Release Notes

Ansible

Blocking changes

• New deployment role for MongoDB 7.0

• New deployment role for RabbitMQ 3.12

• New deployment role for Valkey 7.2 and connection strings for new persistences — MONGO_URI, VALKEY_*, RABBITMQ_*

Other changes and optimizations

• Eureka and Spring Boot Admin URLs configured via environment variables (HORUS_REPLICAS, HORUS_ADMIN_URL, TOT_EUREKA_URL) in systemd units, instead of Spring arguments

• Variables in hosts.yaml for single-node and multi-node deployments

• TLS certificates backup included in the Ansible backup

• Correction of names in service templates

• Correction of S3 properties

• Excluded anjana.sh from the distribution .tgz

• Removed redundant --server.ssl.* arguments in core and plugins systemd units — SSL configuration is already defined in the internal application.yaml of each microservice and is resolved through the JVM -D system properties

K8s Kit

Blocking changes

• Complete restructuring of the kit: from flat YAML manifests (122 files) to Helm chart with anjana-core and anjana-plugins subcharts (11 reusable templates). Deployment via helm install/upgrade

• Automated TLS with cert-manager: internal mode (auto-generated self-signed certificates + truststore generation Job) and manual mode (pre-created secrets)

• IRSA support for Horus: integration with AWS Secrets Manager as config server backend, with validation guard rails

• Multiple config server backends: AWS Secrets Manager, Git, AES-file — selectable via values.yaml

• Standalone mode for plugins: direct reading of cloud secrets (AWS SM, Azure KV, GCP SM) without needing a config server

• Optional manifests for new persistences: MongoDB, RabbitMQ, Valkey

• InitContainers for waiting on dependencies: ordered service startup with HTTPS health checks between them

Other changes and optimizations

• Eureka and Spring Boot Admin URLs configured via environment variables (HORUS_REPLICAS, HORUS_ADMIN_URL, TOT_EUREKA_URL) instead of Spring arguments

• Native OpenTelemetry integration: OTEL_SERVICE_NAME and OTEL_RESOURCE_ATTRIBUTES injected into all services

• Nginx CDN proxy for anjana-ui with S3/MinIO support

• Per-service version management via values.yaml with fallback to global version

• AES backend scripts and local development tooling

• Project infrastructure files: .gitignore, Makefile, Chart.lock, values-core-wsl.yaml

• Removed redundant --server.ssl.* arguments in Deployments and StatefulSets — SSL configuration is already defined in the internal application.yaml of each microservice and is resolved through JVM system properties (JAVA_TOOL_OPTIONS)

• extraCaBundles support in the truststore Job to inject additional CAs (e.g. corporate CA)

• Resource profiles per environment (DEV/PRE/PRO) with automatic selection via global.environment.profile

• Migration of the repository from anjana-helm to Anjana Data Platform-k8s, preserving commit history

Concept changes

• “deprecated” is changed to “discontinued”.

• The link name “Adherences” in the cart dropdown is changed to “Process accesses”.

• “User profile” is changed to “Personal area”.

• “Personal information” (PI) is changed to “Sensitive information”.

Expand and set application permissions

Starting with this version, access to all modules and access to the tabs of the object views depend on permissions associated with the user's role. In this way, the permission configuration becomes more complex but offers greater access granularity, simplifying access to information by user groups.

To this end, the following view permissions will be added:

• Access to the Catalog module: CATALOG_ACCESS

• Access to the Jobs module: JOBS_ACCESS

• Access to full Security Audit: SEC_AUDIT_ACCESS Permission created but without functional capability until release 26.2 planned for Q3 2026

• Access to full Governance Audit: GOV_AUDIT_ACCESS

• Access to the personal Workspace: WORKSPACE_ACCESS 

• Access to the Relationships tab of an entity: OBJ_RELATIONS_ACCESS

• Access to the Stakeholders tab OBJ_STAKEHOLDERS_ACCESS 

• Access to the object Audit tab (OBJ_AUDIT_ACCESS)

• Access to the Versions tab: OBJ_VERSIONS_ACCESS

• Access to the Sample Data tab OBJ_SAMPLE_DATA_ACCESS

• Access to Adherence information in the stakeholders tab ADHERENCE_VIEW

A new permission is also included to edit the Access information received by adhered users: EDIT_ACCESS_INFO (action) ALL (subType)

Changes in existing permissions:

• The ACCESS ALL permission to access the data portal is replaced by the PLATFORM_ACCESS (action) permission with subTypeANJANA.

• The ADMIN (action) ANJANA (subType) permission for the configuration/administration panel is replaced by ADMIN_ACCESS (action) ANJANA (subType)

• The WIZARD (action) ALL (subType) permission is removed. The creation wizard will be accessed through the creation permissions (CREATION_MODIF) on any subType.

• The ACCESS (action) ADHERENCE (subType) permission to grant access to data is updated to ADHERENCE_ACCESS (action) ALL (subType). This permission also grants access to the new Marketplace module.

Workflow evolutions

Add request reason for any workflow 

All workflows will be completed with the reason for the request, just as was done in previous versions with adherence workflows. 

To this end, when the user chooses or confirms an action that triggers a workflow, Anjana Data Platform will display a window where the user can enter the reason in at least one application language.

The texts can be consulted from the workflow screens and in notifications by using the variable #REQUEST_REASON#. It is recommended to include this variable in the body of workflow notifications, thus ensuring that the involved users receive it.

New workflow screens 

From now on, the following screens will be available:

1. My access requests 🆕 : Provides access to adherence workflows requested by the user themselves
   Access restriction: Only available for users who either have ADHERENCE permissions, or have been Requesters in any ADHERENCE workflow.

