v1.0.0-rc.8 – Security Hardening and Integration Updates

v1.0.0-rc.8 – Security Hardening and Integration Updates

Date: 2025-12-17
Status: Release Candidate 8

This release focuses on security hardening, improved observability, and refinements to the Pixop REST API and Pixop–Mimir integration.

Internal

• Added rotation of encryption master secrets
• Added rotation of API key master secret
• Introduced monitoring of JVM metrics for better runtime visibility
• Improved alert messages with timestamps and environment information for easier debugging

Pixop REST API

• Added deletionEligibleAt to the ApiKey schema
  API keys now become eligible for automatic deletion if they are not used for authentication for 90 consecutive days.

Pixop Mimir integration API

• Improved error messages when authentication fails to more clearly indicate which Mimir permissions are missing
• Removed the mimirCustomActionSecret field from the PixopMimirIntegrationPut schema
  A 256-bit customActionSecret is now generated server-side by Pixop instead of being provided by the client.
• Added createNewCustomActionSecret to the MimirSetup schema to allow rotating the custom action secret when updating the integration
• Added customActionsIncludeMimirUserToken to the MimirSetup schema to control whether Mimir custom actions include the triggering user's token in requests sent to Pixop

Notes

• This release continues to harden security and improve operability ahead of the stable v1.0.0
• Please report feedback or issues to [email protected]