Skip to main content
Version: 2.6.0

MaestroHub 2.6.0 Release Notes

MaestroHub 2.6.0 is a milestone release focused on trusting your data on the way out, and trusting your data on the way in. It promotes Store & Forward to its own operator surface with a dedicated landing page, DLQ inbox, per-binding signals and capacity controls; introduces Schemas as the canonical way to describe payload shapes (formally deprecating Models); ships Alerts & Violations as a first-class in-app feed driven from the publish path; lands a full Lineage Navigator that answers "why is this number?" across the topic graph; and adds six new connectors plus a long list of correctness, performance and operator-experience improvements.

Highlights

  • Store & Forward becomes its own product surface — A dedicated landing page with Overview / Failed messages / Buffers / Capacity & Limits tabs, a structured Failed-messages drawer (payload + error read before any replay), single and bulk replay/purge, a per-buffer net drain-rate signal, an Emergency pause (kill switch) toggle, capacity & quota controls, and an in-context audit trail. Each output node also picks its delivery mode — buffer on failure (default), always buffer, or don't buffer. No more hunting through connection details to understand what is stuck and why.
  • Schemas replace Models — A new schema editor with split-pane authoring, tree-shaped attributes, complex-type support (struct, array, map, ref<id:v>), inline validation and bitemporal history. A library of canonical-YAML schemas is seeded at boot; the platform can even propose a draft schema from a topic's recent payloads. Models are deprecated: UNS Schemas are now the field source for the payload-builder node (renamed to Build Payload), and the legacy Models page is removed.
  • Alerts & Violations — A first-class in-app feed driven from the publish path, with a deadband to prevent flap, key-based deduplication that kills phantom rows, a breach gauge in the Detail cell, an alert:ack scope with topic-inherited visibility filtering, and a red-dot badge on the topic tree for unresolved violations.
  • Lineage Navigator — A new SVG-based horizontal flow view shows "why is this number?" across the whole topic graph. Auto-loads 5 hops, renders a compact trail with richer cards, surfaces seed errors instead of failing silently, and resolves UUIDs to readable names.
  • Six new connectors — Native Mitsubishi MELSEC (SLMP), Microsoft Fabric, Amazon SQS, Amazon SNS, ClickHouse and CANopen (CiA 301). BACnet adds a Read Group node with APDU-aware chunking and concurrency limits.
  • MCP for AI agents — New MCP tools (apply_changes, manage_schemas, manage_alerts) let agents make partial pipeline edits and manage schemas and alerts end-to-end with topic-visibility filters honoured.
  • System status verdict — The Overview header stops guessing. A new server-side verdict names the culprits (entity names, problem-pipelines table, remediation text) instead of showing a generic "All clear" or "Something's wrong."
  • HTTP base path support — The UI can now be served under any sub-path, which unblocks deployment under reverse proxies and the Siemens Industrial Edge appliance.
  • Guided walkthroughs everywhere — New "How it works" walkthroughs on Connect, Pipelines, Store & Forward, Schemas and Alerts help new users get oriented without reading the docs.

Store & Forward — A Dedicated Operator Surface

Store & Forward is MaestroHub's safety net for outbound messages: when a destination is unavailable, messages are buffered to disk and delivered once it recovers, instead of being lost. In 2.6.0 it gets its own landing page — so operators can see what's buffered, what failed and why, and act on it, without digging through individual connection settings.

Learn more: Store & Forward

New landing page and entry points

  • A new Store & Forward landing page with Overview / Failed messages / Buffers / Capacity & Limits tabs.
  • Entry points in the pipeline designer toolbar and from connection rows.
  • Per-pipeline scope filter on the landing page, plus per-pipeline drill-down.
  • The obsolete Buffer tab and Store & Forward drill-down on connections is gone.

Per-node delivery mode

  • Each output node now chooses how Store & Forward applies, right in the pipeline designer: Buffer only on failure (default — try the destination first, buffer only if it fails), Always buffer (every message goes through the buffer first), or Do not buffer (send directly; no safety net).
  • Only write operations are eligible — reads and lookups never route through a buffer.

Failed messages (DLQ) inbox

  • Structured drawer: payload and error are read before any replay or purge decision.
  • Single and bulk replay / purge with two-phase claim/finalize for crash- and race-safe semantics.
  • Operator replay action plus a reconciler queue-drain on orphan TTL.

