, relation details, and distributed indexing status

Search Index Performance and Live Indexing

Tunable settings: refresh interval, replica count, translog durability, sync interval, and per-entity overrides
Per-stage reindex timing metrics for reader, process, sink, and vector stages
Live indexing retries on failure with a dead-letter queue for failed items
Search results can be exported to CSV from the Explore page under Tools

The Search Index App schedule has moved to weekly — review your schedule configuration before upgrading.

Ontology Explorer

New first-class governance page at /governance/ontology with graph filters, layout controls, side-panel entity details, and export controls.

Typed Glossary Term Relations

New relation types: relatedTo, synonym, antonym, broader, narrower, partOf, hasPart, calculatedFrom, usedToCalculate, seeAlso

New governance settings page to manage relation types
Relation badges, filters, and graph views throughout Glossary UI
Concept mappings for external IRIs and SKOS-style relation types
APIs for relation usage counts, asset counts, batch fetch, add/remove, and relation graph

Data Marketplace

New sidebar and routes at /data-marketplace, /data-marketplace/domains, /data-marketplace/data-products
Customizable landing page with widgets for domains, data products, announcements, and search

AI and Hybrid Search

Google Gemini embedding provider with configurable dimensions and endpoint override
OpenAI NLQ: modelId, request timeouts, max tokens, and temperature now configurable
Hybrid search tuning: keyword/semantic weights, RRF settings, semantic score threshold, highlight fragment size
textToLLMContext and vector body-text extension hooks

Data Quality and Profiler

Dynamic and static sampling via profileSampleConfig
Explicit metrics selection per profiler run
Top-dimension controls for dimensional test cases
Bulk add and select-all for logical and bundle test suites
Dashboard widgets and filters: data products, certification, incident status, tiers, entity health
Storage auto-classification for containers with language-aware recognizer selection
Deterministic MySQL median behavior

Governance and Workflows

Data-contract references across data assets and service entities
Workflow triggers extended: data product, data contract, glossary terms, input ports, output ports
Approval tasks show proposed changes with clickable entity links, domain stamped on creation
Self-approval prevention for workflow change requests
New Archived entity status

New Connectors

Connector	Type	Highlights
Google Drive	Storage	Ingestion connector and example workflow
Pub/Sub	Messaging	Test-connection support
QuestDB	Database	—
IOMETE	Database	—
SAP SuccessFactors	Database	—
SAP S/4HANA	Dashboard	—
Matillion Data Cloud	Pipeline	—
Airflow 3.x	Pipeline	API-based connector; constraints upgraded to 3.2.1

Connector Improvements

Snowflake — opt-in ACCESS_HISTORY lineage path; queries chunked by day to avoid timeouts
Unity Catalog — incremental metadata extraction, only fetching changed entities since last run
SSRS — report-to-dataset lineage
Metabase — chart-level lineage extraction
OpenLineage — Glue, Kusto, Cosmos DB naming; symlinks facet for Iceberg; pipeline node for single-sided lineage
Storage — compressed archive ingestion (ZIP, tar, gzip) in S3, ADLS, GCS; Redis caching for container ancestors
MySQL — queryHistoryTable option; GCP Cloud SQL IAM support
Athena — catalogId for S3 Tables and cross-account Glue
Oracle — preserveIdentifierCase and useDBATable options
S3, ADLS, GCS — profiling capability flags; REST connector S3 and SSL config

Platform, Cache, and Operability

Read-bundle prefetch and cache warmup for tags, certifications, relationships, containers, and ancestors
Redis: cache metrics, distributed warmup, per-command timeout defaulting to 300 ms
Deadlock retry handling and reduced write deadlocks
JSON log format via LOG_FORMAT=json, streamable logs, non-blocking handlers
QoS request admission enabled by default via QOS_* settings
CSP nonce handling and web security headers: COEP, CORP, COOP
Regenerate-bot-tokens for JWT key rotation
db-tune ops subcommand and production RDS runbook
Diagnostics v2 framework — legacy ExecutionTimeTracker removed

Columns as Independent Entities

Columns are now indexed as independent entities. They appear in asset counts and are the default entity shown in Explore when selecting a database service.

Previously, tables were shown as the default entity in Explore for database services. This is a behavioral change — verify your Explore configurations after upgrading.

Upgrade Notes and Breaking Changes

Connector and Ingestion Changes

Iceberg connector removed — services migrated to CustomDatabase, pipelines hard-deleted. Update any YAML or automation referencing serviceType: Iceberg
Databricks/Unity Catalog scheme changed from databricks+connector to databricks. Stored configs are migrated; external YAMLs must be updated manually
Profiler sampling changed to profileSampleConfig. Old fields profileSample, profileSampleType, samplingMethodType, and computeMetrics are removed
randomizedSample defaults now explicitly false in migrated configs
Python ingestion targets 3.10, 3.11, 3.12. Key deps: SQLAlchemy 2.x, pandas 2.1.x, pyodbc 5.3.x, Airflow 3.2.1, Databricks SQLAlchemy 2.x
Storage manifest partitionColumns uses a smaller partition-column shape

API and Schema Changes

Feed APIs no longer accept from in createThread or createPost — remove it from client payloads
Search payloads removed the semanticSearch boolean
Application schemas renamed preview to enabled with inverted meaning — custom app manifests must use enabled
Webhook moved from secretKey to authType object (no auth / bearer / OAuth2)
Custom property names must start alphanumeric and cannot contain / or ~
Glossary relatedTerms changed to typed TermRelation objects — existing data migrated to relatedTo
entity_relationship primary key now includes relationType
Logical-suite add endpoint deprecated — use PUT /api/v1/dataQuality/testCases/logicalTestCases/bulk
Bulk Assets dryRun now enforced for tag, glossary, dataProduct, and team removes
New Archived entity status — update any hard-coded status enums

Operational Notes

Quartz tables are cleared during migration. Stop all instances before upgrading.

Postgres fqnHash text_pattern_ops indexes added or replaced — runbook included in the migration file if the build is interrupted
New tables for MCP services, servers, executions, RDF indexing jobs, partitions, locks, and server stats
SERVER_CHANGE_LOG historical gaps backfilled — missing entries caused data-insights timeline holes
Profiler pipeline cleanup force-executed on upgrade to clear stuck pre-1.13 state
LOG_FORMAT=json now supported — review any custom Dropwizard logging config
QoS admission enabled by default — check QOS_* settings if adjustment needed
Redis per-command timeout defaults to 300 ms — tune for slow Redis deployments

Bug Fixes

Search and Reindexing

Fixed nested children causing Elasticsearch/OpenSearch mapping-depth failures
Fixed stale file-extension aggregation on v1.13.0 upgrade causing 500 errors on file search
Fixed stale flattened-children highlight field on v1.13.0 upgrade causing 500 errors on container search
Fixed search_after silently dropping entities when sort value contains a comma
Fixed query, worksheet, and file reindexing missing relationship fields
Fixed search-index alias resolution for entity-specific and OpenSearch cluster prefixes
Fixed batch-prefetch of upstream lineage leaking Hikari connections during bulk reindex
Fixed soft-delete propagation to time-series child aliases
Fixed clean reindex jobs incorrectly marked failed when only warnings existed
Fixed text-field sorting and aggregation .keyword resolution
Fixed user index searches on nested owners queries
Fixed advanced-search Contains and Not Contains operators for description field

Glossary, Tags, and Governance

Fixed glossary relation rendering for multiple relation types between the same term pair
Fixed related-term tooltip sanitization and relation badge colors and icons
Fixed tag rename and relationship cache invalidation
Fixed TagLabel server fields lost when saving tags
Fixed certification tags leaking into regular tags and missing appliedBy audit trail
Fixed soft-deleted users appearing in experts and reviewers selectors
Fixed hyperlink workflow rules and Tags/Tier field ambiguity

Data Quality and Profiler

Fixed test-case suite search membership preservation
Fixed tier and certification filter queries in Data Quality dashboard
Fixed incident manager status and severity chip behavior
Fixed TableColumnCountToBeBetween API responses
Fixed column profile percentages showing 0% for zero proportions
Fixed tableCustomSQLQuery ignoring computePassedFailedRowCount flag
Fixed orphan test cases breaking search indexing
Fixed sample randomization at 100% sample

Ingestion and Connectors

Fixed single bad table aborting entire schema ingestion run
Fixed Snowflake and OpenMetadata socket waits causing silent hangs
Fixed Power BI lineage buffer flushing, TSQL Sql.Database parsing, and workspace cache scope
Fixed Databricks nested column descriptions and SQLAlchemy 2.x compatibility
Fixed Databricks and Unity Catalog valueless tags being silently dropped
Fixed Datalake JSON columns typed as string for empty dict values
Fixed MySQL profiler median query quoting and deterministic behavior
Fixed Redshift interval, numeric, and timestamp precision parsing, view definition, IAM auth, and LISTAGG errors
Fixed Oracle, MSSQL, Athena, and Redshift profiler under SQLAlchemy 2.0
Fixed dbt column tags, snapshot model patching, compiled-only test results, and test entity links
Fixed SQL Server temporal-table period columns classified as PII
Fixed SQLAlchemy engine resource leak on multi-database source iteration
Fixed ADLS object counts scoped to configured sub-path
Fixed PII recognizer selection based on configured language
Fixed runtime spaCy model loading for non-root containers

UI and UX

Fixed unknown service categories returning 404
Fixed Explore page column icon display, search term warnings, and text overflow
Fixed lineage edge misalignment, edge hover, temporary lineage table nodes, and service nodes
Fixed table constraints UI and cluster-key constraint display and editing
Fixed dotted custom-property names display
Fixed custom relation badge color handling and overlapping badges
Fixed activity feed, task notification refresh, and approval task rendering
Fixed MSAL and SAML token renewal and Safari SSO session loss
Fixed copy-to-clipboard in non-secure contexts
Fixed charts not deleted when parent dashboard or service is deleted
Fixed column.extension values silently dropped on entity creation

Security and Dependencies

AWS SDK pinned to 2.41.30 — clears CloudFront CVE
Airflow upgraded to 3.2.1 — clears 7 CVEs
gnutls, libcap, openssh, and rsync CVEs closed in ingestion Docker images
Test-connection workflow triggers now require authorization
Python ingestion: explicit jsonify at route level to break XSS taint chain
Axios, dompurify, follow-redirects, and related UI CVE fixes
Jetty and pac4j upgraded for Java-side CVEs

View the full changelog

1.12.12 Release

24th June 2026

You can find the GitHub release here.

