v0.23.0-rc4

Release Notes

Three changes shipped in this release: a configuration improvement for OAuth2, a frontend positioning fix, and a backend upgrade-stability improvement.

---

New Features

• Configurable OAuth2 scopes — Operators can now customize which scopes are requested during login. The default (openid email profile offline_access) is unchanged, but providers like Google that don't support offline_access can now be configured without patching. See the updated configuration docs for examples.

---

Bug Fixes

• Combobox dropdown positioning in modals — Dropdown menus (e.g. the Owner and Access class fields in the Deploy dialog) were rendering in the wrong position when opened inside a modal. Fixed by always portaling to document.body, which avoids the CSS containing-block issue caused by the modal's backdrop-filter.

---

Other Notable Changes

• Gradual CRD backfill on upgrade — RiseProject CRDs are now stamped with a rise.dev/version label. On upgrade, the label change triggers an immediate Metacontroller resync per project without relying on polling intervals. Backfill runs as a background task (HTTP server starts immediately) and is rate-limited via the new crd_upsert_interval_ms setting (default: 1000 ms) to avoid API bursts on large installs.

---

Download rise-deploy 0.23.0-rc4

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.23.0-rc3

Release Notes

Multi-container deployments, quickstart templates, and a helm upgrade fix round out this release.

---

⚠️ Breaking Changes

Multi-container deployment re-roll — On first reconcile after upgrading, every running deployment's Kubernetes resources are recreated (Deployment renamed …-app, Service and ingress backends updated). Each app restarts once. Existing images are reused; nothing is rebuilt. Schedule a maintenance window.

HTTP health probes disabled by default — Probes are now opt-in for all containers, including single-container apps. Add an explicit health_check block to restore probe behavior.

target_platform removed from registry-credentials response — The runtime architecture is now available exclusively via the new /api/v1/platform/capabilities endpoint.

---

New Features

Multi-container deployments — Define multiple containers in a single deployment via [containers.<name>] in rise.toml, with HTTP traffic routed across them via a [routes] section. Each container gets independent replica scaling. Single-container apps continue to work unchanged.

Quickstart templates — A curated catalog of one-click deployable images (Welcome page, Request echo, httpbin, Excalidraw) is now available from the home page and the "New project" dialog. Projects remember their template and surface an Upgrade or Redeploy action when the catalog image changes. The catalog is operator-configurable via settings.quickstart.

Platform capabilities endpoint — New public GET /api/v1/platform/capabilities endpoint exposes runtime properties (runtime_arch, runtime_allows_root) so clients can surface relevant warnings (e.g. privileged ports on hardened runtimes) without baking them into per-resource config.

---

Bug Fixes

Helm upgrade data loss fixed — Defaulting metacontroller.controllerClass to "" (was "default") prevents every active deployment from being stopped during a helm upgrade. Multi-controller installs can still opt in by setting the value explicitly.

---

Download rise-deploy 0.23.0-rc3

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.23.0-rc2

Overview

This release introduces operator-facing documentation and deterministic JSON Schema generation for the generic resource API, plus a fix for Crates.io publishing.

New Features

• Resource API schema generation (#325): New rise backend schemas generate CLI command produces byte-deterministic JSON Schemas for Resource, ResourceMetadata, ControllerStatusMap, OrganizationResource, and ResourceDefinitionResource. A print subcommand is also available for piping/inspection.
• Operator documentation: New Resources section in the engineering docs with five pages covering storage, API, custom resources, and schemas, including a new JsonSchema.astro component that renders schemas as browsable tables.
• Tooling: New mise run resource:schema:generate and resource:schema:check tasks, with the check wired into mise run lint and CI.

Bug Fixes

• Fixed publishing to Crates.io.

---

Download rise-deploy 0.23.0-rc2

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.23.0-rc1

Release Notes

Significant release headlined by historical Loki-backed logs with a redesigned log viewer, a new frontend design system (themes, profile preferences, shell rebuild), and runtime-agnostic workload identity tokens. Also lands several deployment/ingress improvements and a number of bug fixes.

⚠️ Breaking Changes

• Service accounts API path renamed (/projects/{project}/workload-identities* → /service-accounts*) with no deprecation alias. The CLI is updated in lockstep, so users must upgrade rise to manage service accounts — older CLIs get 404s on rise sa subcommands.
• Loki 3.0+ is a hard requirement for the new historical-logs backend (relies on detected_level for classification and the volume chart).
• Existing installs configuring multi-org features must set default_organization.kubernetes_namespace_prefix: "rise-" explicitly in their config; otherwise the controller falls back to org-{discriminator}-{project_name} and orphans the legacy rise-* namespaces on first reconcile. The shipped config/{development,production}.yaml already set this.

