Skip to main content
Version: 2.6.1

MaestroHub 2.6.1 Release Notes

MaestroHub 2.6.1 is a maintenance release on top of 2.6.0. It fixes an unexpected downsampling regression in the Data Explorer and dashboards, restores the in-app log viewer on upgraded installs, corrects a permissions check that blocked resource owners, and clears a handful of operator-experience papercuts across UNS, Store & Forward, connectors and pipelines. It also reorganizes the built-in roles around separation of duties — adding Identity Administrator and Security Administrator roles and focusing Organization Administrator on operating the org (see Role Management & Access Control below, including the note for upgraders). Your pipelines, connectors and dashboards from 2.6.0 continue to work unchanged.

What's Fixed in 2.6.1

Data Explorer & Dashboards

  • Historical Data Records no longer downsampled — In the Data Explorer Historical tab and dashboard table panels, the record list now returns every record in the selected time range (cursor-paged), instead of thinning out as the time range grew. Previously, widening the interval could drop rows even with far fewer than 1000 records, so the visible count shrank unexpectedly.
  • Sampling is now labelled on charts — When a chart downsamples or aggregates data for display, the panel now annotates that it is showing a sampled/aggregated view, so the reading is never mistaken for raw data.
  • Stat / Gauge panels read nested fields — Stat and Gauge panels now correctly resolve nested field paths (e.g. a.b.c), so panels bound to a nested value display it instead of coming up empty.
  • Topic delete is safer — Deleting a topic that still has child topics is now blocked with a clear conflict instead of partially removing the subtree; cascade deletes evaluate the full subtree first.
  • Schema history dialog — The schema-history dialog renders correctly in dark mode and on smaller screens.
  • "Explore Data" from a panel opens the right place — A panel's "Explore Data" action used to open a missing page (404); it now lands on the Data Explorer with the panel's topic selected. Deep links to nested topics — from panels, search and the dependency graph — now expand the tree to the target instead of doing nothing.

Store & Forward

  • Delivery-mode picker only where it applies — The per-node delivery-mode picker is now shown only for output operations that can actually be buffered, removing a misleading choice on operations that never route through Store & Forward.

Connectors

  • Test action honours the configured timeout — Running a function from the Test action now respects the function's configured timeout instead of using a default.

Pipelines

  • Kebab menu no longer jumps to the designer — Clicking an item in a pipeline row's "⋮" actions menu (for example, Select) no longer falls through to the row and opens the pipeline designer.

Permissions

  • Resource owners can edit their own resources again — A user whose only access to a resource came from creating it (for example, an Analyst editing a dashboard they own) was incorrectly denied (403) on every change — adding, updating or removing panels, renaming, and deleting. Owner- and share-based permissions scoped to a specific resource are now enforced correctly.

Observability & Logs

  • In-app log viewer restored on upgraded installs — On installations whose log database predated the migration switchover, the /logs viewer could silently show nothing while console logging kept working. The migration is now idempotent, the log store survives the upgrade, and the failure is surfaced loudly if it ever recurs. Recovery is automatic on restart, with no data loss.
  • Snappier, correctly-scoped Instance Overview — The monitoring Overview composes in a single request, and is scoped to the organizations you currently have access to.

Role Management & Access Control

  • New Identity Administrator and Security Administrator rolesIdentity Administrator manages people and access (users, identity providers, OAuth2 clients, the role catalog, and groups) without touching the org's data or resources. Security Administrator is Identity Administrator plus the ability to reveal secret values and read the audit trail. Both are available on every edition. They exist because users are shared across organizations, so the high-impact identity actions (delete, suspend, reset password, impersonate) were moved off the tenant-scoped Organization Administrator role to remove cross-org blast radius. Upgrading: Organization Administrator no longer manages users, IdPs, roles or groups on its own — to keep the previous "manages everything in the org" behavior, assign Organization Administrator + Identity Administrator (use Security Administrator instead if the same person should also reveal secrets and read audit logs).
  • "Platform Admins" is now "System Administrators" — The screen that grants unrestricted platform-wide access is renamed to end the long-standing confusion with the separate (now-removed) internal "Platform Admin" role. There is now one admin concept per scope; the access it grants is unchanged.
  • Personal Access Tokens can no longer exceed your own permissions — Fixed a privilege-escalation issue where a user could create a Personal Access Token with scopes broader than their role and use it (for example through the MCP integration) to perform actions their role forbids. Token scopes are now validated against the full set of actions each scope grants — both when creating a token and in the scope picker.

Getting Started

Download a native binary or pull the Docker image and follow the Getting Started guide to have MaestroHub running in minutes.