Changelog

OpenMetadata 1.12.12 is a maintenance release delivering security patches, search and performance improvements, lineage and UI enhancements, and connector updates.

🔒 Security

sudo upgraded for CVE-2026-35535 #29343: Upgraded sudo in the ingestion image to patch CVE-2026-35535.
Spring, Micrometer & OpenTelemetry CVE patches #29111: Spring 6.2.18 → 6.2.19 (CVE-2026-41850, CVE-2026-41851), Micrometer 1.14.5 → 1.15.12, and pinned OpenTelemetry to patch reported CVEs.
ws bumped for CVE-2026-48779 #29122: Updated ws to 8.21.0.
handlebars bumped for CVE-2026-55760 #29221: Updated handlebars to 4.5.2 to patch a path-traversal vulnerability.
form-data bumped #29349: Updated the form-data package to address reported vulnerabilities.
markdown-it bumped #29057: markdown-it 14.1.1 → 14.2.0.
UI dependency vulnerability fixes #29223: Addressed assorted UI vulnerabilities, including Vite and form-data 3.0.4 → 3.0.5 updates.
undici & form-data bumped #29241: Bumps undici 6.25.0 → 6.27.0 and form-data to 4.0.5.

🔍 Search & Performance

Cap oversized dataModel column trees at index time #29212: Containers/tables with pathologically large dataModel schemas (hundreds of thousands of columns) produced multi-hundred-MB search documents that could OOM the server on read/reindex. The oversized-doc guard now also strips nested column children and derived columnNames/columnNamesFuzzy once a doc is still over the cap after lineage stripping. Top-level columns and the full schema (via the entity API) are preserved.
Column tag filtering in advanced search #28871: Added column-tag filtering to advanced search.
Defer row fetch in audit logs list query #28851: Avoids a full-row scan when listing audit logs.
AuditLogConsumer dropping events on offset gaps #29252: change_event.offset is AUTO_INCREMENT/SERIAL and only visible at commit, so under concurrent writes a lower offset can become visible after a higher one. The consumer no longer skips audit events across these offset gaps.

🧬 Lineage

Render traced edges and nodes #29195: Lineage now visually renders traced edges and nodes.
Restore edges in lineage PNG export #29250: Edges are restored after canvas re-render in the lineage PNG export.
Fix selector for export lineage 5b4fe8c: Fixed the selector used for lineage export.
Correct nodeDepth for fetched nodes #27477: Updates nodeDepth on fetched nodes using the base nodeDepth (Issue #25388).

📖 Glossary

Approve/reject buttons missing after Expand All #29292: The Expand-All tree fetch omitted the reviewers field, so nested In-Review terms lost their approve/reject buttons. Reviewers are now requested so the buttons remain for nested terms.
Approval re-triggers on approved-term rename 1755135: Renaming an already-approved term now records name/parent on the change description so the approval workflow re-triggers correctly.
Keep approvals valid after move #29234: Approvals remain valid after a glossary term is moved.
Cascade glossary rename to child terms in search index #29134: Renaming a glossary now updates the denormalized glossary.name / glossary.fullyQualifiedName on every child term’s search-index doc.

🔐 Authentication

MCP OAuth login fails with 400 on id_token fragment #29228: Fixed /mcp/callback handling of the active-session shortcut and implicit-flow id_token returned in the URL fragment by SSO.
OIDC/SAML self-signup persists mapped email claim #29227: Self-signup now persists the mapped email claim from OIDC/SAML.

🛡️ Data Governance & Quality

Preserve data products across domain deletes #29138: When a data product’s domain was changed and the original domain was then recursively hard-deleted, the data product was incorrectly deleted via a stale domain→dataProduct relationship. The stale relationship is now removed so data products are preserved.
Delete orphaned test cases + guard test-definition deletion #29081: Orphaned test cases (whose testDefinition relationship was removed) can now be hard-deleted, and test-definition deletion is guarded against the missing relationship.

⚙️ Apps & Ingestion

Sync IngestionPipeline scheduleInterval on app schedule changes #28702: When an external app’s schedule changes (scheduled→manual or a cron edit), the backing IngestionPipeline scheduleInterval is now synced so K8s/Argo/Hybrid runners pick up the new schedule.
Skip CSV consolidation without a previous version #29088: Avoids CSV consolidation when there is no previous version to consolidate against.

🎛️ UI

Scope “between” operator fix to numeric custom properties #29334: The between operator now correctly sends the upper bound for numeric custom properties only (Issue #27482).

🔌 Connectors

Snowflake: create Query entities in ACCESS_HISTORY lineage #29125: The opt-in ACCESS_HISTORY lineage path now emits a CreateQueryRequest per edge so the originating SQL surfaces as Query entities, and fixes a probe issue.
Snowflake: forward-port ACCESS_HISTORY lineage + cache fixes #29036: Forward-ports the opt-in ACCESS_HISTORY lineage path and cache fixes.
Metabase: StarRocks SQL dialect for lineage #29033: StarRocks connections now route to the StarRocks SQL dialect so StarRocks-specific syntax in Metabase native queries (e.g. to_bitmap(), bitmap_union_count()) parses correctly for lineage (Issue #28934).

1.12.11 Release

12th June 2026

You can find the GitHub release here.

Changelog

OpenMetadata 1.12.11 is a maintenance release delivering security patches, MCP improvements, AI enhancements, search fixes, UI enhancements, ingestion stability improvements, and connector updates.

🔒 Security patches

React-router-dom security upgrade #28677: Snyk security upgrade of react-router-dom from 6.30.3 to 6.30.4 to address reported vulnerabilities.
Netty-bom bumped for CVE-2026-44249 #28880: Updated netty-bom to 4.1.135.Final to resolve CVE-2026-44249.

🔌 MCP fixes

Compact entity responses from create tools #28633: MCP create metric, test-case, and glossary tools now return a compact entity representation to reduce payload size.
Compact entity response from create_article tool: The create_article MCP tool now returns a compact entity representation, consistent with other create tools.
Slim root_cause_analysis payload #28632: Reduced root_cause_analysis tool payload size to fit within LLM context limits.
Return similarity score in search_metadata tool #28512: The search_metadata MCP tool now returns _score as similarityScore in results.
Fix entityType filtering in search_metadata tool #28698: Resolved incorrect entity type filtering behavior in the search_metadata MCP tool.
Fix OAuth state double-encoding in redirect URI #28953: Corrected OAuth state encoding to prevent double-encoding in MCP redirect URIs.

🛠 API and backend fixes

Fix duplicate query error in bulk APIs #25890: Resolved an error caused by duplicate queries being submitted through bulk API operations.
Write server audit entries to audit.log #28782: Server audit events are now properly written to the audit.log file for observability and compliance.
Fix SSE multi-line data field concatenation #28945: Multi-line SSE data fields are now correctly concatenated instead of being overwritten.
Allow bare references to approved functions in SpEL conditions #28946: Policy engine now correctly evaluates bare function references in SpEL-based policy conditions.
Drop unsupported om-event-layout from console appender: Removed the unsupported om-event-layout configuration from the console appender to prevent startup warnings and misconfigurations.

🔍 Search and indexing fixes

Fix missing search aliases after reindex #28667: Resolved an issue where search aliases were missing after reindexing by atomically deleting the concrete index within the alias swap.
Make users and admins searchable by email #28800: Users and admins can now be found via search using their email address.
Re-derive tag fields on live tag-mutating updates #28900: Fixed an issue where glossaryTags, classificationTags, and tier were not re-derived correctly during live tag updates.
Fix search preview inconsistent behavior #28589: Resolved inconsistent behavior in the entity search preview panel.

🎨 UI and UX fixes

Restore import/export buttons for conditional EditAll policies #27488: Users with Data Producer roles using conditional policies (isOwner(), hasDomain(), matchTeam()) can now correctly see Import/Export options in the Glossary manage menu.
Fix bulk-ops column grid showing soft-deleted entities #28653: Soft-deleted entities are now excluded from the bulk operations column grid.
Brand name environment variable support #28624: UI now uses a BRAND_NAME environment variable in place of hardcoded “OpenMetadata” references for easier white-labeling.
Fix Global Domain Filter translation #25982: Corrected translation for the Global Domain Filter UI element.
Fix mixed language display when browser language differs from user setting #25962: Resolved an issue where UI displayed mixed languages when the browser language differed from the user’s selected language.
Fix SSO documentation format: Corrected the format of SSO configuration documentation displayed in the UI.

✈️ Ingestion fixes

Fix DagContext autoregister race in Airflow build_dag #28744: Resolved a race condition caused by DagContext autoregistration during DAG construction in Airflow APIs.
Comprehensive diagnostics for Airflow connection check #28516: Added detailed diagnostic output to the Airflow connection check to help debug connectivity issues.
Fix Iceberg/Delta metadata.json ingestion #28845: Corrected ingestion of Iceberg and Delta table metadata.json files to properly include real table columns.

