2026 Alation Backend Releases

RELEASE 2026.3.1.0

Released March 25, 2026

Note

This release is for Alation Cloud Service instances.

New Features and Enhancements

Curation Automation: Enable or Disable with a Feature Flag

Server Admins can now access and manage the Curation Automation feature from Feature Configuration in Admin Settings, with the feature enabled by default. (AL-229211)

Curation Automation: Improve AI-Generated Metadata Accuracy with Reference Documents in Curation Rules

Users can now attach a single reference document (a document or policy object) to each AI-enabled field within the curation rule editor. The document’s content up to 5,000 characters is sent to the large language model alongside free-text instructions to improve AI-generated metadata quality. (AL-229968)

Alation Analytics: Support for Restrictive Content Security Policy

Alation Analytics dashboards now load correctly when a custom Content Security Policy (CSP) is enabled. Previously, a restrictive CSP could block Alation Analytics dashboards from displaying, requiring an additional manual configuration. This change ensures Alation Analytics is automatically compatible with restrictive CSP settings. (AL-223038)

Search Configuration: Enhanced Control Over File System Indexing

You can now opt out of file system attribute indexing. A new configuration flag was introduced, alation.search.enable_fileattribute_indexing, enabled by default, allowing customers to control whether file attribute objects should be indexed in Elasticsearch. Following existing indexing controls, this option helps reduce Elasticsearch storage usage for environments with large file system catalogs where file attribute search is not commonly used. Customers can request Alation Support to disable this indexing to optimize performance and storage. Updating the flag value requires a reindexing of the Search index. (AL-175569)

Lineage: Stored Procedure Names Now Display in Dataflow Titles

Previously, dataflows created from stored procedures appeared as Untitled Dataflow. With this update, stored procedure names are now automatically applied to these dataflows through custom field population during the lineage staging process. The enhancement includes support for updating custom fields during dataflow insertion, along with tracking and error handling to ensure reliable updates. (AL-221281)

User Impersonation: Enhanced Database Connectivity for Compose

Compose user impersonation now correctly uses the configured service account credentials when connecting to databases on Alation Cloud Service. Previously, connections could fail because the system passed the logged-in user’s email as the database username instead of the configured service account. With this update, Compose correctly uses the service account credentials and performs user impersonation via proxy authentication. (AL-230076)

Data Products App: Simplified Enablement

Enabled the Data Products Service by default, simplifying initial setup for Server Admins. The Data Products App remains available only to customers with the appropriate feature entitlement. In addition, Data Product Admins can now enable or disable the Chat with Data Products feature directly from the user interface. (AL-230138)

Data Products App: Snowflake Key Pair Authentication for Chat

Added support for key pair-based authentication to Snowflake in data product chat and Agent Studio. (This does not deprecate basic authentication). (AL-227017)

Data Products App: Authentication API Updates

Updated the Data Products Authentication API specification to improve accuracy, align with actual application behavior, and introduce new credential validation workflows.

Added Endpoints (Test Connection Validation)

Introduced a new asynchronous workflow for validating test connections directly via the API:

  • POST /api/v2/auth/credentials/{auth_id}/test_connection/: Triggers an asynchronous test connection validation.

  • GET /api/v2/auth/credentials/test_connection_status/{job_id}/: Polls the status of the dispatched test connection job.

Removed Endpoints

The redirect (/api/v2/auth/redirect/) and callback (/api/v2/auth/callback/) endpoints have been removed from this specification, as they are not part of the Data Products Auth contract.

Schema Corrections

API schemas have been thoroughly corrected to reflect the actual serializer outputs accurately:

  • AuthCapabilitiesResponse: Simplified to return {"test_connection": true}, removing incorrectly documented fields.

  • DataProductAuthSchemesResponse: Corrected fields to auth_type, config_name, and enabled.

  • DataProductAuthCapabilitiesResponse: Corrected to flat fields auth_type, auth_method, description, and requires_external_config.

  • CredentialsUpdatePayload: Removed private_key and passphrase, as they are not accepted by the update serializer.

  • List Credentials Response (GET /api/v2/auth/credentials/):

    • When detailed=true, the response now correctly references the detailed CredentialsDetail schema.

    • When detailed=false, the response now correctly returns a flat JSON array of UUID strings for performance-critical scenarios.