New Features

• Historical logs with Loki — new RuntimeLogBackend trait with Kubernetes (live pod) and Loki implementations; project authorization enforced before any backend query. Backend-driven log levels via new GET /api/v1/logs/capabilities endpoint; /logs/volume now returns sparse by_level buckets. Repeatable ?level= filter on /logs and /logs/volume. CLI gains rise deployment logs --level <name> and colour-codes lines by level (TTY-only, NO_COLOR-aware).
• Redesigned log viewer — multi-select level filter, lazy-loaded stacked volume chart with per-level CSS variables, Grafana-style infinite scroll (200-line pages, IntersectionObserver), custom two-month date-range picker, auto-refresh dropdown (Off / 10s / 30s / 1m / 5m), single-line rows with click-to-expand JSON syntax highlighting, A11y polish.
• New frontend design system — Inter + JetBrains Mono fonts, oklch tokens, rebuilt shell (sidebar, topbar, command palette, login). Profile page with color themes (mint/indigo/ember/slate), density (compact/cozy), and light/dark toggle persisted to localStorage. Auth pages now honor theme preferences before paint.
• Multi-host ingress per deployment group — the reconciler now puts the deployment-group host, environment hosts, production host, and that env's custom domains all on the deployment group's primary ingress. project_custom_domains gains an environment_id column; rise domain add gets --environment/-e; the frontend gets an env selector + ENVIRONMENT/PRIMARY columns.
• Runtime-agnostic workload identity tokens — deployed apps obtain short-lived Rise-signed OIDC JWTs with claims describing the Rise identity (sub = rise:proj:<project>:env:<environment>). Two delivery modes: pull (unauthenticated POST /api/v1/identity/token exchange, rise identity token --audience <aud> CLI) and push (deployment controller mints tokens per [identity.audiences] in .rise.toml, mounted at /var/run/secrets/rise/identity/). Per-IP rate-limited.
• Pod last_state in UI — last_state collected from container statuses and surfaced as red status pills (OOMKilled, crash loops, etc.) with · Nm ago finished-at deltas. "Updated Xs ago" header with a 1s local ticker; conditions rendered as inline r-status pills; container cards become an auto-fit grid on wide screens.
• Optional project name in CLI — rise project show/update/delete accept an optional name and resolve it from [project] in rise.toml (with --path override).
• Git repository URL tracking — CLI auto-detects from 8+ CI platforms (GitHub Actions, GitLab CI, CircleCI, Buildkite, Drone, Jenkins, Azure Pipelines, Bitbucket) or local origin; normalizes to canonical HTTPS; surfaced on deployment + project responses and in the frontend.
• Auto-detect build platform — CLI default falls back to host arch (linux/arm64 on Apple Silicon, linux/amd64 elsewhere); backend can hint via target_platform on the registry-credentials response (driven by controller node_selector["kubernetes.io/arch"]). Local development "just works" on both Intel and ARM Macs.
• Cross-platform dev-setup.sh — single bootstrap script for macOS and Linux replacing the prior mise setup:hosts / mise setup:docker tasks; managed-block edits to /etc/hosts, ~/.docker/daemon.json on macOS, idempotent re-runs, symmetric mise down teardown.

Bug Fixes

• Frontend Redeploy no longer always overwrites http_port with 8080 — the field is now omitted so server-side source-deployment inheritance kicks in (#329).
• Docs deploys no longer wipe open PR previews — docs-deploy now seeds the live Pages site and surgically replaces only docs-prod/{user,operator,index.html}; all three Pages jobs serialize on a shared pages-deploy concurrency group (#328).
• rise.toml project access-class changes now trigger RiseProject CR resync, so ingress config updates immediately instead of lagging behind the DB (#308).
• Snowflake OAuth provisioner no longer keeps warehouses awake — steady-state drift check switched to a metadata-only SHOW INTEGRATIONS and re-verifies once per verify_interval_seconds (default 1h) instead of every 5s (#324).
• Leader-gated reconciler loops now share a global schedule (leader_schedules table) so handovers can't burst the cadence after a leader transition (#323).
• database.url config now correctly takes precedence over DATABASE_URL env var (#309).
• mise dev / mise down robustness — fail fast when .env is missing the rise-managed block, reliably tear down the frontend process group on Ctrl+C, and use a kubectl reachability probe for cluster teardown.
• macOS dev setup — minikube setup now detects running / existing / missing profiles and prompts before destroying state (#331).