🔌 Connectors

SSIS: optional databaseConnection for file-only mode #28708: The databaseConnection field is now optional in SSIS connector configuration, enabling file-only ingestion mode.
Athena: catalogId support for S3 Tables and cross-account Glue catalogs #28956: Added catalogId support to Athena connection configuration for S3 Tables and cross-account Glue catalog access.
SSIS: SQL Command, Execute SQL Task, Lookup task, and column-level lineage: Extended SSIS connector with support for SQL Command tasks, Execute SQL Task, Lookup transformations, and column-level lineage extraction.

🤖 AI enhancements

Documentation Agent sample data for descriptions: The Documentation Agent now uses sample data when generating descriptions, improving the quality and relevance of AI-generated entity documentation.

🐛 General bug fixes

Fix tag FQN rewrite on entity rename #28725: Implemented boundary-aware idempotent tag FQN rewriting during entity rename operations to prevent incorrect partial matches.
Preserve secret: prefix in Python SDK serialization #28625: Fixed Python SDK to preserve the secret: prefix during object serialization.
Lineage: dedup queries and handle conflicts as warnings #28757: Lineage query deduplication is now applied, and already-present query conflicts are treated as warnings rather than errors.
Fix data insights service filter on terms aggregation rebuild #28716: Data insights now correctly preserves the service filter when rebuilding terms aggregations.
Fix alerts Entity FQN filter to match descendants #28833: Alert Entity FQN filters now correctly match against an entity and all of its descendants.
Fix metadata-exporter credential decryption on re-dispatch: Resolved an issue where the metadata exporter failed to decrypt credentials when re-dispatching export jobs.
Fix notification template <br> line break preservation: Corrected notification templates to properly preserve <br> line breaks instead of stripping them.

View the full changelog

1.12.10 Release

3rd June 2026

You can find the GitHub release here.

Changelog

OpenMetadata 1.12.10 is a maintenance release delivering critical security patches, Model Context Protocol (MCP) enhancements, and targeted bug fixes across migrations, search, UI, and ingestion runtime.

🔒 Security patches

Snyk high/critical dependency patches in ingestion #28623: Patches high and critical Snyk findings across ingestion dependencies to address multiple common vulnerabilities and exposures (CVEs).
Jackson-core and CloudFront Snyk high patches #28614: Resolves Snyk high-severity vulnerabilities in jackson-core 3.0.2 and cloudfront 2.30.19.
Axios version bump for Retire.js vulnerabilities #28582: Updates the frontend dependency to address reported Retire.js vulnerabilities.
Cross-site scripting (XSS) security fix with explicit jsonify #28574: Makes jsonify explicit at the route level to break XSS taint chains.
CVE fixes in ingestion images #28534: Closes gnutls, libcap, openssh, and rsync CVEs in ingestion container images.
mlflow-skinny and jsonify security bumps #28501: Updates mlflow-skinny and surfaces jsonify in the trigger route for security.
Presidio utils XSS false positives fix #28535: Drops **kwargs Any from presidio_utils factories to clear XSS false positives.

🔌 MCP enhancements

MCP tool errors mapped to correct HTTP status codes #28644: MCP now maps tool errors to the correct HTTP status codes.
New MCP tools added #28586: Extends MCP tool capabilities with new tools for enhanced functionality.
Optimized get_entity_lineage MCP tool payload #28618: Reduces the payload size of the get_entity_lineage tool with a slim transform optimization.
MCP custom properties in get_entity_details #28594: Surfaces custom extension properties in get_entity_details tool responses.
MCP single sign-on (SSO) support in OAuth flow #28548: Adds SAML SSO support for the MCP OAuth authentication flow.
MCP client secret handling for public clients #28552: Fixes client secret issuance to no longer send secrets to public clients.
MCP prefers application/json over SSE #28558: MCP now prefers the application/json response format when a client accepts both JSON and SSE.
MCP tool usage improvements #28352: Enhances MCP tool usage tracking and execution capabilities.

🛠 API and migration fixes

Migration heals stuck PostgreSQL certification #28635: Fixes migration to heal stuck PostgreSQL certification records stranded by the v1.12.5 update.
Migration casts :metadata to JSON on PostgreSQL tag_usage #28504: Corrects metadata field casting in PostgreSQL tag_usage insert statements.

🔍 Search and indexing fixes

Search by nested field names for topics and API endpoints #28610: Resolves an issue where nested field name searches failed for topics and API endpoints.
Stale file extension aggregation scrubbed on upgrade #28565: Prevents file search 500 errors by cleaning up stale file extension aggregation data during upgrade.
Backport of immense-term children mapping fix #28572: Applies a fix for deeply nested children fields that were causing search mapping issues.
Orphan test cases no longer break search indexing #28159: Prevents orphaned test cases from causing search index failures.

🎨 UI and UX fixes

Entity type filter update button click fixed #28573: Corrects the entity type filter interaction where the update button click was not being registered.
Translation fixes for ru-RU and ko-KR locales #28584: Corrects translation values for Russian and Korean language packs.
Test suite pre-selects every test case already in suite #28543: Fixes test case selection logic to pre-select all test cases already added to a suite.

🐛 General bug fixes

Classification visit method fixed #28636: Corrects the visit method for classification entity traversal.
Flaky domain and data product rename fixed #28580: Improves stability of domain and data product rename operations by handling search version conflicts.
fasturi dependency fix #28139: Updates the fasturi dependency to resolve compatibility issues.

📦 Dependencies and infrastructure

Kubernetes client pinned below 36.0.0 (from v1.12.9): Maintains compatibility by capping the Kubernetes Python client to avoid breaking API changes.

View the full changelog

1.12.9 Release - Archived

28th May 2026

You can find the GitHub release here.

Changelog

OpenMetadata 1.12.9 is a maintenance release delivering new connector capabilities, performance improvements for workflow execution, and targeted bug fixes across search, ingestion, UI, and the OpenMetadata Python client.

✨ New Features

Unity Catalog — incremental metadata extraction #28380: Unity Catalog connector now detects changed tables via information_schema.tables.last_altered and only re-ingests modified entities. Delete detection uses exact catalog matching (preventing wildcard misfires on catalog names containing underscores). Catalog names are validated against an allowlist before SQL interpolation.
Task domains backfilled + stamped on approval #28402: Approval task threads now inherit the domain of the entity being approved, and a migration backfills domains on existing tasks.
Workflow entity extended fields #28398: Workflow entities now support inputPorts, outputPorts, and glossaryTerms fields, bringing them to parity with pipeline and data-flow entities.
MySQL — custom queryHistoryTable #28388: MySQL connector accepts a configurable queryHistoryTable for usage and lineage extraction, enabling use-cases where query history is stored in a non-default location.

🔒 Security

Test-connection workflow authorization #28414: Test-connection workflow triggers now require proper authorization, closing an unauthenticated execution path.
Snyk high/critical dependency patches in ingestion #28340: High and critical Snyk findings patched in ingestion dependencies and code paths.
brace-expansion lockfile bump to 5.0.6 #28244: Resolves a ReDoS advisory in the transitive brace-expansion package.
js-cookie bumped #28315: Frontend dependency bumped to address a Dependabot advisory.
WebSocket Dependabot vulnerability in UI #28320: Dependency update for a reported WebSocket vulnerability in the UI bundle.

🎨 UI Changes

Improvements

Data Quality — column selection dropdowns are searchable #28376: Column selectors in test case forms now include a search box, making it practical to navigate wide tables.

Fixes

Notification links — plural alerts path and Query href #27918: Notification alert links now route to the correct plural /alerts path; Query entity hrefs in notifications are also corrected.
Data Asset Header — permission fix #27967: Resolved a permission check issue in the Data Asset Header component that prevented certain actions for non-admin users.
Bot name search on Bots page #27365: Fixed search not returning results when searching for bots by name on the Bots management page.
Column bulk-ops filters use displayName #28390: Service, database, and schema filter dropdowns in the column bulk-operations flow now display displayName instead of raw FQN fragments.
Bulk-asset operations enforce dryRun #28395: Tag, glossary, and data-product bulk operations now correctly honour the dryRun flag, preventing accidental mutations during preview runs.
Table / dataModel — inline column.extension persisted #28392: Custom extension data attached inline to columns is now saved correctly through POST/PUT calls.
ServicesPage tab accepts ServiceCategory enum values #28375: The :tab route parameter now accepts both the label string and the raw ServiceCategory enum value, fixing deep-links that used enum values.
Unknown service category returns 404 #28372: Navigating to an unrecognised service category now returns a proper 404 page instead of an empty fallback.
KPI widget date format #28370: Added missing space between day and month values in the KPI widget’s X-axis date labels.
Bug fix (#27433) #28266: Backported fix for entity display regression.

🔌 Connectors

Databases

Databricks / Unity Catalog — valueless tags ingested #28294: Tags set without an explicit value (valueless) are now ingested correctly from Databricks and Unity Catalog sources.
Snowflake — discovered databases logged with filter reasons #28385: During schema discovery the Snowflake connector now logs each discovered database alongside the reason when it is filtered out, improving debuggability.

Pipelines / Dashboards

Bulk sink — charts and dataModels created before dashboards #28371: Fixed a bulk sink ordering bug where a Dashboard entity could be flushed before its referenced Charts or DashboardDataModels, causing HTTP 400 rejections from the server. Each topology stage now encodes its position so referenced entities are always created first.
Power BI — sink buffer flushed before lineage resolution #28308: Ensures all Power BI entities are persisted before lineage resolution begins, preventing reference errors during lineage extraction.
Power BI — TSQL dialect for Sql.Database M-query lineage #28380: The Power BI connector now parses Sql.Database M-query expressions using the TSQL dialect, fixing lineage extraction failures on SQL Server-backed datasets.