    • Removed Schemas: Eliminated the redundant CredentialsListItem and CredentialsMinimal schemas to clean up the specification. (AL-229679)

Catalog Content: Column Customization Enabled for RDBMS Objects

Column customization for RDBMS objects (Ability to Organize Columns on the Schema and Table Catalog Pages) is now enabled by default for all Alation Cloud Service customers. This allows users to configure the display and visibility of columns within relational database objects. (AL-230610)

Catalog Content: Dynamic Grouping for SageMaker and dbt Asset Types

The default template now dynamically groups SageMaker and dbt asset types in the top-left Data Objects section, displaying them only when relevant sources are present or specific flags are enabled to reduce UI clutter. (AL-229281)

Alamigo: One Feature Flag for Classic and New User Experience

The separate Classic User Experience feature flag (DEV_enable_alamigo_for_classic_ui) has been removed. Alamigo visibility is now controlled by a single flag (DEV_enable_alamigo) for both New and Classic User Experiences. If you previously had Alamigo disabled in Classic but enabled in New, it will now appear in both interfaces. (AL-225898)

Platform Security Enhancements

Upgraded core platform components, base images, and key dependencies to address multiple potential vulnerabilities and improve overall system resilience:

  • Upgraded core platform components and base image packages. (AL-230587)

  • Incorporated the latest security enhancements for the Alation Core platform. (AL-229276)

  • Upgraded the Natural Language Toolkit (NLTK) dependency to version 3.9.3. (AL-227935)

  • Applied an important security patch to a core platform component. (AL-227756)

  • Upgraded a core dependency to a newer, more secure version. (AL-227755)

  • Upgraded a core cryptographic library to its latest version to improve data protection. (AL-225791)

Bug Fixes

  • AL-225040: Fixed an issue where certain custom filters did not appear in the left-side filter list because custom field names were not unified for search facets.

  • AL-201565: Fixed an issue where the order of custom field values in downloaded bulk creation, update, and delete CSV templates differed for the same document template. This standardization ensures a consistent and predictable field layout across all templates, improving the user experience during bulk management operations.

  • AL-227879: Fixed an issue where scheduled queries containing backslash characters in SQL string literals failed to execute due to incorrect merging of multiple SQL statements, resulting in errors such as Actual statement count N did not match the desired statement count 1. Scheduled queries with backslashes in string literals now split and execute correctly.

  • AL-209584: Fixed an issue where running a query in Compose that returned no rows displayed an error message instead of the expected No data available in table message. This correction ensures Compose accurately handles empty query results, providing clarity and preventing confusion for users.

  • AL-184089: Fixed an issue where users received unclear guidance on the Compose and Query Overview pages when attempting to access shared queries targeting data sources they could not access. Error messages now clearly indicate that users should check both query permissions and data source permissions in the catalog.

  • AL-219401: Fixed an issue where email notifications were not triggered for failed dbt (ELT) metadata extraction jobs and other ELT jobs.

  • AL-204715: Fixed an issue where the column headers and data table could appear misaligned in the Upload Data Import confirmation step when previewing CSV files with fewer columns.

  • AL-228925: Fixed an issue where accessing the Details tab within the manual lineage editing sidebar or clicking endorsement chips in lineage graphs would cause a JavaScript error, preventing users from viewing or editing lineage details.

  • AL-224612: Fixed an issue where the Lineage Settings page displayed a misleading Automatic Lineage Generation is disabled warning for connectors, such as Databricks Unity Catalog, that do not support automatic lineage generation.

  • AL-221023: Fixed an issue where upstream lineage was not displayed for columns derived from CASE and WHEN conditions, even when the dataflow was present. This fix is behind a feature flag alation.stmt_parsing.enable_show_case_when_as_direct.

  • AL-221023: Fixed an issue where upstream lineage was not displayed for columns derived from CASE WHEN conditions, even when the dataflow was present.

  • AL-230036: Fixed an issue where SCIM user synchronization pagination could return duplicate or missing users across pages, causing incomplete user provisioning in identity providers such as Okta, Azure AD, and OneLogin.

  • AL-228147: Fixed an issue where the PATCH Relational Integration API and Upload Query Log API incorrectly returned a SUCCESS status even when permission checks failed or warnings occurred. The API endpoints now accurately reflect PARTIAL_SUCCESS status for permission failures and internal warnings, ensuring transparent feedback on operation outcomes.

  • AL-231905: Fixed an issue where concurrent requests to the Relational Integration API caused locking problems when the debounce interval feature was enabled.

  • AL-224520: Fixed an issue where long group names were not displayed properly on the Schema Access page.

