Red Hat Developer Hub release notes
Release notes for Red Hat Developer Hub 1.6
Abstract
- 1. New features
- 1.1. OpenTelemetry metrics support added to the Keycloak backend plugin
- 1.2. Enhanced session duration control and refresh token cookie policy
- 1.3. Support for custom version information on the settings page
- 1.4. Updated Auditor Service
- 1.5. Renamed
Create
toSelf-service
- 1.6. Enhanced plugin visibility in the Extensions catalog
- 1.7. Simplify Operator-backed deployments on OpenShift with automatic
baseUrl
configuration - 1.8. New sidebar item visibility configuration
- 1.9. Developer Hub community plugins updated to Backstage 1.36
- 1.10. Added a new RBAC conditional rule
IS_OWNER
to RBAC plugin - 1.11. Support for high availability in Microsoft Azure Kubernetes Service
- 1.12. Added
@backstage/plugin-scaffolder-backend-module-github
plugin for Developer Hub - 1.13. Default OIDC sign-in resolver updated
- 1.14. New dynamic plugin for Kubernetes scaffolder actions
- 2. Breaking changes
- 3. Deprecated functionalities
- 4. Developer Preview
- 5. Fixed issues
- 6. Fixed security issues
Red Hat Developer Hub (Developer Hub) 1.6 is now generally available. Developer Hub is a fully supported, enterprise-grade productized version of upstream Backstage v1.36.1. You can access and download the Red Hat Developer Hub application from the Red Hat Customer Portal or from the Ecosystem Catalog.
1. New features
This section highlights new features in Red Hat Developer Hub 1.6.
1.1. OpenTelemetry metrics support added to the Keycloak backend plugin
With this update, the Keycloak backend plugin supports OpenTelemetry metrics, which monitors fetch operations and diagnoses potential issues.
The available counters include the following:
-
backend_keycloak_fetch_task_failure_count_total
: Counts fetch task failures where no data was returned due to an error. -
backend_keycloak_fetch_data_batch_failure_count_total
: Counts partial data batch failures. Even if some batches fail, the plugin continues fetching others.
These counters include the taskInstanceId
label, which uniquely identifies each scheduled fetch task, and allows you to trace failures back to individual task executions.
Example configuration:
backend_keycloak_fetch_data_batch_failure_count_total{taskInstanceId="df040f82-2e80-44bd-83b0-06a984ca05ba"} 1
You can export metrics using any OpenTelemetry-compatible backend, such as Prometheus.
1.2. Enhanced session duration control and refresh token cookie policy
With this update, a new configurable field, sessionDuration
, has been introduced in the supported authentication providers. This allows administrators to specify custom user session durations, enabling better control over session timeouts and enforced logouts. Additionally, the default maximum age of the refresh token cookie has been reduced to 400 days to align with the modern web browser policies.
For more information, see Authentication in Red Hat Developer Hub.
1.3. Support for custom version information on the settings page
Red Hat Developer Hub now supports the extension or replacement of version information on the settings page. This feature allows customers and partners to replace the version information on the settings page with their own versions.
1.4. Updated Auditor Service
Red Hat Developer Hub 1.6 introduces an enhancement to the RBAC and Bulk Import plugins, enabling users to utilize Backstage's new Auditor service. The key features include:
- Audit log format update:
The audit log format has been updated to align with the new Auditor service conventions. Audit fields and event identifiers have been updated. Filtering queries based on the old format may no longer function as expected.
- Backend Plugin API integration:
The audit log is now backed by the @backstage/backend-plugin-api
package.
- Audit events Grouping:
The Bulk Import backend plugin and RBAC backend plugin emit audit events for various operations, with the events grouped logically by eventId
.
1.5. Renamed Create
to Self-service
The term Create
has been renamed to Self-service
across key UI areas to better align with the self-service functionality provided through the Backstage scaffolder, enhancing clarity for users.
This change applies to the following areas:
- Sidebar navigation
- Global header
- Catalog page
- Scaffolder page
1.6. Enhanced plugin visibility in the Extensions catalog
With this update, the Extensions catalog now displays the default configuration of included plugins directly in Red Hat Developer Hub. This feature helps administrators better understand available plugins and their configuration options before enabling them. While plugin configurations are now visible, administrators still need to manually copy these configurations into their Helm Charts or Operator custom resource to install or configure a plugin.