OpenLineage

Resolve table identity from symlinks facet #28360: OpenLineage events that include a symlinks facet now resolve the true table identity from the symlink, fixing entity matching for Hive/Iceberg tables exposed under alternate names.
Pipeline as node for single-sided lineage #28350: OpenLineage pipelines can now appear as a standalone node in the lineage graph when only one side (input or output) is present, instead of being dropped.

Ingestion Runtime

Kubernetes client capped below 36.0.0 #28331: Pins the Kubernetes Python client to <36.0.0 to avoid a breaking API change introduced in that release.
Ingestion-pipeline status preserved during queued-stage failures #28382: When a queued-stage task fails, the overall pipeline status remains accurate instead of being overwritten with a misleading value.

🛠 API (Backend)

Improvements

Workflow field fetches scoped #28391: Wildcard field fetches in workflow-related queries replaced with scoped field requests, reducing payload size and improving performance.
Data Insights enricher — per-step failure isolation #28379: Enricher step failures are now isolated per-step with individual error tracking, preventing one bad enricher from aborting the entire Data Insights run.

Fixes

Search search_after with special characters in sort values #28386: search_after pagination no longer drops entities whose sort-field value contains special characters.
Search — nested children flattened to avoid ES mapping depth limit #28387: Deeply nested children fields are now flattened before indexing to prevent Elasticsearch/OpenSearch from rejecting documents that exceed the default mapping depth limit.
Table certification cascaded to child search documents #28229: A PATCH to a Table’s certification tag is now propagated to all child search documents, keeping certification state consistent across the search index.
Search-index reindex jobs no longer marked failed on clean completion #28381: Fixed a status-tracking bug that incorrectly recorded clean reindex jobs as failed in the job history.
PDTS duplicate preemption and invalid index-mapping recovery #28373: Migration now preempts duplicate PDTS (Profiler Data Time Series) rows and recovers from invalid search index mappings rather than failing.
MCP — search_metadata response capped #28383: The MCP search_metadata tool response is now capped in size to prevent LLM context overflow when the result set is large.
Alert filter functions use strict literal matching #28393: Alert filter expressions now perform strict literal matching instead of substring matching, preventing false-positive alert triggers.
Test case suite search membership preserved #28271: Test cases now retain their suite membership in the search index after updates, fixing a regression where suites lost members after re-ingestion.
OMeta SSE transport switched to requests #28293: The OpenMetadata Python client now uses requests instead of httpx for SSE (Server-Sent Events) transport, resolving compatibility issues in certain deployment environments.
OMeta — resilient transport with keepalive and retry #28389: The OMeta REST transport now uses keepalive connections and automatic retries on transient failures with a typed RestTransport abstraction.
Shutdown logging captures full streamable log tail #28396: Synchronous shutdown now waits for in-flight streamable log writes to complete, preventing log truncation on graceful shutdown.

Full Changelog: link

1.12.8 Release

13th May 2026

You can find the GitHub release here.

Changelog

OpenMetadata 1.12.8 is a maintenance release focused on hardening the platform against newly disclosed CVEs, eliminating long-standing database hotspots in the search and tag pipelines, and tightening connector behavior across Databricks, Unity Catalog, Athena, Datalake, and OpenLineage. The release also lands several quality-of-life UI fixes around governance approvals, advanced search, and custom properties.

⚠️ Backward Incompatible / Notable Behavior Changes

Notification alerts — Location source removed #27683: The deprecated Location entity has been removed from the list of supported sources in notification alerts. Domain and Data Product are now first-class sources. Existing alerts configured against Location will need to be re-created against a supported source.
ContainerResource default fields trimmed (#27894 follow-up): children is no longer returned by default on GET /v1/containers list responses; clients that depended on the implicit inclusion must request it explicitly via the fields query parameter. This restores the documented behavior and unblocks the batched data-model column tag retrieval below.
Soft-deleted users excluded from Experts/Reviewers #27120: Users marked deleted no longer appear in the Experts/Reviewers selector across entities. Workflows that relied on soft-deleted users remaining visible (for example, restoring an entity to its previous reviewer) must restore the user first.

🔒 Security (Vulnerability Remediation)

This release addresses the May 8 2026 Snyk scan against the 1.12.7 branch and additional CVEs picked up by AWS Inspector. Nine of the highest-severity findings are resolved through direct version bumps; one (libthrift) is force-pinned because upstream Jena has not yet rebased.Backend / Java

CRITICAL — Jetty HTTP Request Smuggling (CVE-2026-2332): org.eclipse.jetty:jetty-http bumped 12.1.6 → 12.1.7 #27996.
HIGH — Apache Thrift (CVE-2026-43869): libthrift force-pinned to 0.23.0 via dependencyManagement to override the vulnerable transitive shipped by apache-jena-libs #28010 / #28035.
HIGH — PostgreSQL JDBC SCRAM-SHA-256 DoS (CVE-2026-42198): org.postgresql:postgresql bumped 42.7.7 → 42.7.11 #27996.
HIGH — BouncyCastle Crypto Signature Bypass + Timing Attack (CVE-2026-5598): bcprov-jdk18on / bcpkix-jdk18on pinned to 1.84, also addressing CVE-2026-0636 and CVE-2026-5588 #27996.
HIGH — Apache Log4j (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480): log4j bumped 2.25.3 → 2.25.4 #27994.
MED — Jackson 3.x deserialization CVEs (GHSA-72hv-8253-57qq): jackson-core bumped 2.17.2 → 2.18.7. jsonschema2pojo-core is now declared <scope>provided</scope> in the common module so the Jackson 3.x transitive is excluded from the runtime classpath, since the annotators it powers only run at build time #28010.
MED — jsonschema2pojo (CVE-2025-3588): jsonschema2pojo bumped 1.2.2 → 1.3.0 (later aligned to 1.3.1 to resolve a maven-plugin classpath issue) #27994.
MED/LOW — Logback (CVE-2025-11226, CVE-2026-1225): logback-core / logback-classic bumped 1.5.19 → 1.5.25 #27996.
Netty: netty-bom bumped 4.1.132 → 4.1.133. netty-transport-native-epoll excluded (Linux-only perf optimization flagged by an overly-broad GHSA range, not used at runtime) #27994 / #28010.
Azure Identity (CVE-2024-35255): azure-identity aligned to 1.15.2 and azure-keyvault bumped to remove vulnerable transitives #27994 / #28010.
Reactor Netty & Spring: reactor-netty and spring bumped to their current patched lines #27996 / #28010.

Frontend / UI

axios upgraded to 1.15.2 to clear reported CVEs in the UI bundle.
postcss pinned to 8.5.10 with a Yarn resolutions override in openmetadata-ui-core-components to resolve the Dependabot advisory #27778.
postcss bumped in the main UI module as well #27729.

Ingestion / Container Images

ImageMagick purged from the ingestion image — it was only a transitive of the Airflow base image, was never used by ingestion code, and continued to surface CVEs after Airflow upgrades. Removing it eliminates the surface entirely #27752.

🎨 UI Changes

Improvements

Approvals show proposed changes inline #27201: Governance approval task threads now render a Proposed Changes section with clickable entity links, so reviewers can see exactly what changed before approving instead of opening the entity in a new tab.
Description added to Advanced Search query builder #27913: The description field is now a first-class searchable attribute with Contains, Not Contains, Is Null, and Is Not Null operators. The descriptionStatus label was also corrected (previously rendered with the wrong key).
Service documentation panel: admonitions + code copy button #27732: The in-product service docs now render note/warning/tip admonitions and add a copy button to fenced code blocks.

Fixes

Clipboard works on non-secure (HTTP) contexts #28003: CodeBlockComponent now uses the useClipboard hook, which falls back to document.execCommand when the modern Clipboard API is unavailable, fixing copy actions for users on self-hosted HTTP deployments.
Custom properties with dots in their name now display #27390: The UI was treating . in custom-property names as a path separator, hiding the property entirely. Names with dots are now rendered correctly.
Tier/Certification tag matching uses FQN prefix, not substring #27700: Prevents unrelated tags whose FQN happened to contain a tier or certification tag’s FQN from being mis-classified.
Upvote/Downvote icon retains primary color after blur #27898: The vote indicator no longer reverts to a neutral color when the entity page loses focus.
AdvancedSearch description option — translations #27961: Missing/incorrect i18n strings on the new description operator filled in across supported locales.
Rich-text editor migration #26887: Removed @toast-ui/react-editor and migrated remaining usages to the in-house BlockEditor, reducing bundle size and eliminating the transitive CVE surface from the abandoned editor package.
ContainerPage tab counts now update reactively: Added childrenCount to the useMemo dependency array so tab badges refresh when children load.

🔌 Connectors

Databases

Databricks — nested column descriptions + SQLAlchemy 2.x #27766: Descriptions on STRUCT/MAP/ARRAY-typed nested columns are now captured during metadata ingestion. The connector is also compatible with sqlalchemy-databricks running on SQLAlchemy 2.x.
Unity Catalog — missing httpPath #27844: The connector no longer hard-fails when httpPath is omitted; it now produces a clear configuration error instead of an opaque stack trace.
Athena — Iceberg table properties #27715: Iceberg-on-Athena tables now ingest table properties from the $properties metatable, surfacing Iceberg-specific metadata (format-version, write.target-file-size-bytes, etc.) in OpenMetadata.
PostgreSQL / MSSQL — mutual TLS #27104: Both connectors now support client-certificate mTLS in addition to server-side SSL, matching enterprise PG/MSSQL hardening requirements.
PostgreSQL — tag_usage seq-scan eliminated #27824: Backport of #27158. The certification tag query now uses the covering index instead of a sequential scan, removing a multi-second hotspot during Data Insights runs on large catalogs.
SQLAlchemy 2.x row access #27643: Replaced old-style row indexing that emitted deprecation warnings on SQLAlchemy 2.x.