  • AL-202732: Fixed an issue where the Trim extra spaces for fixed-length char types and Wrap fields in quotes for exports and downloads settings in Compose were not correctly applied during CSV downloads and exports. This correction ensures that whitespace is properly trimmed and string values are wrapped to prevent unintended data conversions in spreadsheet applications.

  • AL-230574: Fixed an issue where Alation agent connectivity status change notifications (disconnect or reconnect emails) could be duplicated due to Celery task re-delivery.

  • AL-227963: Fixed an issue where the Health Checks page appeared empty.

  • AL-226837: Fixed an issue where the Contact Alation Support menu option failed or redirected to a deprecated page, particularly after an upgrade in Alation Cloud Service (ACS). This menu item is now removed in ACS, while for customers on Customer-Managed environment, it correctly redirects to the updated support login page.

  • AL-225797: Logs optimization: removed error log for missing otype on some custom templates when the otype is in the asset type range, as this is expected behavior.

  • AL-222134: The Health tab for BI reports catalog page now follows the feature flag alation.feature_flags.enable_data_health setting. Previously, the Health tab was always displayed for BI reports.

  • AL-201565: In Bulk Management templates, built-in fields (Title and Description) now appear first, followed by Domains and Tags, with all remaining custom fields ordered alphabetically. Both Create and Update templates now follow a consistent “Domains before Tags” order, and object type suffixes have been standardized across templates. These updates provide a more predictable and user-friendly field layout when working with bulk operations.

PATCH RELEASE 2026.1.0.2

build 22.0.2.132010

Released March 6, 2026

Note

This patch release is available for customer-managed (on-premise) instances only. This patch release doesn’t apply to Alation Cloud Service instances.

  • Added explicit, application-level timeouts for calls to Alation’s catalog service. This change mitigates critical failure modes during unforeseen service disruptions, such as 504 responses from the web server, web server startup failures, or hanging Celery tasks that can cause queue backlogs. (AL-224236)

  • Updated the Celery worker to read metrics from Redis in batches to prevent CPU exhaustion in the shared Redis cluster that caused downtime for some customers. (AL-223677)

RELEASE 2026.2.1.0

Released February 25, 2026

Note

This release is for Alation Cloud Service instances.

In this release:

Deprecation Notice: User V0 Tokens

Starting with the 2026.2.1.0 release, support for User V0 tokens is deprecated.

This deprecation has been previously communicated through:

  • Community announcements (requires a login)

  • In-product notification banners. The banners have been removed in this release.

What deprecation means:

  • Existing User V0 tokens will continue to function.

  • Customers are strongly encouraged to migrate to User V1 tokens to ensure continued support and compatibility.

New Features

Ability to Organize Columns on the Schema and Table Catalog Pages

Users can now customize the columns displayed in tables listing child objects on schema and table catalog pages. The feature is currently behind the feature flag alation.feature_flags.DEV_enable_column_customization_in_rdbms_object_page.

All users with access to the page can organize columns in the table and column list.

Alation automatically saves any changes you make to the table view, and those changes are applied to all objects in the data source. If you have an admin-level (Server and Catalog Admins) role, you can explicitly choose to set the current table view as the default for all table objects in this Datasource using the Save Table View button.

The changes to the table or column view on a schema or table catalog page, respectively, follow this order of precedence:

  1. User view

  2. Admin view

  3. Default view

If there are conflicting settings, the user view takes precedence over the admin view, and the admin view takes precedence over the default view.default view < admin view < user view. If there are conflicting settings, the user view takes precedence over the admin view, and the admin view takes precedence over the default view. (AL-222060)

Data Quality Data in Alation Analytics

The following new tables in Alation Analytics track data from Data Quality features:

  • alation_dq_monitors: Stores monitor data

  • alation_dq_checks: Stores checks in monitors and their configurations

  • alation_dq_anomalies: Stores anomalies in monitors and their configurations

  • alation_dq_check_results: Stores check results during monitor runs

  • alation_dq_anomaly_results: Stores anomaly results during monitor runs

  • alation_dq_checks_version_history: Stores historical check results for the past year.

