Release Notes

tip

Looking for breaking changes that might impact your Palette upgrade? Visit the Find Breaking Changes page for a filtered view of relevant updates.

To view release notes for a specific Palette version, use the version selector below.

Select release notes version

Select...

December 19, 2025 - Component Updates

The following components have been updated for Palette version 4.8.6 - 4.8.12.

Component	Version
Spectro Cloud Terraform provider	0.26.2
Spectro Cloud Crossplane provider	0.26.2
Palette Management Appliance	4.8.12
VerteX Management Appliance	4.8.12

Bug Fixes

• Fixed an issue that caused duplicate cluster packs errors to appear when Terraform spectrocloud_cluster_profile updates triggered API validation errors.

• Fixed an issue that caused certain Day-2 cluster operations to fail for clusters with the Terraform spectrocloud_addon_deployment resource.

Packs

Pack Notes

• Harbor pack version 1.18.1 now supports configuring HTTP access. Refer to the pack Additional Details tab for further information.

• Users can now use Ubuntu 22.04 on VMware, Azure, and MAAS clusters using the FIPS Palette eXtended Kubernetes pack version 1.33.5.

Pack Name	Layer	Non-FIPS	FIPS	New Version
Calico	CNI	❌	✅	3.31.2
Harbor	Add-on	✅	❌	1.18.1
Istio	Add-on	✅	❌	1.28.1
Kong	Add-on	✅	❌	3.0.0
Prometheus Agent	Add-on	✅	❌	27.49.0
Prometheus Operator	Add-on	✅	❌	79.11.0
Spectro Kubernetes Dashboard	Add-on	✅	❌	7.13.0
Ubuntu (Azure)	OS	❌	✅	22.04
Ubuntu (MAAS)	OS	❌	✅	22.04
Ubuntu (vSphere)	OS	❌	✅	22.04

December 17, 2025 - Release 4.8.12

The following component updates are applicable to this release:

• December 19, 2025 - Component Updates

Features

• Palette now supports the cluster provisioning and management of CloudStack clusters. Refer to the CloudStack section for further information. Review the active known issues that affect CloudStack on the Known Issues page.

• Terraform version 0.26.1 of the Spectro Cloud Terraform provider is now available. For more details, refer to the Terraform provider release page.

• Crossplane version 0.26.1 of the Spectro Cloud Crossplane provider is now available.

• The Spectro Cloud Terraform provider and Spectro Cloud Crossplane provider now support CloudStack.

  • The spectrocloud_cloudaccount_apache_cloudstack data source supports the creation of CloudStack cloud accounts.
  • The spectrocloud_cluster_apache_cloudstack resource supports configuration and deployment of CloudStack clusters.

Improvements

• The KubeVirt version used by the Palette Virtual Machine Orchestrator is now v1.6.2.

• The virt-v2v version used by the Palette Virtual Machine Migration Assistant is now v2.9.0.

  As part of the upgrade, the VMware Virtual Disk Development Kit (VDDK) image is now a requirement for migrations. This image was previously optional but is now necessary for the migration process. Refer to the Create Source Providers guide for more information.

• The default timeout of Local UI JWT tokens has been reduced to 15 minutes. Additionally, tokens are now revoked upon log out.

• The dependencies of the imageswap and imageswap-init Palette images were updated to the latest versions, ensuring that they have the latest security patches. Additionally, the ubuntu-systemd image has been removed from Palette.

• The performance of the /clusterprofiles Palette API endpoint has been improved.

Bug Fixes

• Fixed an issue that caused EKS clusters to fail to provision due to missing retry logic for trust policy ConfigMaps.

• Fixed an issue that caused Day-2 operations to fail on Palette Edge clusters configured with external provider registries in the Palette eXtended Kubernetes Edge (PXK-E) pack.

• Fixed an issue that caused add-on deployments provisioned through the Spectro Cloud Crossplane provider to remain in an unrecoverable, unhealthy state following a deployment error, even after fixing the root cause.

• Fixed an issue that prevented the Bring Your Own OS (BYOOS) pack from being available to CloudStack clusters.

