Skip to content

Quarterly Release: April 2026

Current Versions

Component Version
Server Image 2026.04.202605271604
UI Image 2026.04.202606031911
Prefect Istio Chart 1.2.0
Customer-Managed Chart 1.3.5
2.x Client Supported 2.20
3.x Client Supported 3.6.26

Note

The client versions listed above are the versions tested against this release; run the exact version listed. Compatibility is not guaranteed for versions outside the tested set, including untested patch versions within the same minor series. Pin to a tested version and roll out upgrades through your normal change-management process. See the client compatibility policy for details.

Upgrading to April Release

Follow the upgrade guide for details on how to successfully upgrade to the April release.

Patch history

June 9, 2026

This release makes the ADFS ID token claim names for email and subject configurable, for deployments whose ADFS returns non-standard claim names (e.g. Email instead of email, or a custom identifier instead of sub). Set global.authProvider.adfs.emailField / PREFECT_CLOUD_AUTH_ADFS_EMAIL_FIELD and global.authProvider.adfs.subField / PREFECT_CLOUD_AUTH_ADFS_SUB_FIELD to override the defaults (email and sub). Login now fails with a clear error if the configured claim is missing from the token.

  • Server image: 2026.04.202606091529

June 8, 2026

This release includes a bugfix that allows older (pre-versioning) deployments to render in the UI.

  • UI image: 2026.04.202606081434

June 3, 2026

This release includes security fixes for the UI image.

  • UI image: 2026.04.202606031911

May 29, 2026

This release fixes a helm chart bug where Feature Previews were not enabled by default.

  • Prefect Cloud Chart 1.3.6

May 27, 2026

This release includes security fixes for the Server image.

  • Server image: 2026.04.202605271604

May 20, 2026

This release fixes a bug in Entra-SSO deployments where non-admin workspace members were stuck on a blank loading screen instead of being redirected through SSO reauth. The /sso/validate endpoint now returns a fresh authorization URL on cache miss, and the UI runs the SSO reauth check before route permission verification so the interstitial is actually reachable. It also adds a configurable ADFS scope setting (global.authProvider.adfs.scope / PREFECT_CLOUD_AUTH_ADFS_SCOPE) for deployments that need extra scopes or a relying-party resource identifier.

  • Server image: 2026.04.202605201737
  • UI image: 2026.04.202605201738

May 19, 2026

This release fixes a Helm chart bug where the reaper-man and concurrency-lease-reaper deployments were missing the Redis environment variables they need to reach their backing Redis. reaper-man was falling back to localhost:6379 and crashing on every heartbeat, and the concurrency-leases block was missing the TLS and username fields required by TLS-only Redis (e.g. ElastiCache). Both blocks now source from the shared work Redis credentials, matching how work-pools and flow-run-input are wired.

  • Prefect Cloud Chart 1.3.5

May 13, 2026

This release adds Kerberos/GSSAPI authentication support to the Server image's PostgreSQL LISTEN/NOTIFY listener and includes security fixes. The listener previously stripped Kerberos and TLS query parameters, mishandled multihost connection strings, and rejected the SQLAlchemy-style ssl= parameter; airgapped deployments that authenticate to PostgreSQL with Kerberos can now use the listener without workarounds.

  • Server image: 2026.04.202605132312

May 11, 2026

This release fixes a UI image bug where the v2 flow run timeline flickered between log message content and the literal text prefect.log.write. The trace timeline and logs panel now filter out prefect.log.write events, which were rendering as duplicates alongside the matching log lines.

  • UI image: 2026.04.202605112144

May 6, 2026

This release includes security fixes for the Server and UI images.

  • Server image: 2026.04.202605061458
  • UI image: 2026.04.202605061537

May 4, 2026

This release fixes a UI image bug where deployments using a non-root subpath (e.g. /prefect-ui) returned 403 on the root path and 500 on SPA deeplinks. The base nginx image shipped index.html as a symlink to a test page, which survived our asset copy when a subpath was configured. The Dockerfile now clears the default nginx html directory before copying assets.

  • UI image: 2026.04.202605041801

April 30, 2026

This release includes security fixes for the UI image.

  • UI image: 2026.04.202604301638

April 29, 2026

This release updates the UI image to support running nginx as a non-root user, allowing deployment under restrictive Pod Security Standards.

  • UI image: 2026.04.202604290034

April 23, 2026

This release includes a bug fix for the UI image that resolves null account reference errors at runtime.

  • UI image: 2026.04.202604231703

May 1, 2026

This release adds a new serviceMesh.authorizationMode: traefik option that deploys Customer-Managed Prefect with Traefik as the sole ingress and auth proxy, without Istio. The two existing modes (policy and proxy) are unchanged. The new mode skips all Istio resources (VirtualServices, DestinationRules, EnvoyFilter, sidecar injection) and routes directly to backend services with per-service timeouts. Maintenance mode is supported in this mode via priority routers that return 503 with Prefect-Maintenance: true headers.

  • Prefect Cloud Chart 1.3.4

April 23, 2026

This release adds two chart options needed for deployments that cannot run Istio EnvoyFilters or that rely on label-based network policies. envoyFilter.create can now be set to false to skip the 504-to-503 rewrite filter, and the database migration job now carries the app.kubernetes.io/part-of: prefect-cloud label that the other services already use.