The ETL for these tables runs only if the Data Quality feature is enabled. (AL-199700)

Support for External Authenticators for OAuth 2.0 Authentication Flows

Alation now supports managing OAuth 2.0 client applications directly through an organization’s Identity Provider (IdP), such as Microsoft Entra ID (Azure AD) or any JWT-based IdP. Enterprises can now centrally govern OAuth client IDs, credentials, and access policies using existing Identity and Access Management controls without creating or storing OAuth secrets in Alation:

  • OAuth 2.0 client applications can now be fully managed in your IdP

  • Alation no longer issues or stores OAuth client secrets or certificates

  • Token validation is performed using the IdP’s JWKS endpoint

  • Admins map IdP-managed OAuth clients to Alation roles for authorization

Previously, OAuth clients had to be registered inside Alation, requiring credentials to be generated and maintained locally. This limited enterprise IAM teams from enforcing standard security practices such as centralized rotation, Conditional Access, auditing, and lifecycle management. With IdP-managed OAuth clients, Alation aligns with modern enterprise security and compliance models. (AL-203212)

Per-Object Parameter Defaults

The Admin Settings > Feature Configuration page now has new feature parameters (toggles) to control global defaults for per-object parameters:

  • Default Enable Compose Functionality: Controls whether the Compose functionality is enabled by default when creating new data sources.

  • Default Mark Attributes as Sensitive: Controls whether new attributes (columns) are marked as sensitive by default. When enabled, newly discovered attributes will automatically be flagged as containing sensitive data.

  • Default Maximum Rows to Scan: Sets the default maximum number of rows to scan during profiling for newly created schemas and tables. This controls how many rows the profiler will examine to generate statistics and samples.

  • Default Maximum Sample Rows to Store: Sets the default maximum number of sample rows to store from profiling for newly created schemas and tables. These sample rows are used to provide data previews and examples in the catalog.

  • Default Profiling Sampling Enabled: Controls whether profiling sampling is enabled by default when creating new schemas and tables.

  • Default Skip View Profiling: Controls whether view profiling is skipped by default when creating new schemas.

  • Display Table Names in BI Datasource Fields: When enabled, a new column will appear in BI datasource field tables to show the source table names for each field.

Admins can now edit defaults for per-object parameters on the data source level. These settings can be accessed via the Per-Object Parameters tab on the data source settings page. The settings will only affect newly ingested objects and will not override or cascade down to previously set per-object parameters on existing schemas, tables, or columns. These settings are only available in the New User Experience. The following per-object parameters can be set on the data source level:

  • Browsable: Whether objects in this data source will be viewable and searchable in the UI by default

  • Sample: Whether the objects in this data source will be sampled and profiled by default

  • Skip Views: Whether to skip views when profiling

  • Sensitive: Whether to mark objects in this data source sensitive by default

  • Max Rows To Scan: Number of rows to profile

  • Max Rows To Store: Number of rows to store from profiling

The following settings are adjustable via the Per-Object Parameters tab of the data source settings page in the Per-Object Parameters table:

  • Schema sensitivity: whether tables and attributes under the schema will be marked as sensitive

  • Schema sampling query: the default query that will be used for sampling and profiling

  • Table sensitivity: whether columns under the table will be marked as sensitive

(AL-219591)

Improvements

  • AL-227012: A new feature flag to enable Agent Studio has been added to the Feature Configuration admin page, accessible only by users with the Server Admin role.

  • AL-225786: Multiple security enhancements for the Authentication Service:

    • Base Docker Image: Updated to 2.3.0.

    • AWS SDK: Upgraded to 2.35.7.

    • Log4j: Upgraded to 2.25.3.

    • gRPC: Upgraded to 1.75.0.

    • Lombok: Upgraded to 1.18.34.

    • Multiple relevant internal libraries updated to newer, more secure versions.

    • Added rules to enforce the use of these safe versions, preventing older dependency versions from being introduced.

  • AL-222819: Improved the display of error messages in Compose execution results. Multi-line error messages now properly preserve line breaks and formatting, making database errors easier to read and troubleshoot. Long error messages will wrap appropriately without truncation, providing better visibility into query execution issues.

  • AL-222636: Fixed an issue where OAuth/MSAL email authentication could fail when retrieving cached tokens from Redis. Users configured with Microsoft 365 OAuth for email notifications may have experienced intermittent authentication failures when the system attempted to reuse cached OAuth tokens. Users with Microsoft 365 OAuth email configuration should now see reliable email delivery without token retrieval errors. This fix is applied automatically with no configuration changes or migration steps needed.

  • AL-194932: Previously, when the skip views option was enabled for a schema in the Per-Object Parameters tab, then sampling would be skipped for all views under a particular schema. This led to already sampled data for the schema not getting updated even if the Run Sample button was clicked. As a solution, we now disable the Run Sample button on the Sampling tab for any table or view if the skip views option is enabled. Also, a tooltip was added with information on why the Run Sample button is disabled.