Buffers tab

  • Per-buffer net drain rate signal, with a chip that no longer flaps at the stuck threshold.
  • Buffer state actions: pause, resume, drain (stop accepting new), purge (discard buffered).
  • Auto-transition Draining → Dead when the queue empties, plus a transient Dead state so purged buffers can be recreated.
  • Buffer health projector (Blocked / Stalled / No input / Idle …) replaces the legacy "stuckWorkers" warning.
  • Substrate queue depth is surfaced on the Buffers tab.

Capacity & Limits tab

  • Emergency pause (kill switch) toggle plus capacity / quota writes.
  • In-context audit trail on the Capacity & Limits tab.
  • Quotas are correctly org-scoped, and current usage is derived live from the substrate.
  • Connection rollup on the Overview tab.

Operator messaging

  • A new "How Store & Forward works" guided walkthrough on the landing page.
  • Plain-language labels, inline help and dismissible explainers across the page.
  • A buffering pill appears on connector nodes when Store & Forward is stuck.
  • Pipeline and connection names appear instead of UUIDs across all Store & Forward tabs.

Message delivery reliability

Connectors now classify every failure as either temporary or permanent before deciding what to do with the message:

  • Temporary failures (broker unavailable, network timeout) — the message is held and retried automatically.
  • Permanent failures (invalid payload, access denied, message too large) — the message is sent to the dead-letter queue for inspection.

Previously, some temporary failures were misclassified as permanent, causing messages to be silently discarded. This three-state classification covers all supported protocols, including Kafka, all SQL databases, AWS services, Azure, Redis, RabbitMQ, MongoDB, Cassandra, SMB and MELSEC.

Durability subsystem (under the hood)

The engine behind Store & Forward was reworked for production: a circuit breaker stops hammering a destination that keeps failing, per-binding disk quotas keep one stuck route from filling the disk, retries on drain are bounded so messages can't loop forever, and failures that used to be swallowed — including failures to buffer in the first place — are now surfaced to operators. Store & Forward also extends to cloud egress destinations, the total disk budget is configurable, and the subsystem gains its own durability:read / durability:write permission scopes.

Schemas (Replaces Models)

A schema describes the shape of a topic's data — its fields, their types, and the constraints each must satisfy. In 2.6.0, UNS Schemas become the standard way to define this, and the foundation for two features built on top: the Alerts & Violations feed and the Lineage Navigator.

Learn more: Schemas

New schema editor

  • Split-pane authoring with tree-shaped attribute editing.
  • Complex types: struct, array, map, ref<id:v>.
  • Inline validation, traits picker, semantic IDs, sampling hints and an AssetType marker.
  • Edit-existing-version preview: see the compatibility bump before saving.
  • First-time intro to teach the structure on first visit.

Schema lifecycle

  • Schemas are a first-class resource with their own schema:* permission scopes.
  • Bitemporal history: a schema-history dialog and AS-OF endpoint let operators view past versions for audits.
  • Canonical YAML support across refs, inheritance and object kinds.
  • Inheritance: extends and traits are functional via the inheritance resolver — schemas compose without copy-paste.
  • Read-time migration: a CEL evaluator and chain walker keep old payloads compatible without rewrites.
  • Deep ref<> validation: values validate against the target schema.

Schema library and discovery

  • A library of canonical-YAML schemas is seeded at boot, with logical attributes and descriptions to help new tenants get started.
  • The seeded system-schema library is visible to organizations.
  • Suggested schemas: MaestroHub can propose a draft schema from a topic's recent payloads.
  • Topic-binding pill: bind a topic to a registry schema directly from the data-explorer header.
  • Schema picker dedupes options to one entry per name@major; nested types are discoverable from the attribute-type dropdown.
  • Schema chips resolve ref<id:v> to readable schema names in the detail pane.

Models deprecation

Models is deprecated and replaced by UNS Schemas.

  • UNS Schemas become the field source for the payload-builder node, and the legacy Models page is removed.
  • The "Data Instance" palette item is renamed to Build Payload to match the canvas.
  • The "Data Serializer" palette item is renamed to Convert to File for the same reason.
  • Existing pipelines continue to work; only the visible labels change.

Alerts & Violations

Once a schema defines what a topic's data should look like, MaestroHub can flag when reality doesn't match. Violations are payloads that break their schema; alerts fire when a value crosses a threshold you've configured. In 2.6.0 both graduate out of Beta into a first-class in-app feed, evaluated on every publish.

