This release includes 1 breaking change for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+9 more
ReleasePort's take
Moderate signalThe gateway v1 implementation has been removed from the system.
Why it matters: Deprecation removes legacy API support; operators must migrate to gateway v3 before next release to avoid breakage.
Summary
AI summaryBroad release touches fix, feat, improvement, and pam.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Added support for custom GitHub hosts in self‑hosted environments. Added support for custom GitHub hosts in self‑hosted environments. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Feature | Medium |
Increased CMEK payload limit to 1 MB for KMS. Increased CMEK payload limit to 1 MB for KMS. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Feature | Medium |
Implemented async project deletion via soft‑delete and paced hard‑delete worker. Implemented async project deletion via soft‑delete and paced hard‑delete worker. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Feature | Medium |
Added IBM API Connect Dynamic secrets support. Added IBM API Connect Dynamic secrets support. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Feature | Medium |
Revamped provisioning UI to version 3 and added PingFederate SCIM documentation. Revamped provisioning UI to version 3 and added PingFederate SCIM documentation. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Deprecation | High |
Removed gateway v1 implementation. Removed gateway v1 implementation. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Bugfix | Medium |
Enforced slug schema on v3 gateway name to prevent invalid names. Enforced slug schema on v3 gateway name to prevent invalid names. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Bugfix | Medium |
Always display the "expires in" field for tokens/credentials. Always display the "expires in" field for tokens/credentials. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Bugfix | Medium |
Cap PAM session duration to the remaining grant lifetime. Cap PAM session duration to the remaining grant lifetime. Source: llm_adapter@2026-06-05 Confidence: high |
— |
| Bugfix | Medium |
Hide rotation UI for resources lacking rotation support in PAM. Hide rotation UI for resources lacking rotation support in PAM. Source: llm_adapter@2026-06-05 Confidence: high |
— |
Full changelog
What's Changed
- improvement: adjust project selection page tile styling by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6702
- fix(pam): hide rotation UI for resources without rotation support by @bernie-g in https://github.com/Infisical/infisical/pull/6711
- improvement: fix and improve assume identity components by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6696
- fix(vault): remove header when fetching secrets for vault v1 by @adilsitos in https://github.com/Infisical/infisical/pull/6709
- fix(gateway): enforce slug schema on v3 gateway name by @bernie-g in https://github.com/Infisical/infisical/pull/6678
- fix(pam): cap session duration to grant remaining lifetime by @bernie-g in https://github.com/Infisical/infisical/pull/6673
- chore: skip email verification whenever enforce sso is on by @Thiago-AS in https://github.com/Infisical/infisical/pull/6689
- feat(github): add support for custom GitHub hosts in self-hosted environments by @victorvhs017 in https://github.com/Infisical/infisical/pull/6715
- feat(kms): increase CMEK payload limit to 1MB by @bernie-g in https://github.com/Infisical/infisical/pull/6719
- feat: code signing revamp by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6680
- feat(overview-page): add a new alert to show requests by @adilsitos in https://github.com/Infisical/infisical/pull/6664
- fix(secrets-overview): check secret type on batch mode by @adilsitos in https://github.com/Infisical/infisical/pull/6728
- feat(api): async project deletion via soft-delete and paced hard-delete worker by @victorvhs017 in https://github.com/Infisical/infisical/pull/6723
- fix: make expires in field visible all the time by @mathnogueira in https://github.com/Infisical/infisical/pull/6663
- improvement: removed gateway v1 by @sheensantoscapadngan in https://github.com/Infisical/infisical/pull/6725
- feat: add tags to cli's secret cmd doc page by @mathnogueira in https://github.com/Infisical/infisical/pull/6732
- fix: enrollments/SCEP/EST permission improvements by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6632
- feat: revamp provisioning ui to v3 and add ping fed scim docs by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6727
- fix: ignore cert manager when counting billable projects by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6729
- fix: remove Certificate Manager from project templates by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6736
- fix: deleting a certificate exits application inventory view by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6735
- feat(pki): integrate GoDaddy CA with Certificate Manager for SSL by @bernie-g in https://github.com/Infisical/infisical/pull/6713
- feat: add IBM API Connect Dynamic secrets by @mathnogueira in https://github.com/Infisical/infisical/pull/6700
Full Changelog: https://github.com/Infisical/infisical/compare/v0.160.10...v0.160.11
Breaking Changes
- Removed gateway v1
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
Related context
Beta — feedback welcome: [email protected]