• Fixed an issue that prevented agent mode from retaining network configurations after boot.

• Fixed an issue that caused the Virtual Machine Migration Assistant plans to fail due to PodSecurity violation errors.

• Fixed an issue that caused content bundle builds configured on encrypted partitions to become stuck.

• Fixed an issue that caused multiple versions of the spectro-reach image to be installed in Palette Management Appliance and VerteX Management Appliance.

• Fixed an issue that caused an incorrect version of the palette-agent image to be referenced by the Palette ally service.

• Fixed an issue that prevented the Delete action from correctly displaying for cluster templates in the Palette UI.

• Fixed an issue that caused Windows 25 server VMs to become inaccessible after being migrated using the Virtual Machine Migration Assistant.

• Fixed an issue that caused the CloudStack PCG type to appear under Tenant Settings even though it was disabled using a system administration feature flag.

Packs

Pack Notes

• The following packs support CloudStack deployment:
  • Ubuntu 24.04
  • Palette eXtended Kubernetes versions 1.31.14, 1.32.10, and 1.33.6
  • Calico 3.30.3-rev1
  • CloudStack CSI 2.5.0

Pack Name	Layer	Non-FIPS	FIPS	New Version
Azure Disk	Storage	✅	❌	1.33.7
External Secrets Operator	Add-on	✅	❌	1.1.0
GCE Persistent Disk CSI	Storage	✅	❌	1.22.4
Nvidia GPU Operator	Add-on	✅	❌	25.10.1
Palette eXtended Kubernetes	Kubernetes	✅	✅	1.33.6
Palette eXtended Kubernetes	Kubernetes	✅	✅	1.32.10
Palette eXtended Kubernetes	Kubernetes	✅	✅	1.31.14
Prometheus Agent	Add-on	✅	❌	27.47.0
Prometheus Operator	Add-on	✅	❌	79.8.2
Volume Snapshot Controller	Add-on	✅	❌	8.4.0
vSphere CSI	Storage	✅	✅	3.6.0

December 12, 2025 - Component Updates

The following components have been updated for Palette version 4.8.6 - 4.8.9.

Component	Version
Palette Management Appliance	4.8.10
VerteX Management Appliance	4.8.10

Review the active known issues that affect this component update on the Known Issues page.

Bug Fixes

• Fixed an issue that caused stylus to incorrectly map some image references.

December 5, 2025 - Component Updates

The following components have been updated for Palette version 4.8.6 - 4.8.9.

Improvements

• The Piraeus CSI version used in the Palette Management Appliance and VerteX Management Appliance has been upgraded to 2.10.1.

Packs

Pack Notes

• The Azure CNI pack now supports the overlay networking model using the Overlay preset.
• The Kubernetes (EKS) pack now supports the configuration of custom service CIDRs. Refer to the pack Additional Details tab for further information.
• The AWS VPC CNI (Helm) pack now supports the configuration of custom pod CIDRs. Refer to the pack Additional Details tab for further information.

Pack Name	Layer	Non-FIPS	FIPS	New Version
Amazon EFS	Add-on	✅	❌	2.1.15
AWS Application Loadbalancer	Add-on	✅	❌	2.16.0
AWS VPC CNI	Add-on	❌	✅	1.20.4
Azure Disk	CSI	✅	❌	1.33.6
Calico	CNI	✅	❌	3.31.2
Calico Network Policy	Add-on	✅	❌	3.31.2
KAI Scheduler	Add-on	✅	❌	0.10.0
KubeRay Operator	Add-on	✅	❌	1.5.1
Open Policy Agent	Add-on	✅	❌	3.21.0
Prometheus Agent	Add-on	✅	❌	27.45.0
Prometheus Operator	Add-on	✅	❌	79.5.0
Ubuntu (GCP)	OS	✅	❌	24.04
Zot Registry	Add-on	✅	✅	0.1.89

December 5, 2025 - Release 4.8.9

The following component updates are applicable to this release:

• December 5, 2025 - Component Updates
• December 12, 2025 - Component Updates
• December 19, 2025 - Component Updates

Bug Fixes

• Fixed an issue that caused Palette's cluster-management-agent service to continually restart on data center clusters due to a duplicate CloudStack cloud type introduced by Palette 4.8.6.