Learn more: Alerts & Violations

What gets generated, where

  • Publish-path schema validation produces typed schema.violation events.
  • Publish-path alert evaluator with a deadband to prevent flap produces typed alert.fired events.
  • AlertConfig editor in the schema authoring dialog defines the rules.
  • Bulk publish runs schema validation and alert evaluation per record, so bulk publishes participate in the same pipeline.

The in-app feed

  • A new Alerts and Violations in-app feed lands and graduates out of Beta in this release.
  • Key-based deduplication stops flap-induced phantom rows.
  • Breach gauge in the Alerts table Detail cell shows the offending value relative to the configured threshold.
  • Readable typography on the Alerts and Violations tables.
  • Retention sweep for the in-app feed tables keeps the store bounded.
  • Webhook delivery for alerts/violations is retired in favour of the in-app feed plus the existing webhook subsystem.

Visibility, permissions and operator surfaces

  • alert:ack scope with a topic-inherited visibility filter on the alerts feed.
  • Topic tree red-dot badge for unresolved violations.
  • Violations and Alerts panels in the Topic Dashboard tabs, so the per-topic view shows them in place.
  • Overview card has an active-alerts pill alongside the data-quality strip.
  • Alerts tab is reordered to sit to the left of Violations in the workspace tabs.
  • A new "How alerts work" guided walkthrough on the Alerts page.

Programmatic surface

  • New manage_alerts MCP tool for AI agents, with topic-inherited visibility honoured.

Lineage Navigator

The Lineage Navigator answers the single most-asked operator question — "why is this number?" — across the entire topic graph.

Learn more: Lineage Navigator

The flow view

  • Single-hop lineage trace endpoint as the foundation.
  • Lineage navigator UI — "why is this number?" lands as a tab on the topic dashboard.
  • Horizontal flow view: the full chain is visible at once.
  • SVG-driven, no canvas: predictable rendering, zoom and accessibility.
  • Auto-loads 5 hops with a compact trail and richer cards.

Read clarity

  • Lineage tab seeds with the full topic path and surfaces seed errors instead of failing silently.
  • UUIDs resolve to entity names in the Lineage tab.
  • The Lineage record card is redesigned for legibility.
  • "View dependencies" shows the right entity and its name.

Provenance on the wire

Lineage is only as good as the provenance carried by each value. 2.6.0 makes provenance a first-class column from day one.

  • The wire contract carries provenance (the engine fills in the pipeline ID).
  • The validator stamps the transform applied from binding transforms.
  • The standalone Source field is retired in favour of a single provenance source of truth.
  • Provenance round-trips end to end, verified with a dedicated test.
  • Engine pipeline publishes stamp derived-from provenance, and pipeline lineage reads its trigger topic from message metadata.
  • A full input accumulator backs pipeline lineage.
  • The live chart shows Quality and Provenance with parity to the historical chart.

New Connectors

Mitsubishi MELSEC (SLMP)

Native SLMP (Seamless Message Protocol) client for Mitsubishi PLCs. Read, write and bulk read across binary frame and ASCII frame, with no kernel-level dependencies. Works across Q/L and iQ-R series devices.

Microsoft Fabric (OneLake)

Read and write files on Microsoft Fabric OneLake for unified analytics. Includes clear error messages for common authentication and path failures, and a consistency check that prevents mixing workspace and lakehouse identifier formats.

Amazon SQS

Publish to and subscribe from Amazon SQS queues in a pipeline. Uses the same AWS credential model as the existing SNS and Lambda connectors.

Amazon SNS

Publish to Amazon SNS topics from a pipeline, joining the existing AWS family (Lambda, S3).

ClickHouse

Native ClickHouse connector for high-throughput analytical writes and queries, with read and write pipeline nodes, a schema browser, a query board and batch-insert support. Works with self-hosted ClickHouse and ClickHouse Cloud.

CANopen (CiA 301)

Native CANopen connector for industrial fieldbus integration.

BACnet improvements

  • New Read Group node with APDU-aware chunking, a configurable concurrency limit and ephemeral local ports — large building-automation reads no longer require manual batching.
  • The Read Group picker is correct and scales to large discoveries.
  • BACnet/IP is re-enabled on permissively-licensed runtimes.

SMB

  • SMB now follows DFS referrals across namespace roots and cross-link base paths, so clustered shares behave the same as direct paths.

MCP Tools for AI Agents

The MCP (Model Context Protocol) surface expands so AI agents can make meaningful changes through MaestroHub instead of just reading state.