Datalake / Object Stores

Datalake — nested arrays of structs in JSON #27798: Array-typed fields whose elements are nested structures are now parsed correctly and surface as proper nested column schemas.

Pipelines / Dashboards

Power BI — additional lineage logging #27970: More granular diagnostic logs in the Power BI lineage extractor make customer-side debugging substantially faster.

OpenLineage

AWS Glue, Kusto, and Cosmos DB dataset naming #27533: Adds dataset-naming support so OpenLineage events from these sources are resolved to the correct OpenMetadata entities.
Namespace-based DB service resolution for db_table #27005: OpenLineage db_table lookups now resolve to the right DB service by namespace, fixing cross-service lineage gaps.
Pipeline/job resolution by integration type #26821: OpenLineage pipelines and jobs are now mapped to their integration type so they show up under the correct pipeline service.

AI / Vector Embeddings

OpenAI embedding concurrency control #26574: Adds a configurable concurrency cap on outbound OpenAI embedding HTTP requests, preventing rate-limit storms during bulk reindex.

Ingestion Runtime

Bulk sink OOM under persistent flush failures #26838: The bulk sink no longer accumulates an unbounded retry buffer when downstream flushes keep failing; the buffer is now bounded and drops with a clear error.
CronOMJob tolerations propagated #27955: Pod tolerations defined on a CronOMJob are now copied to the scheduled OMJob, so taint-isolated nodes keep working after a restart.
PII recognizer language scoping #27919: PII recognizers are now included based on the configured language, eliminating false positives from recognizers loaded for unrelated locales.
dbt-extractor pinned >=0.5.0 #27777: Prevents the ARM-on-pip resolver from falling back to a source distribution that fails to build inside the ingestion container.

🛠 API (Backend)

Improvements

Reindex memory optimization for DatabaseSchema #27723 / #28061: DatabaseSchemaIndex now skips the tables fan-out during reindex, reducing memory pressure on catalogs with very large schemas. All other entity indexes hydrate the full field set as before.
SearchUtils consolidated; fuzzy ngram removed #27636: Merged the duplicated SearchUtils classes into one and dropped the redundant fuzzy match on ngram-tokenized fields (fuzzy + ngram compounded false positives). Adds substantial unit-test coverage.
Certification tag batch query — source filter + indexed hash prefix #27847: The TagUsageDAO.getCertTagsInternalBatch query previously did a tagFQN LIKE 'Certification.%' scan and ran ~12s per call on heavy classification hierarchies. With a source filter and a hash-prefix predicate it now uses the covering index — eliminating ~19 hours of cumulative DB time per Data Insights run on a representative customer instance.
Container data-model column tags — batched #27894: Replaces per-column tag lookups with a single batched query.
IndexResource logs lowered to debug #27588: Reduces production log noise; verbose index lifecycle logs are now gated on DEBUG.

Fixes

DataContract 400 on entities without dataProducts #27861: The endpoint now handles entities that don’t carry a dataProducts field, instead of rejecting the request.
/search endpoint for Roles #27335: Adds the missing GET /v1/roles/search endpoint and aligns role selectors to use server-side search #27737.
MCP — SSE response when client negotiates text/event-stream #27917: The MCP endpoint now correctly returns an SSE-framed response when the client’s Accept header asks for text/event-stream.
MCP OAuth on Databricks #27922: Fixes the OAuth callback handling specific to Databricks-backed MCP clients.
Time-series reindex — stale parentOf is a warning, not a failure #27800: During time-series reindex, an orphaned parentOf reference no longer aborts the run; it’s logged as a warning and the reindex continues.
Column bulk-ops search at scale #27216: Bulk operations on columns now return results consistently on large indices where the previous code path silently returned an empty set above a query-size threshold.
OpenSearch HC5 transport — recoverable I/O reactor shutdown #27698: Transient I/O reactor has been shut down errors are now recovered automatically instead of leaving the client in a permanently failed state.
Vector embedding healthcheck #27616: The /health probe now correctly reflects vector-embedding subsystem availability instead of always reporting healthy.
CSV import — recursive extension validation + row-count accounting #27593 / #27669: Recursive imports now validate entityType per row correctly and the post-import row counts match the file.
TableColumnCountToBeBetween API response #27900: The Data Quality endpoint now returns the expected response shape for this test.
Hyperlink workflow rules — .keyword suffix + Tags/Tier disambiguation #27799: Workflow rule conditions referencing tags/tier no longer match on the analyzed text field; they bind to .keyword so prefix collisions between Tags and Tier are resolved.

Full Changelog: link

1.12.7 Release

11th May 2026

You can find the GitHub release here.

Changelog

OpenMetadata 1.12.7 is a maintenance release focused on hardening the platform against newly disclosed CVEs, eliminating long-standing database hotspots in the search and tag pipelines, and tightening connector behavior across Databricks, Unity Catalog, Athena, Datalake, and OpenLineage. The release also lands several quality-of-life UI fixes around governance approvals, advanced search, and custom properties.

⚠️ Backward Incompatible / Notable Behavior Changes

Notification alerts — Location source removed #27683: The deprecated Location entity has been removed from the list of supported sources in notification alerts. Domain and Data Product are now first-class sources. Existing alerts configured against Location will need to be re-created against a supported source.
ContainerResource default fields trimmed (#27894 follow-up): children is no longer returned by default on GET /v1/containers list responses; clients that depended on the implicit inclusion must request it explicitly via the fields query parameter. This restores the documented behavior and unblocks the batched data-model column tag retrieval below.
Soft-deleted users excluded from Experts/Reviewers #27120: Users marked deleted no longer appear in the Experts/Reviewers selector across entities. Workflows that relied on soft-deleted users remaining visible (for example, restoring an entity to its previous reviewer) must restore the user first.

🔒 Security (Vulnerability Remediation)

CRITICAL — Jetty HTTP Request Smuggling (CVE-2026-2332): org.eclipse.jetty:jetty-http bumped 12.1.6 → 12.1.7 #27996.
HIGH — Apache Thrift (CVE-2026-43869): libthrift force-pinned to 0.23.0 via dependencyManagement to override the vulnerable transitive shipped by apache-jena-libs #28010 / #28035.
HIGH — PostgreSQL JDBC SCRAM-SHA-256 DoS (CVE-2026-42198): org.postgresql:postgresql bumped 42.7.7 → 42.7.11 #27996.
HIGH — BouncyCastle Crypto Signature Bypass + Timing Attack (CVE-2026-5598): bcprov-jdk18on / bcpkix-jdk18on pinned to 1.84, also addressing CVE-2026-0636 and CVE-2026-5588 #27996.
HIGH — Apache Log4j (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480): log4j bumped 2.25.3 → 2.25.4 #27994.
MED — Jackson 3.x deserialization CVEs (GHSA-72hv-8253-57qq): jackson-core bumped 2.17.2 → 2.18.7. jsonschema2pojo-core is now declared <scope>provided</scope> in the common module so the Jackson 3.x transitive is excluded from the runtime classpath, since the annotators it powers only run at build time #28010.
MED — jsonschema2pojo (CVE-2025-3588): jsonschema2pojo bumped 1.2.2 → 1.3.0 (later aligned to 1.3.1 to resolve a maven-plugin classpath issue) #27994.
MED/LOW — Logback (CVE-2025-11226, CVE-2026-1225): logback-core / logback-classic bumped 1.5.19 → 1.5.25 #27996.
Netty: netty-bom bumped 4.1.132 → 4.1.133. netty-transport-native-epoll excluded (Linux-only perf optimization flagged by an overly-broad GHSA range, not used at runtime) #27994 / #28010.
Azure Identity (CVE-2024-35255): azure-identity aligned to 1.15.2 and azure-keyvault bumped to remove vulnerable transitives #27994 / #28010.
Reactor Netty & Spring: reactor-netty and spring bumped to their current patched lines #27996 / #28010.

Frontend / UI

axios upgraded to 1.15.2 to clear reported CVEs in the UI bundle.
postcss pinned to 8.5.10 with a Yarn resolutions override in openmetadata-ui-core-components to resolve the Dependabot advisory #27778.
postcss bumped in the main UI module as well #27729.

Ingestion / Container Images

ImageMagick purged from the ingestion image — it was only a transitive of the Airflow base image, was never used by ingestion code, and continued to surface CVEs after Airflow upgrades. Removing it eliminates the surface entirely #27752.

🎨 UI Changes

Improvements

Approvals show proposed changes inline #27201: Governance approval task threads now render a Proposed Changes section with clickable entity links, so reviewers can see exactly what changed before approving instead of opening the entity in a new tab.
Description added to Advanced Search query builder #27913: The description field is now a first-class searchable attribute with Contains, Not Contains, Is Null, and Is Not Null operators. The descriptionStatus label was also corrected (previously rendered with the wrong key).
Service documentation panel: admonitions + code copy button #27732: The in-product service docs now render note/warning/tip admonitions and add a copy button to fenced code blocks.