November 28, 2025 - Component Updates

The following components have been updated for Palette version 4.8.6 - 4.8.8.

Packs

Pack Name	Layer	Non-FIPS	FIPS	New Version
Amazon EFS	CSI	✅	❌	2.1.14
Argo CD	CSI	✅	❌	9.1.0
External Secrets Operator	Add-on	✅	❌	1.0.0
GCE Persistent Disk CSI	CSI	✅	❌	1.21.0
GCE Persistent Disk CSI	CSI	✅	❌	1.20.2
Istio	Add-on	✅	❌	1.28.0
Karpenter	Add-on	✅	❌	1.8.2
Nginx	Add-on	✅	❌	1.14.0
Piraeus Operator	CSI	✅	✅	2.10.1

November 26, 2025 - Release 4.8.8

The following component updates are applicable to this release:

• November 28, 2025 - Component Updates
• December 5, 2025 - Component Updates
• December 12, 2025 - Component Updates
• December 19, 2025 - Component Updates

Improvements

• The VerteX UI has been upgraded to use Nginx 1.29.2.

Bug Fixes

• Fixed an issue that caused errors with the internal MongoDB database when upgrading the self-hosted Palette or VerteX installation from 4.7.29 to 4.8.6.
• Fixed an issue that prevented Edge cluster events from being displayed in the Palette Events tab.
• Fixed an issue that caused VerteX 4.8.6 to fail to install due to crashing LINSTOR pods.
• Fixed an issue that caused a duplicate CloudStack cloud type to appear in the custom cloud types API endpoint after upgrading Palette to 4.8.6, resulting in API and validation conflicts.

November 22, 2025 - Release 4.8.0 - 4.8.6

The following component updates are applicable to this release:

• November 28, 2025 - Component Updates
• December 5, 2025 - Component Updates
• December 12, 2025 - Component Updates
• December 19, 2025 - Component Updates

Security Notices

• Review the Security Bulletins page for the latest security advisories.

Palette Enterprise

Breaking Changes

• When creating EKS clusters, the default Amazon Machine Image (AMI) Type is now Amazon Linux 2023 (AL2023) Standard AMI. This change aligns with the upcoming deprecation of Amazon Linux 2 (AL2) AMIs. A deprecation warning now appears for AL2 AMIs in the Amazon Machine Image (AMI) Type drop-down menu within Cloud Configuration Settings.

• System configuration API endpoints can now only be accessed using privileged authorization tokens. These API endpoints expose critical system details, so access to them is strictly enforced. Users with general access authorization tokens are no longer able to access these endpoints.

• All Palette and VerteX Clouds API endpoints now require authorization tokens for all requests. Existing integrations must be updated to provide valid authorization tokens, as unauthenticated API calls will now fail.

Features

• EKS Pod Identity is now a supported authentication method for AWS cloud accounts. This secure authentication mechanism allows Kubernetes pods to assume IAM roles with temporary, automatically refreshed credentials, eliminating the need for long-lived AWS credentials.

  This method is only available for self-hosted Palette and Palette VerteX instances deployed on Amazon EKS clusters. Refer to the Add AWS Accounts guide for more information.

• Cluster profile variables now support the multiline input type and the Base64 format. This improvement allows users to leverage cluster profile variables for use cases such as saving multiline YAML specifications and storing encoded keys for use during cluster creation.

Improvements

• Project tags are now displayed in the Project Overview page and the Tenant Admin > Projects page in Palette. This improvement allows users to identify projects based on their tags. Refer to the Project Tags section for more information.

• Palette now provides the ability to upgrade the vCluster version of your virtual clusters, allowing you to leverage newly introduced features without having to create new cluster groups or migrate workloads. Refer to the Upgrade Cluster Groups guide for further information.