Other Notable Changes

• New --platform precedence chain on rise build/deploy: flag → RISE_PLATFORM → rise.toml [build].platform → backend hint → host arch.
• @uiw/react-codemirror → 4.25.10, reqwest → 0.13.4, vite → 8.0.14, aws-config → 1.8.17, serde_json → 1.0.150, JFrog Artifactory → 7.146.15.
• Backend settings JSON schema moved from docs/user/public/schemas/ to docs/engineering/public/schemas/.

Operator / Multi-Tenancy & Resource Store (work in progress)

These land foundational pieces of the multi-tenancy plan. Operator-only, not yet exposed to end users.

• Generic resource HTTP API with wildcard path routing (GET|POST|PUT|DELETE /resources/{*path}), versioned-collection semantics, store-aware classification, AnyAuth extractor, cascade-only deletion (GET /resources/pending-deletion for monitoring), ResourceDefinition hardening (immutable parent, multi-version schema validation), and operator docs.
• Multi-org linkage, default-org bootstrap, and controller gating — default Organization upserted on startup behind a Postgres advisory lock; nullable organization_resource_uid on teams/projects plus user_organization_memberships; Metacontroller webhook now refuses to reconcile projects whose Organization's spec.deploymentControllerClass doesn't match controller_class_name (label-routed via rise.dev/controller-class); per-request resolution of controller class + namespace prefix with a 30s moka cache; Organization-delete guard counts teams + projects + memberships; ResourceStore::rename lets bootstrap re-key the default Org instead of orphaning typed-row linkages.
• Resource GC worker — single-replica ResourceGcController drains cascading deletes (default 20 rows/s), with per-row audit-log entries and stuck-tombstone warnings.
• Controller authentication & operator role — JWT-validated controller identities (issuer + claim allowlist), separate operator_users role (distinct from admins) gating the generic resource API. /me now returns is_operator.
• Service accounts module rename — workload_identity → service_accounts (this is the breaking API change called out above; "service account" = inbound OIDC federation into Rise, distinct from the new workload identity tokens for deployed apps).
• Workspace layout — new rise-resource-api and rise-resource-store crates; releasable artifact is still the consolidated rise binary.

---

Download rise-deploy 0.23.0-rc1

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.22.0

Release Notes

This release adds JFrog Artifactory and AWS S3 as first-class extensions, introduces per-deployment resource configuration, hardens authentication security, and overhauls the documentation site.

---

New Features

• JFrog Artifactory registry support — mint scoped, short-lived credentials for image push and Kubernetes pull secrets via JFrog's access token API or a Vault plugin. Separate push/pull TTLs, per-project scope isolation, and pull credential caching included.
• AWS S3 bucket extension — automatically provisions a dedicated S3 bucket and scoped IAM credentials per project, injected as environment variables. Supports DeletionBlocked state when a bucket is non-empty, with opt-in force_empty_bucket for safe teardown.
• Configurable deployment replicas and resources — set replicas, cpu, and memory in rise.toml or via --replicas/--cpu/--memory CLI flags. Admins can set per-environment min/max constraints; values are validated at deployment time.
• Starlight documentation sites — user and engineering docs now live at docs/user and docs/engineering with improved structure and navigation.
• rise backend rise-toml-schema CLI command — generates the rise-toml-v1.schema.json directly; the old /api/v1/schema/rise-toml/v1 endpoint now redirects (301) to /docs/schemas/rise-toml-v1.schema.json.

---

Bug Fixes

• Auth: cookies scoped to exact host — cookies no longer carry a Domain attribute, preventing cross-subdomain leakage between the Rise API and app subdomains. Ingress auth flows now always redirect through /.rise/auth/complete on the app's own domain.
• Auth: ingress JWTs now carry the correct aud claim — private-app JWTs previously used the Rise server URL as audience; they now use the app's own URL. API middleware rejects RS256 ingress tokens, preventing them from authenticating API calls.
• AWS error detection — replaced brittle string-matching on formatted error types with typed AWS SDK error variants across S3 and RDS extension providers.