2. My governance requests 🆕 : Provides access to governance workflows requested by the user themselves, except for adherence workflows.
   Access restriction: Only available for users who either have CREATION_MODIF, CHANGE_OU, CHANGE_OU or DEPRECATION permissions, or are users who have been Requesters in any workflow of CREATION, MODIFICATION, ACTIVATION, DEACTIVATION, RENAMING, TRANSFER.

3. My Tasks 🆕 : Provides access to workflows that the user must validate due to their role.
   Access restriction: Only available for users who are Validators in any workflow.

4. Workflows: Provides access to the complete set of workflows.
   Access restriction: Only available for users who have a role with WORKFLOW_ACCESS permissions

When a user receives a validation notification, they will always be able to access the workflow to approve or reject from the notification, from the My Tasks screen, or from the complete Workflows list (only if they have the WORKFLOW_ACCESS permission).

More information on workflow screens

The information displayed on workflow screens has been enriched, so from now on it includes:

• Object

• Request type

• Requester

• Reason

• Request date

• Validation status

• Last participant

• Last response

• Time without response

• Total duration

User interface evolutions

Home page

A home page is included as the entry point for users after logging in, and it will be accessible from the Anjana Data Platform and customer logos in the header.

This home page includes:

• Search bar that allows searches in the Catalog or in the Marketplace 

• Activity summary with date range selector (7 days, 30 days, 3 months, 6 months and 1 year)

  • My access requests

  • My governance requests

  • My tasks

• Quick access to:

  • Creation Wizard

  • Personal Workspace

Marketplace Portal

A new module called Marketplace is created, intended to be a portal for searching and requesting access to assets available for consumption through Data Sharing Agreements (DSA) for consumers.

The Marketplace first offers a suggestions space where the consumer can view recently added DSAs and the assets most requested by other users.

Next, it offers a space for asset discovery through a search engine and filters with an intuitive and agile experience that relies on the following capabilities:

• Save featured searches with the option to select one as a favorite.

• Option to request immediate access or add to cart for bulk requests

• Bulk selections of objects to add to the cart

• Bulk selections to add to the personal Workspace

• Preview the details of an object

• Consult access information

SUMMARY: 17 added · 29 removed · 2 modified

KERNO

✨ New Endpoints (4)

PUT          /clear-all  (AdminAPIController)
2	POST         /api/common/v1/massiveSubmit/{objectSubType}  (CommonController)
3	POST         /api/entity/v1/rename/{objectSubType}/{idObject}  (EntityController)
4	POST         /api/relationship/v1/rename/{objectSubType}/{idObject}  (RelationshipController)

❌ Removed Endpoints (20)

PUT          /clear/license  (CacheInternalController)
5	PUT          /name/{objectType}  (AdminAPIController)
6	POST         /custom/list  (AttributeController)
7	GET          /stakeholders/{objectType}/{objectSubType}/{idObject}  (CommonV2Controller)
8	POST         /massiveSubmit/{objectSubType}  (CommonV2Controller)
9	POST         /requests  (MetadataController)
10	POST         /requests/detail  (MetadataController)
11	GET          /versions/{idObject}  (DatasetController)
12	GET          /versions/{idObject}  (DsaController)
13	GET          /datasets/{idObject}  (DsaController)
14	POST         /datasets/{idObject}  (DsaController)
15	GET          /versions/{idObject}  (InstanceController)
16	GET          /project/{idObject}  (InstanceController)
17	GET          /solutions/{idProcessInstance}  (InstanceController)
18	GET          /versions/{idObject}  (ProcessController)
19	GET          /instances/{idProcess}  (ProcessController)
20	GET          /versions/{idObject}  (SolutionController)
21	GET          /instances/owned/{idObject}  (SolutionController)
22	GET          /instances/related/{idObject}  (SolutionController)
23	POST         /instances/related/{idObject}  (SolutionController)

MINERVA

✨ New Endpoints (2)

PUT          /clear-all  (AdminAPIController)
24	POST         /search/AUDIT_OBJECT  (AuditController)

❌ Removed Endpoints (5)

PUT          /clear/license  (CacheInternalController)
25	DELETE       /collection/kerno  (AdminAPIController)
26	DELETE       /collection/delete-field/{field}/kerno  (AdminAPIController)
27	PUT          /collection/update/kerno  (AdminAPIController)
28	POST         /search  (AuditController)

HERMES

✨ New Endpoints (5)

GET          /v1/permissions  (WorkflowController)
29	POST         /v1/search  (WorkflowController)
30	POST         /v1/user/adherence/search  (WorkflowController)
31	POST         /v1/user/search  (WorkflowController)
32	POST         /v1/user/validation/search  (WorkflowController)

❌ Removed Endpoints (1)

PUT          /clear/license  (CacheInternalController)

ZEUS

✨ New Endpoints (2)

PUT          /clear-all  (AdminAPIController)
33	(múltiples)  /oidc/**  (OidcRestController)

❌ Removed Endpoints (2)

PUT          /clear/license  (CacheInternalController)
34	GET          /telemetry  (UserConfigInternalController)

anticlockwise_arrows_button Modified Endpoints (1)

(actualizado) /saml/**  (SamlRestController)

PORTUNO

✨ New Endpoints (4)

(múltiples)  /portuno/config/**  (AppConfigurationController)
35	(múltiples)  /portuno/i18n/**  (I18nController)
36	(múltiples)  /portuno/public/language/**  (LanguagePublicController)
37	(múltiples)  /portuno/translation/**  (TranslationController)

❌ Removed Endpoints (1)

PUT          /clear/license  (CacheInternalController)

anticlockwise_arrows_button Modified Endpoints (1)

(refactorizado) /portuno/language/**  (LanguageController)