• Palette has now implemented a mechanism for evacuating and migrating the control planes for MAAS clusters using LXD VMs, reducing high-availability risks during host repaves. This improvement is critical for Day-2 lifecycle operations such as upgrades or repaves.

• The Palette Management Appliance and VerteX Management Appliance now include the latest Terminal User Interface (TUI). For more details, refer to Initial Edge Host Configuration with Palette TUI.

• Certificate renewal for clusters provisioned using Palette Optimized K3S and RKE2 can now be triggered externally from Kubernetes. This is applicable for both Edge and public cloud clusters.

Bug Fixes

• Fixed an issue that caused Palette Management Appliance and VerteX Management Appliance to sometimes create an inconsistent number of LINSTOR resources.

• Fixed an issue that caused some self-hosted Palette and VerteX installations to fail to due to a Helm template rendering error.

• Fixed an issue that caused Palette UI errors related to YAML marshalling when accepting cluster profile updates for cluster profiles configured using the Spectro Proxy pack.

• Fixed an issue that prevented ipclaim resources from being deleted when repaving VMware clusters.

• Fixed an issue that prevented the Palette UI from displaying metrics for EKS clusters due to incorrect security group rules.

• Fixed an issue that prevented rotated IAM keys in AWS cloud accounts from being updated on deployed AWS clusters.

Edge

info

The CanvOS version corresponding to the 4.8.6 Palette release is 4.8.1.

Improvements

• The Terminal User Interface (TUI) is now always enabled and features a new landing page that displays system information. It also adds support for configuring Virtual Local Area Networks (VLANs). The stylus.includeTui flag in user-data has been deprecated as a result of these changes. For more details, refer to Initial Edge Host Configuration with Palette TUI.

• CanvOS now provides support for FIPS-compiled Ubuntu 22.04. This is important for users who want to enforce FIPS 140-3 compliance.

Bug Fixes

• Fixed an issue that caused pack reconciliation to fail in locally managed Edge clusters provisioned with cluster profiles containing duplicate packs.

VerteX

Features

• Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Features

• Terraform version 0.26.0 of the Spectro Cloud Terraform provider is now available. For more details, refer to the Terraform provider release page.

• Crossplane version 0.26.0 of the Spectro Cloud Crossplane provider is now available.

• The Spectro Cloud Terraform provider now supports cluster templates.

  • The spectrocloud_cluster_config_policy data source implements maintenance policies.
  • The spectrocloud_cluster_config_template data source implements cluster templates.
  • Cluster resources now have the cluster_template field to support the configuration of cluster templates.

• The spectrocloud_cloudaccount_aws Terraform resource now supports EKS Pod Identities.

Bug Fixes

• Fixed an issue that caused the spectrocloud_cluster_group Terraform resource to fail to save cluster state when a Loadbalancer was configured.

Docs and Education

• The new Find Breaking Changes for Palette Upgrades page contains an interactive component that allows users to list breaking changes between two Palette releases. Use it as guidance for upgrading dedicated SaaS or self-hosted Palette and Palette VerteX installations.

Packs

Deprecations and Removals

• The Nginx pack is now deprecated. Use the Kgateway pack as an alternative. Refer to the Ingress NGINX Retirement: What You Need to Know blog for further information.

Pack Notes

• The Spectro RBAC pack version 1.0.1 now supports CPU, memory, and storage resource quota specifications.

Pack Name	Layer	Non-FIPS	FIPS	New Version
Amazon EBS CSI	CSI	✅	❌	1.51.0
Calico	CNI	❌	✅	3.31.0
Crossplane	Add-on	✅	❌	2.0.1
External Secrets Operator	Add-on	✅	❌	0.20.4
Flux2	Add-on	✅	❌	2.17.1
Kgateway	Add-on	✅	❌	2.2.1
Prometheus Agent	Add-on	✅	❌	27.42.1
Prometheus - Grafana	Add-on	✅	❌	79.0.1
Reloader	Add-on	✅	❌	1.4.10
Spectro RBAC	Add-on	✅	❌	1.0.1
Ubuntu (Azure)	OS	✅	❌	24.04
Ubuntu (vSphere)	OS	✅	❌	24.04