  • Prefect Cloud Chart 1.3.3

April 22, 2026

This release includes security fixes for the Server and UI images.

  • Server image: 2026.04.202604221926
  • UI image: 2026.04.202604221928

April 17, 2026

The Traefik auth proxy (serviceMesh.authorizationMode: proxy) now defaults to Traefik v3 (3.6.13). Deployments pinned to a v2 tag continue to render the v2 configmap and require no action. See the Traefik Authorization Proxy reference for how the image tag selects the configmap template and how to pin to v2.

  • Prefect Cloud Chart 1.3.2

April 16, 2026

This release includes an updated chart version, enabling traefik version 3.x as the optional auth proxy

  • Prefect Cloud Chart 1.3.1

April 15, 2026

This release includes security fixes for the UI image.

  • UI image: 2026.04.202604152111

Initial Release: April 15, 2026

Backend Updates

Features

  • Managed Automations — Managed automations are now protected from accidental modification and reliably restored when removed.
  • User and Account Images — Profile images are now supported for users and accounts.
  • Resource Attribution — Flows, deployments, work pools, work queues, flow runs, and block documents now track who created, last updated, or cancelled them, providing better visibility across the audit trail.
  • Bulk Resource Deletion — Flow runs, deployments, and flows can now be deleted in bulk in a single operation.
  • Work Pool and Work Queue Concurrency Visibility — Work pools and work queues now expose active slot usage and concurrency status, making it easier to understand capacity at a glance.
  • Webhook Roles and Sorting — Webhook access is now enforced per role, and webhooks can be sorted by name or creation date.
  • Expanded Audit Coverage — Audit events now cover create, update, and delete operations for work pools, block documents, flows, and work queues.
  • Deployment Schedule Renaming — Deployment schedules can now be renamed without creating duplicates or disrupting active schedules.
  • Improved Filtering and Sorting — Resources can now be filtered by who created or last updated them. Additional ascending sort options are available across flows, deployments, task runs, and flow runs.

Performance

  • Orchestration Reliability — The background service responsible for cleaning up stale flow runs has been rewritten for better parallelism and more reliable recovery from failures.
  • Faster API Responses — Work pool listing responses are smaller and faster. Work queue status is computed more efficiently. Repeated permission checks require fewer database round-trips.
  • Faster Query Performance — Queries for upcoming flow runs and artifact filters are significantly faster under load.
  • Faster Service Startup — Services start up faster due to deferred loading of modules that aren't needed immediately.

Bug Fixes

  • Subflow Cancellation — Cancelling a parent flow now correctly cancels any deployed subflows.
  • Concurrency Limit Reliability — Deployment concurrency limits are now correctly maintained across all flow run state transitions, preventing flows from exceeding their configured limits.
  • Automation Failures Now Visible — When an automation action fails to render its template, the failure reason is now visible in the action status rather than failing silently.
  • Invitation Reliability — Several edge cases in the invitation flow have been fixed, including a server error when sending to certain actors and cleanup of failed invitation emails.

Maintenance

  • Dependency Updates — Security patches and version updates across multiple dependencies.

Frontend Updates

Features

  • Improved performance - Many parts of the application's data layer have been overhauled and now feature real-time websocket connections for improved latency and responsiveness.
  • In-app API docs - An overhauled API-docs experience with significantly improved performance, code samples across several languages, request/response schema navigation, and endpoint testing.
  • Deployment versions - Full support for deployment versioning with dedicated per-version pages.
  • Updated tables - Improves flow, deployment, workers, and account memberships tables with new sorting and filtering capabilities across each.
  • Pinned Flows and Deployments — Flows and deployments can now be pinned for quick access. Pins are saved per user and stay in sync when switching workspaces.
  • Concurrency Capacity Bar — Work pool and work queue pages now show a visual capacity bar for active slot usage.
  • User Settings Page — User settings and preferences have been consolidated and improved.
  • Profile Images — User and accounts may now have profile images, and are now displayed throughout the UI.
  • Version Info in Support Menu — The support menu now shows the current backend and UI versions, making it easier to report issues.
  • Improved automations create/edit interfaces - Includes templates for common automations.

Bug Fixes

  • Multi-Select Dropdowns — Shift+click now selects a range of items in multi-select dropdowns throughout the UI.

Maintenance

  • Security Updates — Addressed multiple HIGH/CRITICAL vulnerabilities including axios, xmldom, and lodash-es.

Helm Chart Updates

  • Third-party Image Mirror — All third-party images referenced by the chart (alpine/psql, traefik, Bitnami, Istio) are now mirrored to a Prefect-maintained GAR registry at us-docker.pkg.dev/prefect-prd-customer-managed/mirrors/. Airgapped deployments can point the chart at the mirror instead of Docker Hub with a small values override. See the deployment guide for details.
  • Auth Proxy Mode Fixes — Fixed several bugs in Traefik auth proxy mode that could cause authentication failures in certain configurations.
  • Routing Updates — Istio routing now covers all endpoints introduced in this release, including bulk operations and version inspection.