  • apply_changes — Partial pipeline edits in a single round-trip. A matching HTTP endpoint (PATCH /pipelines/:id/changes) lets the same primitive be called from anywhere.
  • manage_schemas — Agents can author, version and read schemas.
  • manage_alerts — Authoring, ack and topic-inherited visibility.
  • Bulk operations are exposed via MCP across the entity surface.

Pipeline Designer & Engine

Designer

  • Copy pipeline definition as JSON from the row menu makes sharing pipelines as easy as sharing text.
  • Copy as JSON also lands on connections, dashboards and global functions.
  • The Build Payload palette term (formerly "Data Instance") and Convert to File term (formerly "Data Serializer") align labels with what the canvas already shows.

Engine

  • MCP apply_changes lets agents make partial pipeline edits in one round-trip, and the matching PATCH /pipelines/:id/changes HTTP endpoint makes the same primitive available to scripts and external systems.
  • Execution narrative: every outcome owns its surface — cancellations, timeouts, retries and successes all have a clear name in execution history.
  • Configured node timeout is honoured in Test Node (and the JS runtime).
  • JS evaluate supports a bare return 55; form.
  • Parquet serializer with self-describing provenance — large outputs ship with their schema attached, so downstream tools can read them without a sidecar.
  • System-wide bulk publish via the system.uns.publishBatch RPC — atomic bulk inserts into UNS.
  • Pebble + Parquet cold store for long-tail historian data.

UNS & Dashboards

UNS Publish Batch node

A new publishBatch pipeline node publishes an array of records to UNS topics in a single call. Compared to a forEach → publish pipeline, it is significantly faster for large arrays because all records are committed together in one write rather than one write per record.

The batch is all-or-nothing: if any record fails — due to a template error, a schema validation failure, or a permissions check — no records are written at all.

Camera Panel

Dashboards now support a dedicated camera panel type for displaying live video from IP cameras alongside chart panels.

  • Snapshot mode — MaestroHub fetches the image from the camera server-side and proxies it to the browser. The camera panel therefore works even on HTTPS deployments where the browser would otherwise block direct access to a plain-HTTP camera. Credentials are stored encrypted and never exposed in the browser.
  • WebRTC mode — For cameras connected through a WebRTC-capable gateway (such as MediaMTX), the panel establishes a persistent live-stream connection.
  • Configurable refresh interval — The snapshot poll rate is adjustable per panel, from sub-second to several minutes.

Dashboard Panel Library

Dashboard panels can now be saved to a shared library and reused across multiple dashboards. The library is browsable from the panel editor, so a panel defined once can be dropped onto any dashboard.

Learn more: Panel Library

Other UNS & dashboard improvements

  • Dashboards now read from an aggregated UNS endpoint, which makes large time-range views feel snappy.
  • Stat / Gauge panels show the selected field for string values.
  • Field Statistics moved inside the Live / Historical tabs and scoped correctly to the chart tabs.
  • Topic rename is now atomic across the subtree and refuses to rename if the topic is referenced.
  • Row-level org isolation for the typed-signal store.
  • Time-weighted average and KPI primitives (ratio, event count, state duration, CEL) join the aggregation model.

Dependency Graph

  • Smart landing — Opening the Dependency Graph with nothing selected now shows three suggested starting points — the most connected node, the highest structural-risk node, and the top hygiene concern — as click-to-focus cards. Previously the page opened blank.
  • Clear-focus fix — The Clear Focus button now reliably leaves the graph in an empty state. Previously it would immediately re-select the node that was just cleared.
  • Auto-stub names are populated, so the graph no longer shows empty entity IDs.

Observability & Monitoring

System status verdict

A new server-side verdict drives the Overview header. The page no longer guesses — it names the culprits (entity names, the problem-pipelines table) and renders remediation text. A healthy summary names what was checked instead of saying "All clear."

Overview

  • Single-org cockpit row replaces the redundant org grid in single-org mode.
  • Workload and Messaging panels merged; two non-actionable charts dropped.
  • Single-org Open button next to Connections; the issue row is hidden when healthy.
  • Translucent PageHeader sweep across workspace pages.
  • A Mission Control landing page with a Dependency Graph clear-focus fix.

Distributed tracing

A single trace ID now follows every request from the moment a user clicks in the UI through to the backend — across service calls, message-bus events and background jobs. Every log line carries the same trace ID, so diagnosing a slow or failed request no longer requires correlating unrelated log entries manually.

