Release Notes
Looking for breaking changes that might impact your Palette upgrade? Visit the Find Breaking Changes page for a filtered view of relevant updates.
To view release notes for a specific Palette version, use the version selector below.
November 22, 2025 - Release 4.8.0 - 4.8.6
Security Notices
- Review the Security Bulletins page for the latest security advisories.
Palette Enterprise
Breaking Changes
-
When creating EKS clusters, the default Amazon Machine Image (AMI) Type is now Amazon Linux 2023 (AL2023) Standard AMI. This change aligns with the upcoming deprecation of Amazon Linux 2 (AL2) AMIs. A deprecation warning now appears for AL2 AMIs in the Amazon Machine Image (AMI) Type drop-down menu within Cloud Configuration Settings.
-
System configuration API endpoints can now only be accessed using privileged authorization tokens. These API endpoints expose critical system details, so access to them is strictly enforced. Users with general access authorization tokens are no longer able to access these endpoints.
-
All Palette and VerteX Clouds API endpoints now require authorization tokens for all requests. Existing integrations must be updated to provide valid authorization tokens, as unauthenticated API calls will now fail.
Features
-
EKS Pod Identity is now a supported authentication method for AWS cloud accounts. This secure authentication mechanism allows Kubernetes pods to assume IAM roles with temporary, automatically refreshed credentials, eliminating the need for long-lived AWS credentials.
This method is only available for self-hosted Palette and Palette VerteX instances deployed on Amazon EKS clusters. Refer to the Add AWS Accounts guide for more information.
-
Cluster profile variables now support the multiline input type and the Base64 format. This improvement allows users to leverage cluster profile variables for use cases such as saving multiline YAML specifications and storing encoded keys for use during cluster creation.
Improvements
-
Project tags are now displayed in the Project Overview page and the Tenant Admin > Projects page in Palette. This improvement allows users to identify projects based on their tags. Refer to the Project Tags section for more information.
-
Palette now provides the ability to upgrade the vCluster version of your virtual clusters, allowing you to leverage newly introduced features without having to create new cluster groups or migrate workloads. Refer to the Upgrade Cluster Groups guide for further information.
-
Palette has now implemented a mechanism for evacuating and migrating the control planes for MAAS clusters using LXD VMs, reducing high-availability risks during host repaves. This improvement is critical for Day-2 lifecycle operations such as upgrades or repaves.
-
The Palette Management Appliance and VerteX Management Appliance now include the latest Terminal User Interface (TUI). For more details, refer to Initial Edge Host Configuration with Palette TUI.
- Certificate renewal for clusters provisioned using Palette Optimized K3S and RKE2 can now be triggered externally from Kubernetes. This is applicable for both Edge and public cloud clusters.
Bug Fixes
-
Fixed an issue that caused Palette Management Appliance and VerteX Management Appliance to sometimes create an inconsistent number of LINSTOR resources.
-
Fixed an issue that caused some self-hosted Palette and VerteX installations to fail to due to a Helm template rendering error.
- Fixed an issue that caused Palette UI errors related to YAML marshalling when accepting cluster profile updates for cluster profiles configured using the Spectro Proxy pack.
-
Fixed an issue that prevented
ipclaimresources from being deleted when repaving VMware clusters. -
Fixed an issue that prevented the Palette UI from displaying metrics for EKS clusters due to incorrect security group rules.
-
Fixed an issue that prevented rotated IAM keys in AWS cloud accounts from being updated on deployed AWS clusters.
Edge
The CanvOS version corresponding to the 4.8.6 Palette release is 4.8.1.
Improvements
-
The Terminal User Interface (TUI) is now always enabled and features a new landing page that displays system information. It also adds support for configuring Virtual Local Area Networks (VLANs). The
stylus.includeTuiflag inuser-datahas been deprecated as a result of these changes. For more details, refer to Initial Edge Host Configuration with Palette TUI. -
CanvOS now provides support for FIPS-compiled Ubuntu 22.04. This is important for users who want to enforce FIPS 140-3 compliance.
Bug Fixes
- Fixed an issue that caused pack reconciliation to fail in locally managed Edge clusters provisioned with cluster profiles containing duplicate packs.
VerteX
Features
- Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.
Automation
Check out the CLI Tools page to find the compatible version of the Palette CLI.
Features
-
Terraform version 0.25.3 of the Spectro Cloud Terraform provider is now available. For more details, refer to the Terraform provider release page.
-
Crossplane version 0.25.3 of the Spectro Cloud Crossplane provider is now available.
-
The Spectro Cloud Terraform
provider now supports cluster
templates.- The
spectrocloud_cluster_config_policydata source implements maintenance policies. - The
spectrocloud_cluster_config_templatedata source implements cluster templates. - Cluster resources now have the
cluster_templatefield to support the configuration of cluster templates.
- The
-
The
spectrocloud_cloudaccount_awsTerraform resource now supports EKS Pod Identities.
Bug Fixes
- Fixed an issue that caused the
spectrocloud_cluster_groupTerraform resource to fail to save cluster state when a Loadbalancer was configured.
Docs and Education
- The new Find Breaking Changes for Palette Upgrades page contains an interactive component that allows users to list breaking changes between two Palette releases. Use it as guidance for upgrading dedicated SaaS or self-hosted Palette and Palette VerteX installations.
Packs
Deprecations and Removals
- The Nginx pack is now deprecated. Use the Kgateway pack as an alternative. Refer to the Ingress NGINX Retirement: What You Need to Know blog for further information.
Pack Notes
- The Harbor pack version 1.16.2 now supports password auto-generation.
- The Spectro RBAC pack version 1.0.1 now supports CPU, memory, and storage resource quota specifications.
| Pack Name | Layer | Non-FIPS | FIPS | New Version |
|---|---|---|---|---|
| Amazon EBS CSI | CSI | ✅ | ❌ | 1.51.0 |
| Calico | CNI | ❌ | ✅ | 3.31.0 |
| Crossplane | Add-on | ✅ | ❌ | 2.0.1 |
| External Secrets Operator | Add-on | ✅ | ❌ | 0.20.4 |
| Flux2 | Add-on | ✅ | ❌ | 2.17.1 |
| Kgateway | Add-on | ✅ | ❌ | 2.2.1 |
| Prometheus Agent | Add-on | ✅ | ❌ | 27.42.1 |
| Prometheus - Grafana | Add-on | ✅ | ❌ | 79.0.1 |
| Reloader | Add-on | ✅ | ❌ | 1.4.10 |
| Spectro RBAC | Add-on | ✅ | ❌ | 1.0.1 |
| Ubuntu (Azure) | OS | ✅ | ❌ | 24.04 |
| Ubuntu (vSphere) | OS | ✅ | ❌ | 24.04 |