1.7. Simplify Operator-backed deployments on OpenShift with automatic baseUrl
configuration
Previously, deploying Developer Hub using the Operator required manually configuring the baseUrl
settings in the custom app-config ConfigMap.
With this update, the Operator can now automatically compute the default application URL based on the OpenShift cluster ingress domain and the custom Route settings in the Backstage
Custom Resource. It will then populate this as the default baseUrl
in the app-config ConfigMap that it generates for the Developer Hub instance. This functionality is specific to OpenShift. The Operator fills the following fields in the default app-config ConfigMap: app.baseUrl
, backend.baseUrl
, and backend.cors.origin
. As a result, this eliminates the need to manually set such values for most Operator-backed deployments on OpenShift, though you can still override these settings in your custom app-config ConfigMap.
1.8. New sidebar item visibility configuration
Red Hat Developer Hub now supports a clean and flexible way to hide sidebar items using a new enabled key in the sidebar menu configuration. If set to false, the specified sidebar item will no longer appear in the UI, while maintaining full backward compatibility with existing configurations.
Example configuration:
dynamicPlugins: frontend: default.main-menu-items: menuItems: default.home: title: Home icon: home enabled: false default.list: title: References icon: bookmarks default.my-group: parent: default.list default.learning-path: parent: default.list title: '' default.homepage: title: HomePage 123 icon: home enabled: false default.create: title: Create icon: add parent: default.homepage
You can now also toggle visibility of core sidebar elements like the logo, search, settings, and administration as shown:
app: sidebar: search: false # hides sidebar search logo: false # hides sidebar logo settings: false # hides settings item administration: false # hides administration item
1.9. Developer Hub community plugins updated to Backstage 1.36
The Developer Hub community plugins have been updated to Backstage version 1.36.
1.10. Added a new RBAC conditional rule IS_OWNER
to RBAC plugin
Red Hat Developer Hub introduces a new RBAC conditional rule, IS_OWNER
, that allows administrators to assign ownership to roles and control access to the RBAC plugin. This enhancement enables more granular access control by allowing ownership-based filtering of roles, permission policies, and conditional policies.
This enhancement removes the resource type from the policy.entity.create
permission, preventing conditional rules from being applied to the permission. You can update all permission policies that utilize the resource type policy-entity
with the action create
(for example role:default/some_role, policy-entity, create, allow
to role:default/some_role, policy.entity.create, create, allow
) to prevent degradation in the future.
1.11. Support for high availability in Microsoft Azure Kubernetes Service
Red Hat Developer Hub now supports high availability setups in Microsoft Azure Kubernetes Service (AKS). This enhancement allows the deployment to scale beyond a single replica, ensuring the application remains operational and accessible even in the event of failures or disruptions.
For more information, see Configuring high availability in Red Hat Developer Hub.
1.12. Added @backstage/plugin-scaffolder-backend-module-github
plugin for Developer Hub
Red Hat Developer Hub now supports the @backstage/plugin-scaffolder-backend-module-github
plugin, enabling GitHub Actions within software templates. With this integration, you can securely create and manage repositories, open pull requests, trigger GitHub Actions workflows, and more, all directly from the software template. This plugin empowers users to automate GitHub interactions and workflows with ease.
1.13. Default OIDC sign-in resolver updated
With this update, the default resolver for OIDC sign-in is set to oidcSubClaimMatchingKeycloakUserId
to enhance security. This resolver is now also available as a configurable option under the sign-in resolver settings.
1.14. New dynamic plugin for Kubernetes scaffolder actions
With this update, Developer Hub introduces the @backstage-community/plugin-scaffolder-backend-module-kubernetes plugin as a dynamic plugin, enabling Backstage template actions for Kubernetes. Currently, it includes the create-namespace action. This dynamic plugin is disabled by default.
For more information, see Kubernetes custom actions in Red Hat Developer Hub.
2. Breaking changes
This section lists breaking changes in Red Hat Developer Hub 1.6.
2.1. The Topology-specific permission topology.view.read
is removed
Previously, the Topology plugin used topology.view.read
permission to control access. Users were unable to configure Topology permissions using the RBAC UI. With this update, users can configure Kubernetes plugin permissions using the RBAC UI, which now governs the access to the Topology plugin. You can now use Kubernetes plugin permissions kubernetes.clusters.read
, kubernetes.resources.read
and kubernetes.proxy
for the Topology plugin, as the Topology-specific permission topology.view.read
is removed.
If you are using a CSV permission file, update the following lines:
Old Topology permission definition
p, role:default/topology-viewer, topology.view.read, read, allow p, role:default/topology-viewer, kubernetes.proxy, use, allow
New Topology permission definition
p, role:default/topology-viewer, kubernetes.clusters.read, read, allow p, role:default/topology-viewer, kubernetes.resources.read, read, allow p, role:default/topology-viewer, kubernetes.proxy, use, allow
Additional resources
2.2. Migration to the core Auditor service
The Auditor format, including audit fields and event names, and IDs, has been updated to align with the new Auditor service conventions defined by the upstream Backstage Auditor Service. Filtering queries based on the old format may fail to work as expected.
Additional resources
2.3. Red Hat Developer Hub introduces the Backstage Audit Log Service
Red Hat Developer Hub 1.6 introduces the Backstage Audit Log Service, which replaces the custom audit logging system. This is a significant structural and behavioral change to how audit events are generated and consumed.
The key changes introduced by this transition include the following:
- Audit logging is now delegated to Backstage plugins. Each plugin in Backstage is responsible for implementing and emitting its own audit events.
- Audit event names, structure, and content may differ per plugin. Audit events are scoped and designed independently within each plugin using the standardized upstream mechanism, which automatically captures actor details and plugin context.
-
New Event Structure and Naming: Audit event names now follow Backstage’s conventions (for example, lowercase, kebab-case names), and include structured metadata such as
actionType
. Legacy Developer Hub event names (for example,ScaffolderTaskCreation
,CatalogEntityDeletion
) are no longer used. - Enhanced Log Context: Each audit event includes the plugin context, making it easier to filter logs for specific functional areas. You can filter by the event IDs or metadata associated with that plugin.
Additional resources
2.4. The Tekton-specific permission tekton.view.read
is removed
Previously, the Tekton plugin used tekton.view.read
permission to control access. Users were unable to configure Tekton permissions using the RBAC UI. With this update, users can configure Kubernetes plugin permissions using the RBAC UI, which now governs the access to the Tekton plugin. You can now use Kubernetes plugin permissions kubernetes.clusters.read
, kubernetes.resources.read
and kubernetes.proxy
for the Tekton plugin, as the Tekton-specific permission tekton.view.read
is removed.
If you are using a CSV permission file, update the following lines:
Old Tekton permission definition
p, role:default/tekton-viewer, tekton.view.read, read, allow p, role:default/tekton-viewer, kubernetes.proxy, use, allow
New Tekton permission definition
p, role:default/tekton-viewer, kubernetes.clusters.read, read, allow p, role:default/tekton-viewer, kubernetes.resources.read, read, allow p, role:default/tekton-viewer, kubernetes.proxy, use, allow
Additional resources
3. Deprecated functionalities
This section lists deprecated functionalities in Red Hat Developer Hub 1.6.
3.1. Deprecation of dynamic imports with import(…)
The use of dynamic imports with import(…)
has been deprecated and is no longer supported. The Backstage CLI supports native ESM in Node.js code, giving access to the importing of ESM-only packages. Therefore, you must now use require(…)
as typeof import(…)
when working with ESM or CommonJS packages.
Additional resources
4. Developer Preview
This section lists Developer Preview features in Red Hat Developer Hub 1.6.
Developer Preview features are not supported by Red Hat in any way and are not functionally complete or production-ready. Do not use Developer Preview features for production or business-critical workloads. Developer Preview features provide early access to functionality in advance of possible inclusion in a Red Hat product offering. Customers can use these features to test functionality and provide feedback during the development process. Developer Preview features might not have any documentation, are subject to change or removal at any time, and have received limited testing. Red Hat might provide ways to submit feedback on Developer Preview features without an associated SLA.
For more information about the support scope of Red Hat Developer Preview features, see Developer Preview Support Scope.
4.1. Red Hat Developer Hub Local
Red Hat Developer Hub Local (RHDH Local) is now available as a Developer Preview feature, providing a lightweight, self-contained version of RHDH that allows developers and platform engineers to work on templates, try out plugins, validate software catalogs, and do other tasks without having to install Developer Hub on a Kubernetes cluster.
For more information about installing RHDH Local, see Red Hat Developer Hub Local on Github.
Additional resources
- For more information, see the blog post, Run Red Hat Developer Hub Locally with Ease
Additional resources
5. Fixed issues
This section lists issues fixed in Red Hat Developer Hub 1.6.
5.1. Fixed issues in 1.6.1
5.1.1. Fixed Profile dropdown showing Guest
instead of user’s name with OIDC authentication
Previously, the Profile dropdown in the Global Header showed Guest
instead of the logged-in user’s display name when logging in using the OIDC authentication.
With this update, the Profile dropdown now correctly displays the user’s name by first checking spec.profile.displayName
, then metadata.title
, and finally falls back to the name shown on the Profile card in the Settings page if neither is available.
Additional resources
5.1.2. ArgoCD plugin permission and Quay plugin permission are not displayed in the RBAC front-end UI
Previously, permissions associated only with front-end-only plugins did not appear in the RBAC front-end UI because they required a backend plugin to expose the permission framework's well-known endpoint.
With this update, you can apply these permissions by using a CSV file or directly calling the REST API of the RBAC backend plugin. Affected plugins include ArgoCD (argocd.view.read
) and Quay (quay.view.read
).
Additional resources
5.1.3. Fixed incorrect branding in 1.6.0 Helm chart release
Previously, the upstream branding was used instead of Red Hat branding when releasing the 1.6.0 Helm chart.
This is fixed in 1.6.1
Additional resources
5.2. Fixed issues in 1.6.0
5.2.1. Updated the air-gapped installation guide for non-OpenShift platforms
Previously, Red Hat Developer Hub documentation did not highlight the Developer Hub installation using Helm Chart in fully and partially air-gapped environments on supported Kubernetes platforms.
With this update, the documentation provides instructions for mirroring required container images, updating Helm values, and installing the chart, without relying on internet access.
Additional resources
5.2.2. Line wrapping enabled for long menu heading labels
Previously, menu items with long text such as Platform Engineer Services were cut off in the sidebar menu. With this update, line wrapping has been enabled for long menu heading labels, preventing the trimming and ensuring full text visibility.
Additional resources
5.2.3. Dynamic favicon configuration in app-config.yaml
is not displayed on the login page
Before this update, the app-config configuration app.branding.iconLogo
was not applied as the favicon in the browser.
This issue has been fixed, and the app-config configuration app.branding.iconLogo
now correctly sets the favicon in the browser.
Additional resources
5.2.4. Floating Action Button (FAB) positioned in the 'Bottom-Left' slot on Developer Hub
Previously, the Floating Action Button (FAB) appeared over the navigation sidebar when the slot was set to 'bottom-left'. This placement obstructed access to navigation elements, potentially hindering user interaction.
With this update, the FAB's position is adjusted to render adjacent to the navigation for the 'bottom-left' slot position. As a result, users can access navigation options without obstruction.
Additional resources
5.2.5. Manually added resolutions override resolutions added by --suppress-native-package
Earlier, the export-dynamic-plugin
command did not overwrite manually added resolutions, which could result in incorrect package dependencies in the exported dynamic plugin.
With this update, the package export-dynamic-plugin
overwrites manually added resolutions, ensuring backstage dependencies are hoisted and native dependencies are suppressed from the exported dynamic plugin.
Additional resources
5.2.6. Fixed unreachable links in the Operator installation information page on the OpenShift Container Platform console
Previously, the Developer Hub Operator details page in the OpenShift Container Platform web console contained links to some pages that could not be reached outside of the Red Hat network. With this update, the links in the Operator installation information page are fixed.
Additional resources
6. Fixed security issues
You can view the security issues fixed in Red Hat Developer Hub 1.6 at Red Hat Security Updates.
For 1.6.0, see Red Hat Security Advisory RHSA-2025:7626.