Releases · backstage/backstage

These are the release notes for the v1.33.0 release of Backstage.

A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for the hard work in getting this release developed and done.

Highlights

Catalog performance improvements and breadcrumbs

Some database improvements and fixes have been made to the catalog. The refresh_state table is no longer needed in the read path, and some indices have been dropped. We don't expect this to have any negative impact on end users; rather, performance should increase due to reduced index churn and less used storage.

Entity pages now also by default have a breadcrumb control in the page header, showing the context of the current entity such as what system and domain it’s in, if any.

App backend config injection with read-only filesystem

The app-backend now stores the templated index.html file in memory rather than writing it to disk. This means you no longer need to use the app.disableConfigInjection flag when running with a read-only filesystem, allowing you to take advantage of the config injection.

BREAKING: `LEGACY_BACKEND_START` has been removed

The CLI no longer supports the LEGACY_BACKEND_START flag, which means that old dev endpoints in src/run.ts have to be migrated to the new dev/index.ts structure instead.

Scaffolder now supports Node.js v22

The isolated-vm dependency has been upgraded to v5, which means the scaffolder now supports Node.js v22. It also means that running Scaffolder with Node.js v16 is no longer possible.

Scaffolder permissions and actions

A new scaffolder.template.management permission has been added. This permission is useful if you want to limit access to the frontend template management features. Contributed by @stephenglass in #26946

A new fs:readdir action has been added. This action is useful if you need to retrieve the contents of a specific directory within a workspace. Contributed by @secustor in #27283

Catalog service ref for backends

The @backstage/plugin-catalog-node package now has a catalogServiceRef that backends should move to depending on for their catalog communication needs. If you are currently instantiating a CatalogService by hand, you will enjoy using this new service instead. The most important improvement is that it supports a credentials argument directly which gives it support for proper auth toward the catalog without having to make tokens with the auth core service.

New generate-patch cli command

We have added a new generate-patch CLI command that can be used to generate patches for current changes in a source workspace, which can then be installed in a target workspace. This allows you to easily and immediately use changes that have been contributed upstream, without needing to wait for a release.
#27331

Google LDAP support

Added support for Google LDAP to @backstage/plugin-catalog-backend-module-ldap. Contributed by @megatroom in #27373

BREAKING: AWS ALB authentication

The AWS ALB fullProfile will no longer have its username or email converted to lowercase. This is to ensure unique handling of the users. You may need to update and configure a custom sign-in resolver or profile transform as a result via @backstage/plugin-auth-backend-module-aws-alb-provider.

Security Fixes

The kubernetes plugin received a bump of the @kubernetes/client-node dependency to mitigate CVEs related to the request and tough-cookie packages. Contributed by @coreydaley in #25385

Upgrade path

We recommend that you keep your Backstage project up to date with this latest release. For more guidance on how to upgrade, check out the documentation for keeping Backstage updated.