Changelog

Fixes

• Updated @redocly/openapi-core to version 2.30.1.

• Fixed an Editor issue where the Commit tab badge did not update after file edits.

Features

• Reworked the Reunite editor layout: file and utility tabs now share a single workspace that can be rearranged, split horizontally or vertically, and resized.

Features

• Updated error and permission-denied pages with clearer copy, actions, and navigation that adapts to org or project context.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 2.29.1.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 2.29.0.

• Fixed SAML SP metadata Assertion Consumer Service URL when the auth host is configured with a full URL, and aligned SAML AuthnRequest NameID policy with the email format advertised in metadata.

Fixes

• Fixed styling issues in project overview cards and dark mode border colors.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 2.27.1.

Fixes

• Fixed authentication to reject API keys on endpoints configured for session sign-in and clarified error messages to indicate the authentication method used.

• Fixed capitalization of "Runtime logs" in sidebar menu, page title, and documentation.

Features

• Added validation for the redirects configuration option to detect dead and circular redirects.

• Added RBAC filtering for Apigee API products in developer onboarding app creation.

• Added support for Excalidraw and PlantUML diagrams.

• Added support for x-badges in OpenAPI and AsyncAPI parameters and schema properties.

• Added support for or functions in RBAC conditions within Markdoc content.

• Added a new ColorPaletteIcon icon component.

Fixes

• Fixed an issue where Typesense search ignored OpenAPI paths.

• Fixed a bug where Markdoc content wrapped in an RBAC condition did not appear in search results for users with access.

• Fixed an issue where an API path remained visible when all its endpoints were hidden by x-rbac access control.

• Fixed an issue where the "Last updated" date displayed incorrect values on project pages.

• Fixed a bug where dismissing any banner on the page prevented all banners from being displayed on that page again.

• Fixed a bug that caused search result highlighting to break in Flexsearch when the query contained duplicate words.

• Fixed an issue where pressing the Q key in the terminal in preview mode would not stop the preview.

• Fixed an issue where images referenced by the img Markdoc tag appeared broken after changing src and moving the file, requiring a manual page reload.

• Fixed an issue where URLs starting with the same characters as API reference, AsyncAPI, Scorecards, Catalog, or Developer Onboarding page slugs served data for those pages instead of showing a 404.

• Fixed an issue where files with identical names but different extensions in the same folder resolved to a single URL, causing pages to be missing from the deployed project.

• Fixed out-of-memory error in the search indexer that occurred when indexing deeply nested schemas.

• Fixed an issue in scorecardClassic where the minimumLevel calculation in targets resulted in incorrect values.

• Updated @redocly/openapi-core to version 2.25.2.

• Fixed an issue where the catalog tile descriptions displayed Markdown syntax as raw text.

• Fixed an issue where banners didn't support all Markdoc features.

• Fixed banner target priority to ensure that the most specific matching banner is displayed on a page.

• Fixed an issue where badges in sidebars.yaml were not rendering on API reference pages.

• Fixed an issue where json-schema Markdoc tags produced empty output in LLM content.

• Improved keyboard navigation across Replay's input components for more consistent and predictable focus behavior.

• Fixed incorrect RBAC validation that caused authenticated MCP tool calls to be handled improperly.

• Fixed an issue where rules in targets were not applied correctly to scorecardClassic levels.

• Fixed an issue where complex AI search queries might have resulted with an error.

• Fixed an issue where the sidebar scrolled together with the rest of the page when an announcement banner was present.

• Fixed an issue where the process did not terminate after certain short-lived CLI commands were executed.

• Fixed an issue where clicking asset download links redirected to a 404 page.

• Fixed an issue where filters on code walkthrough pages overlapped the Search dialog.

• Improved performance when building AI search documents for Markdown.

• Fixed an issue where partial Markdoc tags in OpenAPI and AsyncAPI description fields did not resolve when Windows-style path separators were used.

• Fixed an issue where navigating to a page through an anchor link from another page occasionally failed to scroll to the anchor.

• Fixed an issue where OpenAPI 3.1 discriminated unions broke when allOf merged $ref siblings.

• Fixed MCP URL variables resolution.

• Fixed security vulnerability CVE-2026-33036 by upgrading fast-xml-parser to version 5.5.9.

• Fixed an issue where Replay's Authorization type dropdown menu was hidden, preventing interaction.

• Adjusted tooltip text to remain on a single line when possible.

Features

• Added optional expiration date to organization API keys to disable authentication after the specified UTC date.

Fixes

• Updated public API permission labels for OAuth2 clients and API keys.

• Updated project cards UI on the organization overview with improved visual styling and interaction states.

• Fixed scrolling in the API key modal after adding an allowed IP address to keep new fields and actions visible in long forms.

Fixes

• Improved CORS proxy security by injecting X-Content-Type-Options: no-sniff into proxied responses.

Fixes

• Fixed a Realm CORS proxy security issue that could allow requests to private network addresses and unsafe direct navigation to proxied HTML or JavaScript content.

Fixes

• Updated Remote content in Reunite so the path next to a Git remote opens the correct branch and folder or file on the provider.

• Fixed issue where the environment variables modal closed on save failure due to validation errors, blocking corrections to invalid fields.

Features

• Added AI-generated PR summaries to provide high-level change overviews and risk assessments for reviewers.

Fixes

• Fixed an issue that prevented RBAC API keys from reading project source details and listing remotes in Reunite CLI workflows.

Fixes

• Updated @redocly/openapi-core and @redocly/cli to version 2.25.2.

• Fixed an issue where saving remote Git content after editing replaced the selected repository folder with the repository root. The selected folder is retained when saving without changes.

Features

• Added OAuth2 client management in organization settings with access scope configuration and client revocation.

Fixes

• Fixed an issue where manually triggered deployments showed incorrect commit messages on the deployment details page.

• Changed the add tab button in the preview panel to always open a blank tab instead of opening a missing tab.

Features

• Added granular permissions to API keys.

Features

• Added AI pull requests review summary comment which automatically updates as the AI review progresses.

Fixes

• Fixed agent and crawler requests to static files such as sitemap.xml are served instead of a non-existent Markdown path, and the site root resolved index.html.md correctly instead of a hidden .index.html.md path.

Fixes

• Fixed security vulnerability CVE-2026-0540 by upgrading dompurify to version 3.3.3.

• Fixed security vulnerabilities CVE-2026-29085, CVE-2026-29045, and GHSA-v8w9-8mx6-g223 by upgrading hono to version 4.12.8.

• Fixed security vulnerabilities CVE-2026-27904 and CVE-2026-27903 by upgrading minimatch to version 10.2.4.

• Fixed security vulnerability CVE-2026-28292 by upgrading simple-git to version 3.32.3.