---

⚠️ Breaking Changes

• cookie_domain setting repurposed — this field no longer sets the Domain attribute on new cookies. It is now used only to clear stale domain-scoped cookies during migration. Existing configs continue to work, but cross-subdomain cookie sharing via cookie_domain is no longer supported.
• Legacy Metacontroller adoption code removed — the legacy_adopt_existing_resources_to_metacontroller backend setting and adoptExistingResources Helm value have been removed. Clusters that still rely on this one-time migration path must complete the migration before upgrading.
• Registry credentials endpoint moved — credentials are now fetched from GET /projects/{name}/deployments/{id}/registry-credentials (scoped to Pending/Building/Pushing states) instead of the old project-scoped endpoint. Older CLI versions fall back to credentials in CreateDeploymentResponse, which is now deprecated.

---

Dependency Updates

Routine updates to tokio, openssl, aws-sdk-s3/s3-js, jsonwebtoken, tailwindcss 4.3, vite 8, react 19.2, pack 0.40.6, gunicorn 26, and several other crates and npm packages.

---

Download rise-deploy 0.22.0

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.21.1

Release Notes

Overview: A single bug fix addressing network connectivity issues with ingress controllers.

Bug Fixes

• Fix NetworkPolicy blocking ingress traffic — Updated the NetworkPolicy to allow ingress controller traffic to reach the main HTTP port, resolving potential connectivity issues where applications were unreachable despite correct ingress configuration. (#262)

---

Download rise-deploy 0.21.1

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.21.0

Release Notes Summary

This release focuses on security hardening, high-availability support, and a major architectural change to the Kubernetes deployment controller.

New Features

• Metacontroller-based deployment controller — Migrated the Kubernetes deployment controller from an in-process controller to a Metacontroller webhook architecture (d65ecf7, c57ba8b)
• High-availability backend — Backend is now safe to run with multiple replicas, including HA lease liveness and retryable OAuth state (7077511, fe18842)
• Deployment secrets as Kubernetes Secrets — Environment variable secrets are now injected as proper Kubernetes Secrets instead of inline values (bd10719)
• Pod-IP validation for webhooks — Replaced token-based webhook auth with pod-IP validation for improved security (a48c586)
• --platform build option — Override the default build platform (e.g., --platform linux/amd64) (3626399)
• rise env export — New command to export environment variables, with a fix to environment resolution in rise run (08b6b67)

Bug Fixes

• Fix handling of terminating pods in deployment status display (6c044ba)
• Reject plain PKCE method in OAuth flow, require S256 (4b42ae3)
• Fix podSelector in webhook NetworkPolicy for metacontroller (6909f0f)

Other Changes

• Added cargo audit to CI (d3541cb)
• Dependency updates: openssl, pack (buildpacks), marked
• Development documentation and task improvements
• Updated tag-release script

---

Download rise-deploy 0.21.0

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.21.0-rc3

Release Notes

This release includes one security improvement and one documentation update.

New Features

• Secure secret injection — Deployment environment secrets are now injected as Kubernetes Secrets rather than being passed inline, reducing secret exposure in pod specs and Kubernetes API objects.

Other Changes

• Documentation — Added Metacontroller architecture documentation and removed stale controller references from the docs.

---

Download rise-deploy 0.21.0-rc3

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.21.0-rc2

Release Notes

This release includes a security improvement to the webhook authentication mechanism and an addition to the CI pipeline.

Security

• Metacontroller webhook authentication now uses pod-IP validation instead of token-based auth, reducing the attack surface for webhook endpoints.

CI / Infrastructure

• Added cargo audit check to CI to automatically detect known vulnerabilities in Rust dependencies.

---

Download rise-deploy 0.21.0-rc2

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.21.0-rc1

Release Notes

Overview

The Kubernetes deployment controller has been migrated from a built-in implementation to Metacontroller, changing how Rise manages deployments on Kubernetes.

New Features

• Metacontroller-based deployment controller — The Kubernetes deployment controller now runs as a Metacontroller composite controller instead of a built-in reconciliation loop. This delegates resource lifecycle management to Metacontroller's proven controller framework. (#232)

Bug Fixes

• Webhook NetworkPolicy fix — Use podSelector in the webhook NetworkPolicy for Metacontroller, ensuring correct network policy targeting.

---

Download rise-deploy 0.21.0-rc1

File	Platform	Checksum
rise-deploy-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
rise-deploy-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
rise-deploy-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum