2026.06.01 Release Notes
Assets
Docker Images
- Registry Service:
istaridigital.jfrog.io/customer-docker/registry-service:10.21.1 - Secure Connection Service:
istaridigital.jfrog.io/customer-docker/secure-connection-service:10.21.1 - Frontend Service:
istaridigital.jfrog.io/customer-docker/frontend-service:8.34.1 - MCP Service:
istaridigital.jfrog.io/customer-docker/mcp-service:0.4.1 - Docs Service:
istaridigital.jfrog.io/customer-docker/docs-service:6.14.0 - Identity Router:
istaridigital.jfrog.io/customer-docker/identity-router:1.0.1 - SpiceDB:
istaridigital.jfrog.io/customer-docker/istaridigital.com/spicedb-fips:v1.51.1 - SpiceDB Operator:
istaridigital.jfrog.io/customer-docker/istaridigital.com/spicedb-operator-fips:v1.24.0 - Zitadel (main image):
istaridigital.jfrog.io/customer-docker/istaridigital.com/zitadel:v3.4.7 - Zitadel (setup job):
istaridigital.jfrog.io/customer-docker/istaridigital.com/kubectl-iamguarded-fips:1.33.9
Note: The SpiceDB, SpiceDB Operator, and Zitadel images listed above use Chainguard hardened images. Chainguard images are minimal, security-hardened container images with significantly reduced CVE exposure.
- NATS images (bundled with the NATS subchart in the Istari-Platform Chart; tags pinned by the chart):
- NATS Server:
istaridigital.jfrog.io/customer-docker/istaridigital.com/nats-fips:2.14.1 - NATS Config Reloader:
istaridigital.jfrog.io/customer-docker/istaridigital.com/nats-server-config-reloader-fips:0.23.0 - NATS Prometheus Exporter:
istaridigital.jfrog.io/customer-docker/istaridigital.com/prometheus-nats-exporter-fips:0.19.2 - NATS Box:
istaridigital.jfrog.io/customer-docker/istaridigital.com/nats-box-fips:0.19.5
- NATS Server:
Helm Charts
- SpiceDB Operator:
helm pull --repo https://bushelpowered.github.io/spicedb-operator-chart spicedb-operator --version 2.6.0 - Zitadel:
helm pull --repo https://charts.zitadel.com zitadel --version 8.13.4 - Istari-Platform Chart:
helm pull oci://istaridigital.jfrog.io/customer-charts/istari-platform --version 3.19.1 --username ${ISTARI_ARTIFACTORY_USERNAME} --password ${ISTARI_ARTIFACTORY_PASSWORD} - Zitadel Configurator:
helm pull oci://istaridigital.jfrog.io/customer-charts/istari-zitadel-configurator --version 1.8.1 --username ${ISTARI_ARTIFACTORY_USERNAME} --password ${ISTARI_ARTIFACTORY_PASSWORD}
SDK Clients
Agent
CLI
Integrations
Updates for the June 2026 Release
| Module Name | Version |
|---|---|
| ANSYS HFSS | 1.1.1 |
| Atlassian Jira | 1.0.9 |
| C-Infinity AutoAssembler Module | 1.0.0 |
| Dassault Systèmes 3DExperience CATIA (v6) | 1.3.5 |
| Dassault Systèmes 3DExperience ENOVIA | 1.2.4 |
| Google Workspace | 1.3.0 |
| Hexagon MSC Nastran | 2.4.6 |
| Hexagon Nastran Extract | 2.4.9 |
| IBM Rational DOORS Module | 1.0.1 |
| Luminary Cloud CFD | 1.0.0 |
| MathWorks MATLAB (Base) | 2.3.6 |
| MathWorks MATLAB Simulink | 1.3.9 |
| Microsoft Office 365 | 1.5.8 |
| nTop | 0.4.10 |
| Open CAD | 1.1.7 |
| Open PDF | 1.7.7 |
| Open Spreadsheets | 2.3.8 |
| Open SysML | 1.0.9 |
| Open Text | 1.0.8 |
| Siemens NX | 1.5.0 |
| SysGit SysML v2 Tools | 1.0.0 |
| Zoo.dev | 1.0.2 |
All Compatible Modules
Click to expand full module compatibility list for the June 2026 release of the Istari Platform
| Module | Version |
|---|---|
| ANSYS HFSS | 1.1.1 |
| Atlassian Jira | 1.0.9 |
| C-Infinity AutoAssembler Module | 1.0.0 |
| Dassault Systèmes 3DExperience CATIA (v6) | 1.3.5 |
| Dassault Systèmes 3DExperience ENOVIA | 1.2.4 |
| Dassault Systèmes Cameo Enterprise Architect | 4.2.2 |
| Dassault Systèmes CATIA V5 | 2.5.5 |
| Google Workspace | 1.3.0 |
| Hexagon MSC Nastran | 2.4.6 |
| Hexagon Nastran Extract | 2.4.9 |
| IBM Rational DOORS Module | 1.0.1 |
| Luminary Cloud CFD | 1.0.0 |
| MathWorks MATLAB (Base) | 2.3.6 |
| MathWorks MATLAB Simulink | 1.3.9 |
| Microsoft Office 365 | 1.5.8 |
| Microsoft Office Excel | 2.4.3 |
| Microsoft Office PowerPoint | 1.1.2 |
| Microsoft Office Word | 2.3.8 |
| nTop | 0.4.10 |
| Open CAD | 1.1.7 |
| Open PDF | 1.7.7 |
| Open Spreadsheets | 2.3.8 |
| Open SysML | 1.0.9 |
| Open Text | 1.0.8 |
| PTC Creo Parametric | 3.3.2 |
| Siemens NX | 1.5.0 |
| SysGit SysML v2 Tools | 1.0.0 |
| Zoo.dev | 1.0.2 |
Change Log
Istari Platform
New Features
- Workflow Log — Record runs of work performed outside Istari — scripts, CI jobs, batch runs — against a System. Output files and a single log entry per run are uploaded via the SDK and appear on the System's Workflow log tab, each entry linking its outputs to the configuration that was active when the run took place. See Workflow Log and External workflow logs for details.
- Notification Inbox — A new page in the primary sidebar gives you a central place to see and manage platform notifications for resource shares and job completions or failures. Two tabs — Inbox and Archive — let you triage notifications, open a detail pane with a direct link to the relevant resource, and bulk-mark items as read or archive them. An unread badge on the sidebar icon shows how many notifications are waiting. The inbox requires NATS eventing on the backend (see Enabling Notifications below). See the Notifications user guide for setup and usage details.
- Artifacts can be used in jobs — Any resource can now be used as input to a job. Previously only resources typed as Models were eligible; now artifacts and other resource types can be fed into jobs too, so you can chain outputs into downstream jobs without re-importing. Artifacts also now appear alongside models in the Files view, so you can browse and select them directly rather than only through their parent model. See Jobs and Files for details.
- Tools moved under Jobs — The tools browser is now a Tools tab within the Jobs page, replacing the standalone My Tools sidebar item. Navigate to Jobs > Tools to browse and search the tools and functions available to you. See Tools for details.
Performance and Stability
- FIPS 140-3 across the full platform — Building on May's SCS-scoped FIPS milestone, all cryptographic operations across the platform now use FIPS 140-3 validated modules — spanning the agent, frontend, SpiceDB, Zitadel, and infrastructure layers. This is a prerequisite for DoD and classified deployments.
Fixes and Improvements
- Array and object parameters now serialize correctly when running jobs from the UI — When executing a job from the platform UI, array or object parameters entered as text (e.g.
[{"element_id": "...", "tags": {...}}]) were being double-encoded as JSON strings instead of native types, causing integrations such as Cameo'supdate_tagsto fail with an invalid input error. The UI now parses and validates array/object parameters before dispatch. Invalid JSON in these fields is surfaced as a field-level error rather than passed through silently. - Cancel jobs in any active state — Job cancellation now works from any non-terminal state: Pending, Claimed, Validating, Running, or Uploading. Previously only Pending jobs could be canceled. The cancel button appears in both the Activity Panel and the Job Log for all eligible states. See Cancel a Job for details.
Preview
- Secure Connection edit access — Secure Connections can now share resources at Edit access, not just view. An administrator turns on Allow Edit Access to set a connection's ceiling, and an Editor picks a per-file View access or Edit access level when sharing. Edit-shared resources are fully editable on the receiving side (run jobs, add local revisions), while view-only shares stay read-only. See Secure Connections (User Guide) and Secure Connections (Admin Guide) for details.
- Change Requests — A formal change-request workflow for Systems, so teams can propose, review, and coordinate changes to shared systems instead of editing in place.
Integrations
New Integrations
- IBM Rational DOORS Classic Module — Extract requirements data from IBM Rational DOORS Classic databases into Istari pipelines. See IBM DOORS for details.
- SysGit SysML v2 Tools — Connect to SysGit repositories and extract SysML v2 models for downstream MBSE workflows.
- Luminary Cloud CFD — Run cloud-hosted CFD simulations on Luminary Cloud from Istari jobs, parameterized through the platform SDK or UI.
- C-Infinity AutoAssembler Module — Upload CAD assemblies to AutoAssembler, extract engineering BOMs, generate manufacturing build plans, diff assembly versions, and render assembly hierarchies.
Updates
- Integration module dependency security updates — Nineteen integration modules ship new versions this release with patched third-party dependencies (addressing known CVEs in Python, .NET, and Java packages). These are separate from the four new integrations above. See the Updates for the June 2026 Release table for pinned versions; reinstall or upgrade the affected module binaries on your agents after upgrading the platform.
- Siemens NX 1.5.0 — Adds Teamcenter extraction (
teamcenter_extract) to the NX module, so PLM-connected assemblies can be processed alongside native NX parts. See Siemens NX for details. - Open CAD now runs on RHEL 8 and RHEL 9 — The Open CAD module adds support for Red Hat Enterprise Linux 8 and 9, alongside the existing Ubuntu, Windows, and macOS targets. The module's install script provisions FreeCAD 1.0 and the headless rendering libraries automatically; on headless RHEL servers it also installs the OSMesa library needed to render views (geometry and data extraction succeed without it, but rendered views are skipped). Select RHEL 8 or RHEL 9 as the operating system when running an Open CAD function.
Release Timeline
2026-06-24:
- Initial June 2026 release (codename "Merlin")
2026-06-26:
- Istari-Platform Chart
3.19.1: updated Docs Service to6.14.0, added Identity Router1.0.1
Enabling Notifications
Notifications — including the inbox page and toast alerts introduced in the 2026.05.01 release — depend on NATS eventing in the registry service. Starting with this release, NATS is a required platform component.
Breaking Change
Starting with the 2026.06.01 release, NATS is a required platform component. Deployments that have not yet enabled NATS must do so before upgrading. See Migration Notes and the Istari Platform Installation guide for setup instructions.
Backend (Registry Service)
Enable eventing on the registry service. All three settings below must be set; eventing stays off if any one is missing.
-
Deploy NATS — In your
istari-values.yaml:nats:enabled: trueWhen
nats.enabled: true, the Helm chart deploys NATS in-cluster and injectsFILE_SERVICE_NATS_URLinto registry service pods (typicallynats://nats:4222). -
Create the NATS secret — Create the
istari-natsKubernetes secret with a shared auth token. See the NATS Secret section of the Istari Platform Installation guide. -
Configure the registry service secret — Add these keys to the
istari-fileservicesecret:FILE_SERVICE_NATS_TOKEN: "<nats_auth_token>" # Must match NATS_AUTH_TOKEN in istari-natsFILE_SERVICE_FEATURE_FLAGS__EVENTING_ENABLED: "true"FILE_SERVICE_NATS_TOKENmust be identical toNATS_AUTH_TOKENin theistari-natssecret. -
Redeploy the registry service — Restart or upgrade so pods pick up the new secret values. On startup, the service provisions JetStream streams, starts notification consumers, and exposes the V3 inbox API at
/api/v3/inbox.
Frontend
Enable toast alerts (per user) — Toast notifications are a separate, user-controlled setting. Each user turns them on under Application Settings > Experimental Features > Notification toasts. Toasts require backend eventing (above). The summary toast's View inbox action navigates to the notifications inbox.
What gets enabled
| Capability | Backend eventing | User toast toggle |
|---|---|---|
Inbox API (/api/v3/inbox/items) | Required | — |
| Inbox page and sidebar badge | Required | — |
| Toast alerts while browsing | Required | Required (Application Settings) |
Notification types
With eventing enabled, the platform generates notifications for:
- Resource access granted — when a user is granted access to a model, artifact, or resource
- Job terminal state — when a job the user created completes successfully or fails (Canceled jobs are not shown in the UI)
Migration Notes
Breaking Changes
- NATS is required — Starting with the 2026.06.01 release, NATS is a required component of the Istari Platform. The 2026.05.01 release introduced NATS as an optional subchart; it is now required for all deployments. Deployments that do not have NATS enabled must complete the upgrade instructions below before upgrading to this release.
Upgrade Instructions
If you enabled NATS during the 2026.05.01 release, verify that nats.enabled: true, the istari-nats secret, and FILE_SERVICE_NATS_TOKEN / FILE_SERVICE_FEATURE_FLAGS__EVENTING_ENABLED in the istari-fileservice secret are still in place, then proceed with the Helm upgrade.
If NATS is not yet enabled:
- Set
nats.enabled: truein youristari-values.yaml. See Enabling Notifications for the full backend and frontend configuration. - Create the
istari-natsKubernetes secret with a shared auth token. See NATS Secret. - Add
FILE_SERVICE_NATS_TOKEN(matchingNATS_AUTH_TOKEN) andFILE_SERVICE_FEATURE_FLAGS__EVENTING_ENABLED: "true"to theistari-fileservicesecret. - Upgrade the Istari Platform Helm chart to this release.
See the Istari Platform Installation guide and Notifications user guide for details.