With this update, the Keycloak backend plugin supports OpenTelemetry metrics, which monitors fetch operations and diagnoses potential issues.

The available counters include the following:

These counters include the taskInstanceId label, which uniquely identifies each scheduled fetch task, and allows you to trace failures back to individual task executions.

Example configuration:

backend_keycloak_fetch_data_batch_failure_count_total{taskInstanceId="df040f82-2e80-44bd-83b0-06a984ca05ba"} 1

You can export metrics using any OpenTelemetry-compatible backend, such as Prometheus.

With this update, a new configurable field, sessionDuration, has been introduced in the supported authentication providers. This allows administrators to specify custom user session durations, enabling better control over session timeouts and enforced logouts. Additionally, the default maximum age of the refresh token cookie has been reduced to 400 days to align with the modern web browser policies.

For more information, see Authentication in Red Hat Developer Hub.

Red Hat Developer Hub now supports the extension or replacement of version information on the settings page. This feature allows customers and partners to replace the version information on the settings page with their own versions.

Red Hat Developer Hub 1.6 introduces an enhancement to the RBAC and Bulk Import plugins, enabling users to utilize Backstage's new Auditor service. The key features include: ​

The audit log format has been updated to align with the new Auditor service conventions. Audit fields and event identifiers have been updated. Filtering queries based on the old format may no longer function as expected.​

The audit log is now backed by the @backstage/backend-plugin-api package.​

The Bulk Import backend plugin and RBAC backend plugin emit audit events for various operations, with the events grouped logically by eventId.​

The term Create has been renamed to Self-service across key UI areas to better align with the self-service functionality provided through the Backstage scaffolder, enhancing clarity for users.

This change applies to the following areas:

With this update, the Extensions catalog now displays the default configuration of included plugins directly in Red Hat Developer Hub. This feature helps administrators better understand available plugins and their configuration options before enabling them. While plugin configurations are now visible, administrators still need to manually copy these configurations into their Helm Charts or Operator custom resource to install or configure a plugin.

Previously, deploying Developer Hub using the Operator required manually configuring the baseUrl settings in the custom app-config ConfigMap.

With this update, the Operator can now automatically compute the default application URL based on the OpenShift cluster ingress domain and the custom Route settings in the Backstage Custom Resource. It will then populate this as the default baseUrl in the app-config ConfigMap that it generates for the Developer Hub instance. This functionality is specific to OpenShift. The Operator fills the following fields in the default app-config ConfigMap: app.baseUrl, backend.baseUrl, and backend.cors.origin. As a result, this eliminates the need to manually set such values for most Operator-backed deployments on OpenShift, though you can still override these settings in your custom app-config ConfigMap.

Red Hat Developer Hub now supports a clean and flexible way to hide sidebar items using a new enabled key in the sidebar menu configuration. If set to false, the specified sidebar item will no longer appear in the UI, while maintaining full backward compatibility with existing configurations.

Example configuration:

dynamicPlugins:
  frontend:
    default.main-menu-items:
      menuItems:
        default.home:
          title: Home
          icon: home
          enabled: false
        default.list:
          title: References
          icon: bookmarks
        default.my-group:
          parent: default.list
        default.learning-path:
          parent: default.list
          title: ''
        default.homepage:
          title: HomePage 123
          icon: home
          enabled: false
        default.create:
          title: Create
          icon: add
          parent: default.homepage

You can now also toggle visibility of core sidebar elements like the logo, search, settings, and administration as shown:

app:
  sidebar:
    search: false           # hides sidebar search
    logo: false             # hides sidebar logo
    settings: false         # hides settings item
    administration: false   # hides administration item

The Developer Hub community plugins have been updated to Backstage version 1.36.

Red Hat Developer Hub introduces a new RBAC conditional rule, IS_OWNER, that allows administrators to assign ownership to roles and control access to the RBAC plugin. This enhancement enables more granular access control by allowing ownership-based filtering of roles, permission policies, and conditional policies.