Bug Fixes

  • AL-224236: Added explicit, application-level timeouts for calls to Alation’s catalog service. This change mitigates critical failure modes during unforeseen service disruptions, such as 504 responses from the web server, web server startup failures, or hanging Celery tasks that can cause queue backlogs.

  • AL-223677: The Metrics Celery worker has been updated to read metrics from Redis in batches. This prevents CPU exhaustion in the shared Redis cluster, mitigating the potential for Alation Cloud Service tenant downtime.

  • AL-215015: Addressed performance issues when loading Object Set fields with a large number of items (more than 50), improving load times for document catalog pages. The optimization involves preloading the necessary metadata for objects in the Object Set, which reduces the number of database queries and lookups required during serialization, resulting in faster response times for the internal API.

  • AL-191966: Resolved a stored Cross-Site Scripting (XSS) vulnerability related to uploaded media files. This issue could potentially allow unauthorized JavaScript code execution through specially crafted SVG images, even with existing upload filters in place. The system now strictly blocks JavaScript execution within uploaded media files (including SVG files used for homepage customization) when users access them directly through media server URLs. The implementation of a stricter Content Security Policy (CSP) prevents attackers from exploiting malicious embedded scripts to perform unauthorized actions.

RELEASE 2026.2.0.0

Released February 17, 2026

Note

This release is for Alation Cloud Service instances.

Enhancements

  • AL-209626: Improved the Alation Analytics ETL performance for incremental data extraction:

    • Enhanced the incremental ETL extraction logic to use hour-level precision for the extraction start time. Previously, multiple ETL runs on the same day would redundantly reprocess data from midnight. Now, each run starts from the hour of the last processed timestamp, eliminating duplicate processing and improving overall ETL performance.

    • Impact:

      • Faster ETL run times when multiple extractions occur within the same day

      • Reduced compute resource usage

      • No action is required: this improvement is applied automatically

  • AL-223552: When the Lexicon flag is disabled, the Lexicon feature is fully hidden and cannot be accessed or run from the UI or settings.

Bug Fixes

  • AL-213747: All catalog objects now display up to 100 tags in the UI, addressing user concerns about mismatch on tag visibility between the UI and Alation Analytics. Previously, the catalog page UI was creating some confusion on the number of tags visible under the tags section which was caused by previous truncation at 20 tags. With this change, users can now see up to 100 tags without truncation and get the exact count of tags applied to an object. For objects with more than 100 tags, the UI will still truncate the display but this is expected to cover most use cases effectively.

  • AL-207603: Fixed slow loading times for Published Queries and Query Run History on schema and table catalog pages. Previously, the loading of Published Queries or Query Run History could be slow, especially for queries with multiple collaborators. Now, these sections load significantly faster due to optimized data retrieval.

  • AL-222072: Fixed an MDE custom field extraction failure caused by duplicate object field data being passed to the internal update_custom_fields_in_bulk interface from the custom field link downstream job.

  • AL-220064: The Run Sample button on table profiling pages is now restricted based on user role.

    • Users with Viewer or Explorer roles can no longer see or access the Run Sample button and connection controls.

    • Users with Composer, Steward, Source Admin, Catalog Admin, or Server Admin roles retain full access to the sampling functionality.

  • AL-208513: Fixed pagination with count mismatch issues on tagged items listing on the Tag page. This fix addresses inconsistencies observed in Neo and Classic User Experiences. The issue was primarily due to inflated counts from deleted items and pagination logic errors. While the deleted items don’t show up in the listing, they were counted towards the total, leading to a mismatch between the displayed count and actual items. The fix involved refining the pagination logic to accurately reflect only non-deleted items, ensuring consistency across different UI experiences. Note that during page load, there might still be minor discrepancies in counts due to asynchronous data fetching, but these will resolve once loading is complete.

  • AL-215849: Fixed the RST_STREAM error encountered during the table profiling/sampling job.

  • AL-165519: When scheduled queries fail to run because query scheduling is disabled or not supported by the data source, users will now see clear error messages in the query execution history instead of the queries incorrectly showing as running.

  • AL-222332: Alation has been only allowing http and https schemes as the redirect URI for the OAuth application configuration. Now, this can be configured to support custom schemes such as cursor. Customers can file a support ticket to add a custom scheme as needed.

  • AL-222065: Fixed a font rendering inconsistency in the Compose Sapphire theme when the Public Sans font couldn’t be loaded and the interface would fall back to the browser’s default font. Users who previously experienced a fallback to system default fonts (like Times New Roman) when Public Sans was unavailable now see appropriate sans-serif fonts. This change ensures users see appropriate sans-serif fonts that maintain Alation’s visual design standards.