  • Browser-side OpenTelemetry so the trace originates in the UI.
  • Trace correlation across services, with logs-ingestion enrichment.
  • trace_id stamped on request-scoped logs across the platform.
  • Outbound-HTTP trace propagation.

Log improvements

  • Application and Access log views — The log viewer is split into separate Application and Access tabs for easier filtering.
  • Cleaner startup and shutdown logs — Redundant and misleading log lines during startup and shutdown have been removed.
  • Access log noise reduced — Fast successful requests are logged at a lower verbosity level (Debug), while slow or failed requests stay at Info, reducing noise without losing diagnostic information.

Metrics

  • JetStream telemetry bus and a shared messaging foundation.
  • Per-pipeline stats are served from the monitoring module, with the duration metric naming fixed. Pipeline duration metrics are now visible in the monitoring view on all editions.
  • Default MaxSeries raised from 500 to 10 000 to fit current emission.

Connections & Connection Health

  • Uniform 124 MiB file-size ceiling for connector reads and writes.
  • CA-verified TLS for Redis and RabbitMQ connections, MQTT connectors and the UNS external broker. When TLS was enabled without a custom CA certificate, the connection previously skipped certificate verification entirely with no warning; connections now validate against the system's trusted root certificates by default. The RabbitMQ connector form also gains dedicated fields for CA certificate, client certificate and server name.
  • OPC UA tolerates server certificates with negative serial numbers, and now reads custom struct nodes and arrays of structs in addition to scalar values.
  • Credential fields preserved on update — Editing a connection no longer clears credential fields that were not changed.
  • Functions list pagination — The functions list shows an accurate total count and paginates correctly for connections with many functions.
  • Function picker opens reliably on every connector form.
  • Deleted connection warning — Pipelines that reference a connection that has since been deleted now show a clear warning instead of failing silently.
  • State history no longer reports "reconnecting" after a connection has recovered.
  • Reconnect-failure logging prints a warning once per incident, not once per attempt.
  • Connect stat cards stop misreporting disconnected connections.
  • Clean shutdown — in-flight messages are allowed to finish on shutdown instead of being dropped.

Authentication & Authorization

  • Schemas are first-class resources with their own schema:* scopes.
  • Alerts have an alert:ack scope with topic-inherited visibility.
  • Standalone binaries enforce real authz via the SDK ClientGuard.
  • Empty-subject fail-closed with a pinned filter contract end-to-end.
  • System.Admin wildcard is honoured by allowed resource patterns.
  • Single-source platform-scope grammar across the product.
  • Plant operator and analyst roles no longer inherit pipeline:create via member.
  • Consistent role gating across the product.
  • Profile page: bulk permission actions in the personal-access-token creation dialog.
  • Role picker no longer offers unreachable roles, and disabled options explain where a role is actually granted.
  • Skip the avatar fetch when the user has no profile picture.

License & Deployment

  • License file upload: paste or upload the key on the license-apply screen.
  • Trial extension is solved synchronously — the dialog no longer hangs for minutes.
  • Preserve edition on configuration reload; allow extension during an active trial.
  • Per-app HTTP base path: the UI serves under any sub-path, which unblocks reverse-proxy deployments and the Siemens Industrial Edge appliance.
  • Telemetry transparency: the usage payload is documented in the Privacy tab, and telemetry can be fully disabled for air-gapped or Siemens Industrial Edge deployments.
  • Image signing: Cosign signatures, SBOM attachment and a Trivy scan gate.

UX & Workspace

  • Unified page-tabs component — one pill-style tab system for every page.
  • Custom page covers — Notion-style per-user page covers with six gradient presets and two wallpaper artwork presets; the cover becomes a desktop-style ambient wallpaper with zero vertical cost.
  • Shared "How it works" dialog powers all guided walkthroughs.
  • Guided walkthroughs: Schemas, Alerts, Store & Forward, Pipelines and Connect.
  • Tighter Connect wizard step 1 with a Function term and dropped redundant explainer cards.
  • Redundant explainer cards removed from the Pipelines list.
  • Tighter main sidebar rows, reclaiming vertical space on smaller screens.
  • Sidebar toggle restored — the collapse/expand toggle is visible and functional on all screen sizes.
  • Translucent PageHeader sweep across workspace pages.
  • Trial banner now has a real surface so it stays readable over wallpaper page covers.