Fixes

Clipboard works on non-secure (HTTP) contexts #28003: CodeBlockComponent now uses the useClipboard hook, which falls back to document.execCommand when the modern Clipboard API is unavailable, fixing copy actions for users on self-hosted HTTP deployments.
Custom properties with dots in their name now display #27390: The UI was treating . in custom-property names as a path separator, hiding the property entirely. Names with dots are now rendered correctly.
Tier/Certification tag matching uses FQN prefix, not substring #27700: Prevents unrelated tags whose FQN happened to contain a tier or certification tag’s FQN from being mis-classified.
Upvote/Downvote icon retains primary color after blur #27898: The vote indicator no longer reverts to a neutral color when the entity page loses focus.
AdvancedSearch description option — translations #27961: Missing/incorrect i18n strings on the new description operator filled in across supported locales.
Rich-text editor migration #26887: Removed @toast-ui/react-editor and migrated remaining usages to the in-house BlockEditor, reducing bundle size and eliminating the transitive CVE surface from the abandoned editor package.
ContainerPage tab counts now update reactively: Added childrenCount to the useMemo dependency array so tab badges refresh when children load.

🔌 Connectors

Databases

Databricks — nested column descriptions + SQLAlchemy 2.x #27766: Descriptions on STRUCT/MAP/ARRAY-typed nested columns are now captured during metadata ingestion. The connector is also compatible with sqlalchemy-databricks running on SQLAlchemy 2.x.
Unity Catalog — missing httpPath #27844: The connector no longer hard-fails when httpPath is omitted; it now produces a clear configuration error instead of an opaque stack trace.
Athena — Iceberg table properties #27715: Iceberg-on-Athena tables now ingest table properties from the $properties metatable, surfacing Iceberg-specific metadata (format-version, write.target-file-size-bytes, etc.) in OpenMetadata.
PostgreSQL / MSSQL — mutual TLS #27104: Both connectors now support client-certificate mTLS in addition to server-side SSL, matching enterprise PG/MSSQL hardening requirements.
PostgreSQL — tag_usage seq-scan eliminated #27824: Backport of #27158. The certification tag query now uses the covering index instead of a sequential scan, removing a multi-second hotspot during Data Insights runs on large catalogs.
SQLAlchemy 2.x row access #27643: Replaced old-style row indexing that emitted deprecation warnings on SQLAlchemy 2.x.

Datalake / Object Stores

Datalake — nested arrays of structs in JSON #27798: Array-typed fields whose elements are nested structures are now parsed correctly and surface as proper nested column schemas.

Pipelines / Dashboards

Power BI — additional lineage logging #27970: More granular diagnostic logs in the Power BI lineage extractor make customer-side debugging substantially faster.

OpenLineage

AWS Glue, Kusto, and Cosmos DB dataset naming #27533: Adds dataset-naming support so OpenLineage events from these sources are resolved to the correct OpenMetadata entities.
Namespace-based DB service resolution for db_table #27005: OpenLineage db_table lookups now resolve to the right DB service by namespace, fixing cross-service lineage gaps.
Pipeline/job resolution by integration type #26821: OpenLineage pipelines and jobs are now mapped to their integration type so they show up under the correct pipeline service.

AI / Vector Embeddings

OpenAI embedding concurrency control #26574: Adds a configurable concurrency cap on outbound OpenAI embedding HTTP requests, preventing rate-limit storms during bulk reindex.

Ingestion Runtime

Bulk sink OOM under persistent flush failures #26838: The bulk sink no longer accumulates an unbounded retry buffer when downstream flushes keep failing; the buffer is now bounded and drops with a clear error.
CronOMJob tolerations propagated #27955: Pod tolerations defined on a CronOMJob are now copied to the scheduled OMJob, so taint-isolated nodes keep working after a restart.
PII recognizer language scoping #27919: PII recognizers are now included based on the configured language, eliminating false positives from recognizers loaded for unrelated locales.
dbt-extractor pinned >=0.5.0 #27777: Prevents the ARM-on-pip resolver from falling back to a source distribution that fails to build inside the ingestion container.

🛠 API (Backend)

Improvements

Selective field fetch during reindexing #27723: Introduces SearchIndex#getRequiredReindexFields() so each entity index declares the minimum field set it needs. EntityReader now prunes the underlying DB query accordingly, dramatically reducing memory pressure during full reindex on large catalogs.
SearchUtils consolidated; fuzzy ngram removed #27636: Merged the duplicated SearchUtils classes into one and dropped the redundant fuzzy match on ngram-tokenized fields (fuzzy + ngram compounded false positives). Adds substantial unit-test coverage.
Certification tag batch query — source filter + indexed hash prefix #27847: The TagUsageDAO.getCertTagsInternalBatch query previously did a tagFQN LIKE 'Certification.%' scan and ran ~12s per call on heavy classification hierarchies. With a source filter and a hash-prefix predicate it now uses the covering index — eliminating ~19 hours of cumulative DB time per Data Insights run on a representative customer instance.
Container data-model column tags — batched #27894: Replaces per-column tag lookups with a single batched query.
IndexResource logs lowered to debug #27588: Reduces production log noise; verbose index lifecycle logs are now gated on DEBUG.

Fixes

DataContract 400 on entities without dataProducts #27861: The endpoint now handles entities that don’t carry a dataProducts field, instead of rejecting the request.
/search endpoint for Roles #27335: Adds the missing GET /v1/roles/search endpoint and aligns role selectors to use server-side search #27737.
MCP — SSE response when client negotiates text/event-stream #27917: The MCP endpoint now correctly returns an SSE-framed response when the client’s Accept header asks for text/event-stream.
MCP OAuth on Databricks #27922: Fixes the OAuth callback handling specific to Databricks-backed MCP clients.
Time-series reindex — stale parentOf is a warning, not a failure #27800: During time-series reindex, an orphaned parentOf reference no longer aborts the run; it’s logged as a warning and the reindex continues.
Column bulk-ops search at scale #27216: Bulk operations on columns now return results consistently on large indices where the previous code path silently returned an empty set above a query-size threshold.
OpenSearch HC5 transport — recoverable I/O reactor shutdown #27698: Transient I/O reactor has been shut down errors are now recovered automatically instead of leaving the client in a permanently failed state.
Vector embedding healthcheck #27616: The /health probe now correctly reflects vector-embedding subsystem availability instead of always reporting healthy.
CSV import — recursive extension validation + row-count accounting #27593 / #27669: Recursive imports now validate entityType per row correctly and the post-import row counts match the file.
TableColumnCountToBeBetween API response #27900: The Data Quality endpoint now returns the expected response shape for this test.
Hyperlink workflow rules — .keyword suffix + Tags/Tier disambiguation #27799: Workflow rule conditions referencing tags/tier no longer match on the analyzed text field; they bind to .keyword so prefix collisions between Tags and Tier are resolved.

Full Changelog: link

1.12.6 Release

22nd April 2026

You can find the GitHub release here.

Changelog

Improvements

Platform: Enhanced search index performance and reduced memory footprint during reindex operations to minimize runtime impact
Platform: Improved reliability of bulk indexing with better handling of large payloads and batching
Governance: Refactored certification storage to improve consistency and auditability across entities
Platform: Added support for SAML metadata XML upload to simplify SSO configuration
Ingestion: Improved Looker ingestion error handling with safer logging and better diagnostics
AI/Platform: Introduced safeguards for large payload handling in vector embedding workflows to prevent system overload

Fixes

Security: Addressed multiple vulnerabilities by upgrading dependencies including MCP Java SDK and netty-bom (CVE-2026-34237, CVE-2026-33870, CVE-2026-33871)
Security: Enforced stricter validation on token generation APIs to prevent unauthorized access
Platform: Fixed authentication token refresh issues causing session drops (notably in Safari environments)
Platform: Resolved failures in bulk indexing leading to 413 Request Too Large errors
Platform: Fixed issues with search index template creation and serialization impacting Data Quality indexing
Platform: Improved OAuth callback handling fallback logic for better stability
Discovery: Fixed inconsistencies in Tier filtering and tag aggregation logic
Discovery: Resolved UI access issues where restricted users could view tier/certification popovers
Governance: Fixed handling of non-boolean rule results and certification propagation issues
Data Observability: Fixed permission checks when creating Data Quality test cases
Ingestion: Fixed Airflow REST client connectivity issues impacting workflow execution
Ingestion: Resolved multiple connector issues including:
- ClickHouse datatype parsing
- Teradata column description ingestion
- Pinot double datatype handling
- S3 ingestion failure due to Pydantic validation (BucketArn field)
Ingestion: Improved handling of case sensitivity for table constraints during ingestion

Full Changelog: link

1.12.5 Release

13th April 2026

You can find the GitHub release here.