  • AL-217891: Fixed an issue where the lineage service wasn’t starting when a custom password was set by the customer.

  • AL-200379: Fixed an issue when users select to run queries and ignore errors in Compose.

  • AL-228846: Fixed an issue where Ask Alation exposed restricted custom field definitions and their picker options to unauthorized Viewer users, by updating the custom field list API (/api/v1/custom_field/) to strictly respect field-level view permissions when called without specific object context.

  • AL-228276: Fixed an issue where Query Log Ingestion (QLI) jobs stalled while waiting for ingestions due to broken URLs and incorrect fingerprint lookups for queries spanning multiple datasources, by updating cross-datasource expression template fingerprints and Joins tab URLs to use the correct per-schema datasource ID instead of the primary query datasource.

PATCH RELEASE 2026.1.0.1

build 22.0.0.129077

Released February 13, 2026

Note

This patch release is available for Alation Cloud Service instances on the cloud-native architecture. It doesn’t apply to customer-managed (on-premise) deployments.

  • Fixed an issue where hanging calls to the catalog service caused critical service disruptions. These disruptions included 504 errors, web server startup failures, and Celery task backlogs. The patch adds explicit, application-level timeouts for all catalog service requests so the system remains responsive even during unforeseen service interruptions. (AL-224236)

  • Fixed an issue where high CPU usage in shared Redis (ElastiCache) clusters could lead to application blocking and downtime. Updated the metrics Celery worker to read data from Redis in batches. This change significantly reduces the processing load and improves the stability of the caching layer. (AL-223677)

RELEASE 2026.1.0.0

build 22.0.0.129077

Released February 5, 2026

Note

This release is available for all Alation instance types: customer-managed (on-premise) and Alation Cloud Service.

In this release:

New Features

Search Filter Customization

Alation Cloud Service, Customer Managed

With Search Filter Customization, admins can define to show only the relevant set of filters on the left side filter panel on the Search page to different groups of users, reducing the time to navigate through a large set of filters.

In Admin Settings > Customize Search Filters, Server and Catalog Admins can now create, update, duplicate, and delete custom search filters and scope them to specific user groups, enabling more relevant and targeted filtering experiences across teams.

To assign groups, admins assign Applicable Groups to each custom filter. Users see only the filters relevant to their groups in the full-search left panel, while users without an assigned group fall back to the Default Filter settings (which cannot be deleted). Each group can be assigned to only one filter setting; if a user belongs to multiple groups, visible filters are combined and hidden filters are applied conservatively. (AL-213373)

URI Override for Data Product Chat

Alation Cloud Service

Added support for specifying a URI override during data source authentication when chatting with data in a data product. The new text field allows users to provide a custom URI with parameters that differ from the default Delivery System URI, enabling greater flexibility in how connections can be established for Chat queries. (AL-215922)

Data Quality Standards

Alation Cloud Service

Introducing reusable, policy-driven data quality standards that make it easy to define, apply, and scale consistent quality rules across your most critical data assets. Data Quality Standards help ensure shared expectations between data producers and consumers, reinforce governance policies, and improve trust by standardizing how quality is measured and enforced across the organization. (AL-214457)

FinOps Reporting

Alation Cloud Service

Added Run Time charts in the Monitor details page to provide greater visibility into the cost and usage of your data quality monitoring. This feature provides clear insights into monitored assets, execution frequency, and overall consumption; helping teams optimize spend, forecast usage, and align data quality investments with business priorities. (AL-215984)

Alamigo in Compose

Alation Cloud Service

Alamigo is now supported in the Compose user interface. (AL-215359)

Support for Custom Content Security Policy (CSP)

Customer Managed

Alation now supports custom Content Security Policy (CSP) configuration for customer-managed (on-prem) deployments. This feature allows Server Admins to opt in to a more restrictive, security-hardened CSP to better protect against cross-site scripting (XSS) and other code-injection attacks, while maintaining compatibility with common third-party integrations. The restrictive CSP is disabled by default, so existing environments continue to use the current permissive policy unless explicitly enabled.

