Quarterly Release: April 2026¶

Current Versions¶

Upgrading to April Release¶

Follow the upgrade guide for details on how to successfully upgrade to the April release.

Patch history¶

May 13, 2026¶

This release adds Kerberos/GSSAPI authentication support to the Server image's PostgreSQL LISTEN/NOTIFY listener and includes security fixes. The listener previously stripped Kerberos and TLS query parameters, mishandled multihost connection strings, and rejected the SQLAlchemy-style ssl= parameter; airgapped deployments that authenticate to PostgreSQL with Kerberos can now use the listener without workarounds.

• Server image: 2026.04.202605132312

May 11, 2026¶

This release fixes a UI image bug where the v2 flow run timeline flickered between log message content and the literal text prefect.log.write. The trace timeline and logs panel now filter out prefect.log.write events, which were rendering as duplicates alongside the matching log lines.

• UI image: 2026.04.202605112144

May 6, 2026¶

This release includes security fixes for the Server and UI images.

• Server image: 2026.04.202605061458
• UI image: 2026.04.202605061537

May 4, 2026¶

This release fixes a UI image bug where deployments using a non-root subpath (e.g. /prefect-ui) returned 403 on the root path and 500 on SPA deeplinks. The base nginx image shipped index.html as a symlink to a test page, which survived our asset copy when a subpath was configured. The Dockerfile now clears the default nginx html directory before copying assets.

• UI image: 2026.04.202605041801

April 30, 2026¶

This release includes security fixes for the UI image.

• UI image: 2026.04.202604301638

April 29, 2026¶

This release updates the UI image to support running nginx as a non-root user, allowing deployment under restrictive Pod Security Standards.

• UI image: 2026.04.202604290034

April 23, 2026¶

This release includes a bug fix for the UI image that resolves null account reference errors at runtime.

• UI image: 2026.04.202604231703

April 22, 2026¶

This release includes security fixes for the Server and UI images.

• Server image: 2026.04.202604221926
• UI image: 2026.04.202604221928

April 17, 2026¶

The Traefik auth proxy (serviceMesh.authorizationMode: proxy) now defaults to Traefik v3 (3.6.13). Deployments pinned to a v2 tag continue to render the v2 configmap and require no action. See the Traefik Authorization Proxy reference for how the image tag selects the configmap template and how to pin to v2.

• Prefect Cloud Chart 1.3.2

April 16, 2026¶

This release includes an updated chart version, enabling traefik version 3.x as the optional auth proxy

• Prefect Cloud Chart 1.3.1

April 15, 2026¶

This release includes security fixes for the UI image.

• UI image: 2026.04.202604152111

Initial Release: April 15, 2026¶

Backend Updates¶

Features¶

• Managed Automations — Managed automations are now protected from accidental modification and reliably restored when removed.
• User and Account Images — Profile images are now supported for users and accounts.
• Resource Attribution — Flows, deployments, work pools, work queues, flow runs, and block documents now track who created, last updated, or cancelled them, providing better visibility across the audit trail.
• Bulk Resource Deletion — Flow runs, deployments, and flows can now be deleted in bulk in a single operation.
• Work Pool and Work Queue Concurrency Visibility — Work pools and work queues now expose active slot usage and concurrency status, making it easier to understand capacity at a glance.
• Webhook Roles and Sorting — Webhook access is now enforced per role, and webhooks can be sorted by name or creation date.
• Expanded Audit Coverage — Audit events now cover create, update, and delete operations for work pools, block documents, flows, and work queues.
• Deployment Schedule Renaming — Deployment schedules can now be renamed without creating duplicates or disrupting active schedules.
• Improved Filtering and Sorting — Resources can now be filtered by who created or last updated them. Additional ascending sort options are available across flows, deployments, task runs, and flow runs.

Performance¶

• Orchestration Reliability — The background service responsible for cleaning up stale flow runs has been rewritten for better parallelism and more reliable recovery from failures.
• Faster API Responses — Work pool listing responses are smaller and faster. Work queue status is computed more efficiently. Repeated permission checks require fewer database round-trips.
• Faster Query Performance — Queries for upcoming flow runs and artifact filters are significantly faster under load.
• Faster Service Startup — Services start up faster due to deferred loading of modules that aren't needed immediately.

Bug Fixes¶

• Subflow Cancellation — Cancelling a parent flow now correctly cancels any deployed subflows.
• Concurrency Limit Reliability — Deployment concurrency limits are now correctly maintained across all flow run state transitions, preventing flows from exceeding their configured limits.
• Automation Failures Now Visible — When an automation action fails to render its template, the failure reason is now visible in the action status rather than failing silently.
• Invitation Reliability — Several edge cases in the invitation flow have been fixed, including a server error when sending to certain actors and cleanup of failed invitation emails.

Maintenance¶

• Dependency Updates — Security patches and version updates across multiple dependencies.

Frontend Updates¶

Features¶

• Improved performance - Many parts of the application's data layer have been overhauled and now feature real-time websocket connections for improved latency and responsiveness.
• In-app API docs - An overhauled API-docs experience with significantly improved performance, code samples across several languages, request/response schema navigation, and endpoint testing.
• Deployment versions - Full support for deployment versioning with dedicated per-version pages.
• Updated tables - Improves flow, deployment, workers, and account memberships tables with new sorting and filtering capabilities across each.
• Pinned Flows and Deployments — Flows and deployments can now be pinned for quick access. Pins are saved per user and stay in sync when switching workspaces.
• Concurrency Capacity Bar — Work pool and work queue pages now show a visual capacity bar for active slot usage.
• User Settings Page — User settings and preferences have been consolidated and improved.
• Profile Images — User and accounts may now have profile images, and are now displayed throughout the UI.
• Version Info in Support Menu — The support menu now shows the current backend and UI versions, making it easier to report issues.
• Improved automations create/edit interfaces - Includes templates for common automations.

Bug Fixes¶

• Multi-Select Dropdowns — Shift+click now selects a range of items in multi-select dropdowns throughout the UI.

Maintenance¶

• Security Updates — Addressed multiple HIGH/CRITICAL vulnerabilities including axios, xmldom, and lodash-es.

Helm Chart Updates¶

• Third-party Image Mirror — All third-party images referenced by the chart (alpine/psql, traefik, Bitnami, Istio) are now mirrored to a Prefect-maintained GAR registry at us-docker.pkg.dev/prefect-prd-customer-managed/mirrors/. Airgapped deployments can point the chart at the mirror instead of Docker Hub with a small values override. See the deployment guide for details.
• Auth Proxy Mode Fixes — Fixed several bugs in Traefik auth proxy mode that could cause authentication failures in certain configurations.
• Routing Updates — Istio routing now covers all endpoints introduced in this release, including bulk operations and version inspection.