Changelog

Improvements

Governance: Refactor asset certification storage to tag_usage table for improved data integrity and reliability
Platform: Enhance Search Index performance and reliability
Platform: Add SAML metadata XML upload support
AI: Enforce payload size limits for vector embedding bulk operations
Platform: Improve reindex process memory usage and assign lower thread priority to reduce application impact

Fixes

Security: Bump MCP Java SDK from 1.1.0 to 1.1.1 to address CVE-2026-34237
Security: Upgrade netty-bom to 4.1.132.Final to address CVE-2026-33870 and CVE-2026-33871
Security: Enforce bot-type check on generateToken endpoint to prevent unauthorized JWT token generation
Security: Fix Vite vulnerability by upgrading to v7.3.2
Platform: Fix MSAL token renewal on Safari causing session loss due to ITP blocking
Platform: Ensure auth token is updated before retrying failed requests
Platform: Fix MCP OAuth callback servlet registration fallback
Platform: Fix runtime spacy model loading for non-root containers
Platform: Fix bulk sink serialization that broke Data Quality test case search indexing
Platform: Fix 413 Request Too Large errors via iterative bisection for large bulk indexing batches
Discovery: Fix tier and certification popovers accessible to view-only users on data asset header
Discovery: Fix Tier filter incorrectly combining getTags API with aggregation
Discovery: Improve export modal UX with inline errors and count loading state
Governance: Fix data-contract handling of non-Boolean semantics rule results and unsupported entity types
Governance: Fix certification tags leaking into tags field on LIST and missing appliedBy audit trail
Governance: Restore certification data in storeMany/updateMany before applying certification batch
Data Observability: Fix Data Quality permissions check for creating test cases
Ingestion: Fix Airflow REST Client connection issues
Ingestion: Fix Clickhouse LowCardinality DataType parsing
Ingestion: Fix Teradata column descriptions not being ingested
Ingestion: Fix Pinot DB double data type handling
Ingestion: Fix S3 ingestion failure caused by Pydantic validation error on BucketArn extra field
Ingestion: Improve Looker error handling with better warnings and credential protection in logs
Ingestion: Handle case sensitivity for table constraints during ingestion

Full Changelog: link

1.12.4 Release

31st March 2026

You can find the GitHub release here.

Improvements

Governance: Refactor asset certification storage to tag_usage table for improved data integrity and reliability #26448
Platform: Enhance Search Index performance and reliability #26669
Platform: Add SAML metadata XML upload support #26862
AI: Enforce payload size limits for vector embedding bulk operations #26943
Platform: Improve reindex process memory usage and assign lower thread priority to reduce application impact #27153

Fixes

Security: Bump MCP Java SDK from 1.1.0 to 1.1.1 to address CVE-2026-34237 #26886
Security: Upgrade netty-bom to 4.1.132.Final to address CVE-2026-33870 and CVE-2026-33871 #26938
Security: Enforce bot-type check on generateToken endpoint to prevent unauthorized JWT token generation #27078
Security: Fix Vite vulnerability by upgrading to v7.3.2 #27131
Platform: Fix MSAL token renewal on Safari causing session loss due to ITP blocking #27214
Platform: Ensure auth token is updated before retrying failed requests #27140
Platform: Fix MCP OAuth callback servlet registration fallback #26770
Platform: Fix runtime spacy model loading for non-root containers #26753
Platform: Fix bulk sink serialization that broke Data Quality test case search indexing #27202
Platform: Fix 413 Request Too Large errors via iterative bisection for large bulk indexing batches #27127
Discovery: Fix tier and certification popovers accessible to view-only users on data asset header #26880
Discovery: Fix Tier filter incorrectly combining getTags API with aggregation #26826
Discovery: Improve export modal UX with inline errors and count loading state #27096
Governance: Fix data-contract handling of non-Boolean semantics rule results and unsupported entity types #26850
Governance: Fix certification tags leaking into tags field on LIST and missing appliedBy audit trail #26876
Governance: Restore certification data in storeMany/updateMany before applying certification batch #26958
Data Observability: Fix Data Quality permissions check for creating test cases #27069
Ingestion: Fix Airflow REST Client connection issues #26895
Ingestion: Fix Clickhouse LowCardinality DataType parsing #26858
Ingestion: Fix Teradata column descriptions not being ingested #26695
Ingestion: Fix Pinot DB double data type handling #26680
Ingestion: Fix S3 ingestion failure caused by Pydantic validation error on BucketArn extra field #27180
Ingestion: Improve Looker error handling with better warnings and credential protection in logs #27236
Ingestion: Handle case sensitivity for table constraints during ingestion #27244

Full Changelog: link

1.12.3 Release

20th March 2026

You can find the GitHub release here.

Improvements

AI: Remove logging capability from MCP server
Discovery: Refactor search infrastructure to use canonical index aliases
Discovery: Add Metric entity type to Data Insights description coverage chart
Discovery: Add displayName search support and improve wildcard matching
Discovery: Users now inherit personas from their team memberships
Discovery: Service search now supports searching by display name in addition to service name
Discovery: Search placeholders in service tabs now dynamically reflect the asset type instead of the service name
Ingestion: Add support for S3 file paths in REST connector OpenAPI and config ingestion
Ingestion: Add SSRS connector for SQL Server Reporting Services
Integration: Added support for filtering cold storage files during datalake ingestion
Integration: Improved error handling to mark ingestion agents as failed when quota limits are exceeded
Integration: Enhanced Kafka Connect lineage to support wildcard file name matching for storage services
Integration: Added StorageServices entity support to the Python client SDK
Integration: Added support for dataflow to database table lineage in Power BI
Integration: Limited records summary logging to prevent out-of-memory failures in ingestion agents
Data Observability: Improved layout responsiveness for test case and test suite summary cards in Data Quality
Data Observability: Migrated Data Insights entity pagination from offset-based to keyset pagination to prevent sort buffer exhaustion
Data Observability: Increased notification template body size limit to 64KB
Data Observability: Enabled Quartz JDBC clustering to prevent duplicate event processing in high availability deployments
Data Observability: Pipeline logs breadcrumb and title now display entity display names instead of IDs
Data Observability: Aligned observability alerts and incident manager header styles with data quality page design
Governance: Activity feeds now correctly record the actual user for bulk asset operations on domains, data products, and teams
Platform: Improved server URL sanitization for deploy pipeline API calls
Platform: Improved Azure AD SSO logout to properly terminate IdP sessions
Platform: Implemented canvas-based edge rendering to significantly improve column-level lineage page performance for large tables

Fixes

AI: Ensure glossary terms created via MCP generate change events correctly
Data Observability: Enable gzip compression on AWS IAM OpenSearch transport
Data Observability: Fix Trino dimension test case execution with EXPRESSION_NOT_AGGREGATE error
Governance: Add conditional rendering for ClassificationDetails GenericProvider
Governance: Fixed glossary status filtering to properly handle large numbers of glossary terms (3000+) by moving filtering logic to the backend
Ingestion: Fix column ingestion for nested NUMERIC types under RECORD columns in BigQuery
Ingestion: Fix Glue ingestion failure on nested STRUCT columns
Ingestion: Fix Hive ingestion for array columns with null arrayDataType
Ingestion: Fix lineage parser handling of CTEs in INSERT … WITH statements
Integration: Fixed Trino ingestion to no longer require owner permissions when fetching view definitions
Integration: Fixed agent status display to accurately show the last 5 runs
Integration: Fixed auto-classification workflow registration in the ingestion-base image
Integration: Resolved Hive ingestion failures caused by duplicate column names when partition keys are present
Integration: Resolved Redshift lineage agent errors caused by LISTAGG result size limits
Integration: Fixed QuickSight ingestion to properly handle multiple datasets on the same datasource without collapsing them into a single DataModel
Discovery: Fixed asset count discrepancies for teams across different views
Platform: Fix audit log entries for accepted suggestions
Platform: Resolved issue where assets were missing from search results and lineage was not visible
Platform: Corrected Java client to return paginated list of ingestion pipelines instead of a single object
Platform: Fixed metric search indexing failures due to excessive nested clauses

Full Changelog: link

1.12.1 Release

22nd February 2026

You can find the GitHub release here.

Features

AI Studio (Collate - Beta)

Collate already hosted AI Agents that users could control via Applications, to generate descriptions, add Tiers, and Data Quality tests. AI Studio now provides visibility and control over AI agents powering the data platform.With AI Studio, users can customize the prompts of these agents so their output aligns with organizational needs. Moreover, admins can create new AI agents with specific behavior, capabilities and prompts, that can be executed or embedded in external AI Platforms thanks to the Metadata AI SDK.

Metadata AI SDK

The Metadata AI SDK enables programmatic access to Collate’s AI agents and semantic layer, allowing teams to build custom chatbots, automate governance tasks, and integrate metadata intelligence into external applications. By creating Agents either via the UI in AI Studio or through the Metadata AI CLI, you can now access lineage information, quality metrics and business context through simple APIs based on Natural Language. The Metadata AI SDK is available via CLI and programmatic access in Java, Python, and Node.js. OpenMetadata users can also leverage the AI SDK by bringing MCP tooling easily into their langchain applications, adding all the necessary semantic intelligence into their agents!

Auto Classification with Custom Recognizers (Collate)

OpenMetadata already had an Auto Classification Metadata Agent that automatically tagged PII Sensitive data. With release 1.12, Collate brings the ability to create custom AI-powered recognizers for any classification using regex patterns, column names, and data content scanning. Moreover, users can report false positives with explanations, creating a feedback loop that improves model accuracy and ensures that the agent does not make the same mistakes again.

Data Quality Test Library

Release 1.12 takes Data Quality capabilities one step further than any other platform by letting admins create reusable, parameterized SQL-based test templates easily from the UI. Define tests once with parameters like table_name and column_name or any other custom parameter your users need, then apply consistently across multiple tables without rewriting SQL. Users can then apply these new tests via the UI, giving them centralized governance and standardized definitions for critical business rules organization-wide.

Data Diff Column/Row Analysis (Collate)

Granula tables ar visual comparison of differences between source and target column, row, and character level. Identify which columns were added, removed, or modified with side-by-side comparison. Drill down to specific rows and see character-level changes within fields. Visual diff interface accelerates troubleshooting and root cause analysis.

GitHub Metadata Sink (Collate - Beta)

Bring metadata under version control with automated Git commits for every metadata change in Collate. If you are using separate development and production environments, routing metadata changes through GitHub pull requests brings you a human in the loop experience for any event that you might want to push into higher environments via CICD.