When turned on, the policy includes built-in support for widely used integrations. Administrators can also add custom trusted domains to support organization-specific integrations as needed. The feature is configured via two alation_conf settings: nginx.csp_custom_enabled (default False) to enable the restrictive CSP with default integrations, and nginx.csp_custom to specify additional trusted domains as a space-separated list. (AL-199087)

Integration API Debouncing

Alation Cloud Service, Customer Managed

Added support for debouncing public API integration jobs to reduce system load when processing small batch requests. When enabled via the alation.public_api.rdbms.integration.debounce_interval configuration flag, multiple calls to the RDBMS ingestion public APIs (/integration/v2/schema/, /integration/v2/table/, and /integration/v2/attribute/) are debounced and processed together, improving efficiency for high-frequency API usage patterns. (AL-219625)

Configurable Rich Text Field Truncation for Alation Analytics

Alation Cloud Service

For Alation Analytics, you can now enable configurable truncation of large TEXT and RICH_TEXT fields during Alation Analytics extraction to prevent extraction failures and out-of-memory errors caused by extremely large rich-text content. Truncation is only applicable to custom fields.

When the feature flag alation_analytics-v2.extract.rtf_text_truncation is enabled, TEXT and RICH_TEXT values are truncated during extraction to the size specified by alation_analytics-v2.extract.rtf_truncation_limit_in_bytes (default: 1 MB).

Truncation affects analytics extraction only and does not modify catalog data. This feature is disabled by default. (AL-186350)

Enhancements

  • Updated the Admin user interface for Data Product entitlements to ensure the data product widget is displayed only when the Data Product feature flag is enabled, preventing unintended visibility when the feature is turned off. (AL-215425, Alation Cloud Service)

  • Previously, only Server Admins could see and change the SSO configuration dropdown in Data Products, which limited delegated management. We’ve expanded visibility and adjusted the permission checks so that Data Product Admins who hold a role consuming the Creator license can now select and configure SSO for their data products without needing full Server Admin rights. (AL-219624, Alation Cloud Service)

  • Removed the hard limit of 1,100 data sources in the upstream or downstream connections selector in Lineage settings and updated the component to scale better. Instead of loading all sources client-side, the selector and search are now powered by the Catalog Search API, which may surface broader (partial) matches in addition to exact matches. Results are now paginated, loading 50 items at a time, with Load More and Load Previous controls, and search can be used to quickly find specific data sources in large environments. (AL-207090)

  • If the customer is using PrivateLink or Dedicated Access, Alation now displays an alternative user interface with the correct URL of the dedicated forward proxies. The option to use the shared proxies still exists. (AL-183194, Alation Cloud Service)

  • Optimized the ETL extraction for Domains and Object Sets to use an incremental strategy. Previously, these objects were fully refreshed during every ETL run. (AL-203338)

Bug Fixes

  • Fixed an issue where non-admin users could edit picker fields added to a domain template when the Unified Tags feature flag was enabled. Picker field editability on the Domain catalog page is now correctly enforced, ensuring that only users with appropriate roles can modify these fields. (AL-220530)

  • Fixed an issue where the SCIM token creation section did not appear in Admin Settings even after SCIM was enabled. The SCIM token section now correctly displays in the Auth tab when directory sync is enabled (user_group_management.sync_from_directory_provider.enabled = true) and the sync protocol is set to SCIM (user_group_management.sync_from_directory_provider.protocol = scim).

  • Fixed an issue where private dbt objects appeared in search results for Stewards but returned a 403 error when opened. Search query filters now respect granular permissions, ensuring users only see DBT objects they are authorized to access. (AL-218010)

  • Fixed a document editing issue by ensuring a document page honors and applies permissions inherited from its immediate parent folder. When a document inherits permissions, the parent folder’s edit or view rules are now enforced correctly on the document. (AL-217718)

  • When Unified Tags are enabled, duplicate Picker custom field names are now restricted consistently across both the Custom Fields UI and the public Custom Fields API. Other field types (such as Multi-Picker, Date, Rich Text, and Object Set) can be created or updated without restrictions. The public API now enforces the same duplicate-name validation as the user interface, preventing bulk creation or updates of picker fields that conflict with existing picker field names. (AL-216970)

  • Fixed an issue where @-mentioned objects in catalog descriptions (rich-text custom fields) were not rendering correctly in notification emails for Stewards. Mentions now display as expected in notification emails. (For article objects, title hydration is skipped since they are being phased out to avoid unnecessary performance overhead.) (AL-216654)

  • Fixed an issue where the SCIM token section was visible in the Auth tab of Admin Settings even when the SCIM feature was disabled. The section is now hidden unless the required SCIM feature flags are enabled, and the token status message has been updated to clearly read “The token expired on <time>” when a token has expired. (AL-216220)

  • Fixed an issue where the SCIM token expiry banner appeared in the New User Experience UI even when SCIM sync was disabled. The banner is now shown only when directory sync is enabled (user_group_management.sync_from_directory_provider.enabled = true) and the sync protocol is set to SCIM (user_group_management.sync_from_directory_provider.protocol = scim). (AL-216030)