This enhancement removes the resource type from the policy.entity.create permission, preventing conditional rules from being applied to the permission. You can update all permission policies that utilize the resource type policy-entity with the action create (for example role:default/some_role, policy-entity, create, allow to role:default/some_role, policy.entity.create, create, allow) to prevent degradation in the future.

Red Hat Developer Hub now supports high availability setups in Microsoft Azure Kubernetes Service (AKS). This enhancement allows the deployment to scale beyond a single replica, ensuring the application remains operational and accessible even in the event of failures or disruptions.

For more information, see Configuring high availability in Red Hat Developer Hub.

Red Hat Developer Hub now supports the @backstage/plugin-scaffolder-backend-module-github plugin, enabling GitHub Actions within software templates. With this integration, you can securely create and manage repositories, open pull requests, trigger GitHub Actions workflows, and more, all directly from the software template. This plugin empowers users to automate GitHub interactions and workflows with ease.

With this update, the default resolver for OIDC sign-in is set to oidcSubClaimMatchingKeycloakUserId to enhance security. This resolver is now also available as a configurable option under the sign-in resolver settings.

With this update, Developer Hub introduces the @backstage-community/plugin-scaffolder-backend-module-kubernetes plugin as a dynamic plugin, enabling Backstage template actions for Kubernetes. Currently, it includes the create-namespace action. This dynamic plugin is disabled by default.

For more information, see Kubernetes custom actions in Red Hat Developer Hub.

Previously, the Topology plugin used topology.view.read permission to control access. Users were unable to configure Topology permissions using the RBAC UI. With this update, users can configure Kubernetes plugin permissions using the RBAC UI, which now governs the access to the Topology plugin. You can now use Kubernetes plugin permissions kubernetes.clusters.read, kubernetes.resources.read and kubernetes.proxy for the Topology plugin, as the Topology-specific permission topology.view.read is removed.

If you are using a CSV permission file, update the following lines:

p, role:default/topology-viewer, topology.view.read, read, allow
p, role:default/topology-viewer, kubernetes.proxy, use, allow

p, role:default/topology-viewer, kubernetes.clusters.read, read, allow
p, role:default/topology-viewer, kubernetes.resources.read, read, allow
p, role:default/topology-viewer, kubernetes.proxy, use, allow

The Auditor format, including audit fields and event names, and IDs, has been updated to align with the new Auditor service conventions defined by the upstream Backstage Auditor Service. Filtering queries based on the old format may fail to work as expected.

Red Hat Developer Hub 1.6 introduces the Backstage Audit Log Service, which replaces the custom audit logging system. This is a significant structural and behavioral change to how audit events are generated and consumed.

The key changes introduced by this transition include the following:

Previously, the Tekton plugin used tekton.view.read permission to control access. Users were unable to configure Tekton permissions using the RBAC UI. With this update, users can configure Kubernetes plugin permissions using the RBAC UI, which now governs the access to the Tekton plugin. You can now use Kubernetes plugin permissions kubernetes.clusters.read, kubernetes.resources.read and kubernetes.proxy for the Tekton plugin, as the Tekton-specific permission tekton.view.read is removed.

If you are using a CSV permission file, update the following lines:

p, role:default/tekton-viewer, tekton.view.read, read, allow
p, role:default/tekton-viewer, kubernetes.proxy, use, allow

p, role:default/tekton-viewer, kubernetes.clusters.read, read, allow
p, role:default/tekton-viewer, kubernetes.resources.read, read, allow
p, role:default/tekton-viewer, kubernetes.proxy, use, allow

The use of dynamic imports with import(…​) has been deprecated and is no longer supported. The Backstage CLI supports native ESM in Node.js code, giving access to the importing of ESM-only packages. Therefore, you must now use require(…​) as typeof import(…​) when working with ESM or CommonJS packages.

Red Hat Developer Hub Local (RHDH Local) is now available as a Developer Preview feature, providing a lightweight, self-contained version of RHDH that allows developers and platform engineers to work on templates, try out plugins, validate software catalogs, and do other tasks without having to install Developer Hub on a Kubernetes cluster.

For more information about installing RHDH Local, see Red Hat Developer Hub Local on Github.