Human & AI Audit Logs

While every asset already supported version history, OpenMetadata now supports a comprehensive audit logs track all user and AI agent actions across the platform. With a six-month retention, filtering by user, agent, time range, or action type as well as export capabilities, your governance teams can easily handle compliance reporting and security audits.

Column Bulk Operations

How can your teams keep up with an always growing and evolving Data Platform? Users can now aggregate identical column names across all asset types (tables, topics, containers, APIs, search indexes) in a single view to set descriptions, tags, and glossary terms for all instances simultaneously. This aggregate view also helps users detect inconsistencies where the same column has different definitions, as well as digging into specific elements by filtering operations by domain, tags or even metadata completeness.

Column Details Panel

Added an expandable details panel for columns. Users can now view column-level custom properties and metadata directly within the table view. The panel also includes a dedicated Data Quality section for quick visibility into column health. This eliminates the need to navigate away to access column details and quality insights.

Open Standards: ODCS 3.1 & OpenLineage Support

Import and export contracts in Open Data Contract Standard (ODCS) 3.1 format for interoperability with other tools. Collate’s contract specification extends ODCS with terms of service, semantic relationships, and ownership details while maintaining compatibility. OpenMetadata also accepts events from OpenLineage, so you can now easily bring any OpenLineage-compatible systems through native API integration and benefit from the broader metadata semantics available in the platform.

AskCollate Enhancements & MS Teams Integration (Collate)

Expanded entity support for Metrics, Knowledge Center articles, and Dashboard Data Models.
AskCollate now holds your company’s context from glossary terms, metrics, and knowledge center. Pushing towards your governance initiatives also improves your AI tooling and interactions!
Enhanced thinking transparency showing detailed reasoning process
MS Teams integration alongside existing Slack integration, allowing your users to interact with AskCollate directly where they are without having to jump from tool to tool.

Kubernetes Orchestrator

OpenMetadata now brings a Kubernetes Orchestrator for those users that don’t want to use Airflow to manage the Metadata Agents and other automations. With this new orchestrator, OpenMetadata doubles-down on a simplified deployment experience, while ensuring scalability and operational efficiency in production k8s environments.

MCP Tools & Semantic Search

We have added more tooling to OpenMetadata’s MCP, helping you to create lineage, as well as adding all necessary DQ tooling around test definitions, test case creation and Root Cause Analysis. We have also been working on the feedback shared on MCP from the community, so keep sharing your thoughts on how we can make MCP even better. Moreover, the 1.12 release brings Semantic Search into OpenMetadata! You can enable it in the configuration to create vector embeddings for your entities, supporting both Bedrock and OpenAI embeddings. On top of that, we have created an MCP tool for Semantic Search so that you can interact with these vectors in your applications!

New Connectors

Microsoft Fabric (beta): Connect to Microsoft’s unified data platform including Data Warehouse, Power BI, and pipelines
Dremio: Support for lakehouse platform with query engine and semantic layer integration
Mulesoft: Integration with API management platform for API metadata and lineage
SFTP: Catalog unstructured files alongside structured data
Redshift Serverless: Native support for Amazon’s serverless deployment option
StarRocks: Support for open-source analytical database

Additional Enhancements

Learning Resources (?): Contextual tutorials and videos throughout UI based on current page, with admin customization for organization-specific training materials
Lineage Improvements: Column-only filtering, edge highlighting on hover, stored procedure support in edit mode, faster SQL parsing for complex lineages
Explore Page Sidebar: Right-side navigation showing lineage, data quality details, and custom properties without leaving explore view
Metadata Exporter - Entity History (Collate): Export complete change tracking to data warehouses for custom dashboarding, running within customer networks
Test Case Import/Export: Bulk operations on data quality tests at table and multi-table levels
Data Contracts at Data Product Level: Define contracts once at data product level with automatic inheritance to all assets for Semantics, Terms of Use, Security and SLAs.
Distributed Search Indexing: Multiple application servers share indexing workload for improved scalability
Data Product Input/Output Ports: Support port specifications with lineage visualization for data flow
Timezone-Aware Freshness Tests: Set specific timezones on freshness tests to prevent UTC misalignment issues
SQL Studio - Postgres & Redshift Support (Collate): Adds Postgres and Redshift to existing Snowflake, Trino, and BigQuery support
Snowflake Dynamic Table System Metrics: Support for INSERT, UPDATE, DELETE metrics in profiler
Column Custom Properties: Side panel drawer interface with improved navigation.

Breaking Changes

OpenSearch/Elasticsearch Client have been upgraded — the Elasticsearch client to 9.x and the OpenSearch client to 3.x. Elasticsearch minimum is 9.0.0 (recommended 9.3.0), OpenSearch minimum is 3.0.0 (recommended 3.3.0)

Data Contract Schema Changes

Security, SLAs and Terms of Use can now be inherited from the Data Product’s Data Contract. To allow for this, we’ve added the ‘inherited’ property to Security and SLAs, and converted ‘termsOfUse’ from a simple Markdown field to an object that holds both the markdown information and the inheritance flag.

Helm

Updated Airflow section

From here, the ‘pipelineServiceClientConfig’ key, used to host directly Airflow configuration. Now we support also a native k8s orchestration engine, so we’ve added a ”pipelineServiceClientConfig’.type’ key to switch between “airflow” or “k8s”, and moved orchestrator-specific configurations into another nested level: “‘pipelineServiceClientConfig.airflow” and “‘pipelineServiceClientConfig.k8s”.Full Changelog: link

​Releases

Upgrade OpenMetadata

​Changelog

​🔒 Security

​🤖 MCP (Model Context Protocol)

​🔍 Search & Reindexing

​🔌 Connectors & Ingestion

​📖 Glossary

​🛡️ Data Governance & Quality

​🔔 Alerts & Notifications

​🔐 Authentication

​🧬 Lineage

​⚙️ Platform

​🎛️ UI

​What’s New

​MCP Services

​Knowledge Graph and RDF

​Search Index Performance and Live Indexing

​Ontology Explorer

​Typed Glossary Term Relations

​Data Marketplace

​AI and Hybrid Search

​Data Quality and Profiler

​Governance and Workflows

​New Connectors

​Connector Improvements

​Platform, Cache, and Operability

​Columns as Independent Entities

​Upgrade Notes and Breaking Changes

​Connector and Ingestion Changes

​API and Schema Changes

​Operational Notes

​Bug Fixes

​Search and Reindexing

​Glossary, Tags, and Governance

​Data Quality and Profiler

​Ingestion and Connectors

​UI and UX

​Security and Dependencies

​Changelog

​🔒 Security

​🔍 Search & Performance

​🧬 Lineage

​📖 Glossary

​🔐 Authentication

​🛡️ Data Governance & Quality

​⚙️ Apps & Ingestion

​🎛️ UI

​🔌 Connectors

​Changelog

​🔒 Security patches

​🔌 MCP fixes

​🛠 API and backend fixes

​🔍 Search and indexing fixes

​🎨 UI and UX fixes

​✈️ Ingestion fixes

​🔌 Connectors

​🤖 AI enhancements

​🐛 General bug fixes

​Changelog

​🔒 Security patches

​🔌 MCP enhancements

​🛠 API and migration fixes

​🔍 Search and indexing fixes

​🎨 UI and UX fixes

​🐛 General bug fixes

​📦 Dependencies and infrastructure

​Changelog

​✨ New Features

​🔒 Security

​🎨 UI Changes

​🔌 Connectors

​🛠 API (Backend)

​Changelog

​⚠️ Backward Incompatible / Notable Behavior Changes

​🔒 Security (Vulnerability Remediation)

​🎨 UI Changes

​🔌 Connectors

​🛠 API (Backend)

​Changelog

Releases

Changelog

🔒 Security

🤖 MCP (Model Context Protocol)

🔍 Search & Reindexing

🔌 Connectors & Ingestion

📖 Glossary

🛡️ Data Governance & Quality

🔔 Alerts & Notifications

🔐 Authentication

🧬 Lineage

⚙️ Platform

🎛️ UI

What’s New

MCP Services

Knowledge Graph and RDF

Search Index Performance and Live Indexing

Ontology Explorer

Typed Glossary Term Relations

Data Marketplace

AI and Hybrid Search

Data Quality and Profiler

Governance and Workflows

New Connectors

Connector Improvements

Platform, Cache, and Operability

Columns as Independent Entities

Upgrade Notes and Breaking Changes

Connector and Ingestion Changes

API and Schema Changes

Operational Notes

Bug Fixes

Search and Reindexing

Glossary, Tags, and Governance

Data Quality and Profiler

Ingestion and Connectors

UI and UX

Security and Dependencies

Changelog

🔒 Security

🔍 Search & Performance

🧬 Lineage

📖 Glossary

🔐 Authentication

🛡️ Data Governance & Quality

⚙️ Apps & Ingestion

🎛️ UI

🔌 Connectors

Changelog

🔒 Security patches

🔌 MCP fixes

🛠 API and backend fixes

🔍 Search and indexing fixes

🎨 UI and UX fixes

✈️ Ingestion fixes

🔌 Connectors

🤖 AI enhancements

🐛 General bug fixes

Changelog

🔒 Security patches

🔌 MCP enhancements

🛠 API and migration fixes

🔍 Search and indexing fixes

🎨 UI and UX fixes

🐛 General bug fixes

📦 Dependencies and infrastructure

Changelog

✨ New Features

🔒 Security

🎨 UI Changes

🔌 Connectors

🛠 API (Backend)

Changelog

⚠️ Backward Incompatible / Notable Behavior Changes

🔒 Security (Vulnerability Remediation)

🎨 UI Changes

🔌 Connectors

🛠 API (Backend)

Changelog

⚠️ Backward Incompatible / Notable Behavior Changes