  • Fixed an issue where the statement was not displayed on the execution results page if {""} appeared in comments or elsewhere within the statement. (AL-215356)

  • Fixed an issue in Bulk Management document imports where uploading documents to a Document Hub folder could appear successful in the user interface but fail in the error report with a NoneType object has no attribute replace message. The document creation flow now correctly handles cases where title and description field IDs are present in the header row, ensuring imports complete reliably. (AL-215211)

  • Fixed an issue where enabling the Unified Source Tags feature flag caused the migration script to fail with a duplicate key value violates unique constraint unique_source_tag error. The migration now correctly handles duplicate tag entries, which can occur when source tags are recreated in Snowflake, ensuring the unified tags migration completes successfully. (AL-215018)

  • Resolved performance issues on the Alation Analytics ETL Status Dashboard that caused 504 Gateway Timeout errors due to slow queries exceeding load balancer limits. The ETL status query was optimized by removing unnecessary joins and consolidating timing data to use etl_metrics as the primary source, reducing execution time from over 60 seconds to under 1 second. (AL-214624)

  • Addressed CIS Docker Benchmark recommendations. For customer-managed installations, inter-container communication (ICC) is now explicitly disabled on the default Docker bridge to further restrict network traffic, even though the default bridge is not otherwise used. For both Alation Cloud Service and Customer-managed deployments, the ADD instruction in Dockerfiles has been replaced with COPY in the base transform image used by Alation Analytics. (AL-214329)

  • Fixed a bug affecting CSV metadata uploads for Virtual Data Sources where the has_user_defined_multipart_schema_names field was incorrectly initialized as None. The field is now explicitly set to False by default when data sources are created via the API, ensuring metadata uploads work as expected. (AL-214242)

  • Previously, some SAP BO reports were still missing lineage even though their queries referenced HANA models. This update correctly handles nested prompts enabling lineage for the affected reports. (AL-213112)

  • Fixed an issue where the Lineage chart did not switch to Incremental load even when it was set as the default. Lineage now correctly applies user preferences on first load. (AL-210722)

  • Fixed an issue where newly created subfolders always defaulted to public access regardless of the parent folder’s permissions. Subfolders now copy the parent folder’s access settings at creation time, ensuring consistent access control. Permissions are cloned at subfolder creation time, not dynamically inherited (unlike document inheritance mode permission). Existing subfolders retain their current permissions unless updated manually. (AL-210101)

  • Fixed an issue where scheduled queries for RDBMS data sources could fail and cause the active queue to back up. The scheduler now detects Daylight Saving Time (DST) transitions to prevent duplicate executions. (AL-209796)

  • Fixed an issue where a single-reference field could end up containing multiple links after a linked document was deleted and later restored. The reference field now enforces its one-to-one relationship by replacing any existing reference (including soft-deleted ones) when a new reference is added, preventing duplicate links and ensuring consistent behavior. (AL-209373)

  • Fixed a potential HTML injection issue in Workflow Center (Classic User Experience) where the workflow creation success message could render HTML content from the title. The snackbar alert now sanitizes HTML content, aligning behavior with the New User Experience. (AL-208704)

  • Updated the Classic User Experience to enable Alamigo integration that can detect configuration issues and Metadata Extraction (MDE) job errors for supported connectors and provide guided, in-product assistance to help Admins resolve problems quickly.(AL-207941)

  • Fixed an issue where the ETL job for the data_products_searches analytics table failed due to a unique constraint violation on search_id. The job now correctly handles cases with empty search_id values, preventing constraint violations and ensuring the load to the dimension table completes successfully. (AL-207936)

  • Fixed a permissions issue where Catalog Admins with the correct custom field access were unable to upload a data dictionary for BI data source objects when updating descriptions. The data dictionary upload flow now correctly honors BI asset permissions, preventing errors like “You do not have permission to edit catalog object”. (AL-207096)

  • Fixed an issue where Lineage continued to display catalog objects that were deleted, which confused users because those objects no longer appeared in the catalog user interface. With this change:

    • Soft-deleted (“GONE”) objects are hidden from lineage charts by default, so the lineage view matches what users expect to see in the Catalog.

    • Hard-deleted objects will still appear as temporary (“TMP”) objects in lineage charts (since lineage may still reference them).

    • Users can view soft-deleted objects in lineage charts by enabling the Show Gone objects filter. (AL-201146)