Bug Fixes (User-Visible)

  • Modbus FC06 value placeholder in execution history is correct again.
  • Three silent data-corruption bugs in the engine's File Extractor are fixed. Files with decorative header rows before the actual column headers now extract correctly; files with duplicate column names (common in SAP/ERP exports) no longer silently drop one column's data; and column references match correctly when source headers contain extra whitespace.
  • Execution-history pipeline filter can now be cleared.
  • Audit-trail search: proper query and search debounce. Previously the search queried the wrong field.
  • SQL writes: auto-widen removed; insert failures are explained with a clear error message; the stale single-function cache is invalidated.
  • Secret fields are now merged properly on update.
  • Secure-context web APIs (clipboard, camera, geolocation, unique-ID generation) work on plain-HTTP and air-gapped deployments where the browser does not treat the connection as secure.
  • Live events: the WebSocket outgoing cap is raised to 5 MiB and oversize node payloads are truncated cleanly with a clear message.
  • Embedded JetStream stream budget now fits 4 GB hosts.
  • Designer: the metrics panel now shows only the percentiles it actually reports.
  • Connector logs: state-history failures and execute handlers no longer log at ERROR for normal user-connection state changes.
  • Dangling connection references in saved pipelines are signalled, not silently broken.

Notable Bug Fixes

  • MaestroHub Lite fails to start on 4 GB devices — An internal memory budget was set too high, preventing startup on resource-constrained hardware. Fixed.
  • OPC UA connections rejected for certain server certificates — Servers using certificates with negative serial numbers were incorrectly rejected. Fixed.
  • Pipeline execution history incomplete under load — Some execution records were silently dropped when the system was under write load. Fixed.
  • Large pipeline output drops the connection — Outputting a large payload from a pipeline node could cause the live-output connection to drop. The limit has been raised and oversized payloads are now truncated with a clear message.
  • License edition lost on configuration reload — Reloading the license configuration could reset the edition. Fixed.
  • Trial extension blocked during active trial — It was not possible to extend a trial while it was still active. Fixed.

Performance & Reliability

  • Topic auto-create hot path is hardened with cached schema and binding lookups on the publish hot path.
  • Pipeline compile cache preloaded at startup.
  • Bucket-based execution-history gate — fixes silent row loss under sustained load.
  • Accurate durations — execution and node timings stay correct even when the system clock is adjusted.
  • Engine cancellation observability — execution history explains outcomes, and logs stop misreporting.

Security & Privacy

  • TLS verification end-to-end for Redis, RabbitMQ, MQTT and the UNS external broker.
  • Cosign image signing with SBOM attachment and a Trivy scan gate.
  • Security scan triage: one XSS fix plus categorized false positives.
  • Standalone binaries enforce real authz via the SDK ClientGuard.
  • Empty-subject fail-closed plus a pinned filter contract.
  • Plant operator and analyst roles no longer inherit pipeline:create via member.
  • Periodic dependency and runtime updates, with security-scanner findings resolved and a migration off an unmaintained cryptography library.

Backward Compatibility

All pipeline configurations, connector configurations, role assignments and custom policies from 2.5.x continue to work without changes.

Models deprecation

Models is deprecated. UNS Schemas now own everything Models did. Existing model definitions are migrated to schemas at boot, and the Models page is removed. The Data Instance palette item is renamed to Build Payload, and Data Serializer is renamed to Convert to File — existing pipelines continue to work; only the visible labels change.

UNS historical data

UNS historian data is not migrated from 2.5.x. After upgrading, all previously recorded UNS topic history will no longer be accessible, regardless of which storage backend (Pebble or TimescaleDB) was configured. Topic definitions and live data are unaffected — only the stored historical values are lost. Back up any historian data you need to retain before upgrading.

TLS certificate verification for MQTT, Redis and RabbitMQ

2.6.0 enables full certificate verification for MQTT, Redis and RabbitMQ connections. If any of these connections are configured with TLS and use a self-signed or private CA certificate, the connection will fail after upgrading until the CA certificate is added to the connector's configuration. Connections using publicly trusted certificates or no TLS are unaffected.

Other notes

  • Standalone module binaries now enforce real authz via the SDK ClientGuard. If you call these binaries directly, ensure your service account has the right scopes.
  • Webhook delivery for alerts and violations is retired in favour of the in-app feed plus the existing webhook subsystem.

Getting Started

Download a native binary or pull the Docker image and follow the Getting Started guide to have MaestroHub running in minutes.