Release Notes
Complete release history for STOA Platform. Each release includes highlights, breaking changes, and upgrade instructions.
Latest
April 2026 β Per-component releases via Release Please. Latest: control-plane-api@1.3.1, portal@1.1.2, stoa-gateway@0.9.3, control-plane-ui@1.2.2.
Versioning change
Since April 2026, STOA Platform uses independent per-component versioning (Release Please) instead of monolithic vX.Y.Z releases. Each component (control-plane-api, control-plane-ui, portal, stoa-gateway, stoa-go) publishes its own semver tags. The last monolithic release was v2.3.0.
Per-Component Releases (2026-04)β
Automated per-component releases. Full changelog in each GitHub Release.
| Component | Version | Date | Release |
|---|---|---|---|
| control-plane-api | v1.3.1 | 2026-04-11 | GitHub |
| portal | v1.1.2 | 2026-04-11 | GitHub |
| stoa-gateway | v0.9.3 | 2026-04-11 | GitHub |
| control-plane-ui | v1.2.2 | 2026-04-11 | GitHub |
| control-plane-ui | v1.2.0 β v1.2.1 | 2026-04-09 | v1.2.1 |
| portal | v1.1.1 | 2026-04-09 | GitHub |
| stoa-go | v0.3.4 | 2026-04-09 | GitHub |
| stoa-gateway | v0.9.2 | 2026-04-09 | GitHub |
| control-plane-api | v1.3.0 | 2026-04-09 | GitHub |
| portal | v1.1.0 | 2026-04-08 | GitHub |
| control-plane-api | v1.2.0 | 2026-04-08 | GitHub |
| stoa-go | v0.3.3 | 2026-04-08 | GitHub |
Per-Component Releases (2026-03)β
| Component | Version | Date |
|---|---|---|
| control-plane-api | v1.1.0 | 2026-03-25 |
| stoa-gateway | v0.9.1 | 2026-03-25 |
| stoa-go | v0.3.2 | 2026-03-25 |
| control-plane-ui | v1.1.0 | 2026-03-25 |
| stoa-go | v0.3.1 | 2026-03-25 |
v2.3.0 (March 2026)β
Pingora Engine, Chat Settings, Zero-Config Bootstrap
Highlightsβ
- Pingora connection engine β Cloudflare's battle-tested proxy framework (1T+ req/day) embedded in STOA Gateway behind a
pingorafeature flag. Shared connection pooling replaces per-client reqwest pools at scale (ADR-058) - Per-tenant chat settings β independent Console/Portal chat toggles, daily token budget, source tracking via
X-Chat-Sourceheader, usage breakdown by app - Zero-config Helm bootstrap β single
helm installprovisions Keycloak realm, 4 RBAC roles, 3 client scopes, 4 OIDC clients, admin user, and default tenant - Shared secrets management β auto-generated internal keys (gateway, chat, JWT) stable across upgrades via Helm
lookup - Real-data demo APIs β 5 public APIs (Exchange Rate, CoinGecko, OpenWeatherMap, NewsAPI, Alpha Vantage) + echo fallback pre-seeded in portal
- OAuth hairpin NAT fix β gateway uses internal Keycloak URL for DCR/token proxy, fixing 502 on K8s clusters with hairpin NAT
New Endpointsβ
| Method | Path | Description |
|---|---|---|
GET | /v1/chat/settings | Read tenant chat configuration |
PUT | /v1/chat/settings | Update chat toggles and budget |
New Helm Valuesβ
| Key | Default | Description |
|---|---|---|
stoa.domain | β | Base domain for all services |
stoa.adminEmail | β | Admin user email (bootstrap) |
stoa.anthropicApiKey | β | Anthropic API key (optional, enables chat) |
stoa.bootstrap.enabled | false | Enable first-time platform provisioning |
Breaking Changesβ
None. All changes are backwards compatible.
PRsβ
#1806, #1807, #1808, #1809, #1810, #1811, #1812, #1813, #1814, #1816, #1817 (11 PRs)
v2.2.0 (March 2026)β
LLM Proxy, Self-Service Signup, Skills System
Highlightsβ
- LLM Proxy β multi-provider routing (OpenAI, Azure OpenAI, Mistral) with per-tenant budget tracking and circuit breakers
- Self-service signup β end-to-end tenant provisioning flow with trial limits
- MCP Protocol 2025-11-25 β resources, prompts, completion endpoints, lazy discovery
- OAuth 2.1 hardening β DPoP proof-of-possession binding, RFC 7592 DCR management
- Skills system β gateway-native CRUD with circuit breaker health tracking
- UAC (Universal API Contract) β JSON Schema v1.0 validator, OpenAPI reverse transform
- Gateway adapters β AWS API Gateway + Azure APIM added; Kong, Gravitee, Apigee enhanced
- PII masking β middleware + admin endpoints
- Security posture scanner β automated security assessment
- 12 new API endpoints β billing, contracts, data governance, provisioning, PII, signup
- Gateway Arena β 20-dimension enterprise AI readiness benchmark
- Integrated AI chat assistant β floating widget in Console and Portal
Breaking Changesβ
None. All backwards compatible.
v2.0.0 (February 2026)β
Rust Gateway, Multi-Gateway Adapters, GitOps
Highlightsβ
- STOA Gateway (Rust) β replaces Python MCP Gateway as primary gateway (Tokio + axum)
- Multi-gateway adapter pattern β Kong, Gravitee, webMethods support
- Environment management β dev/staging/production lifecycle
- Gateway Arena β continuous benchmarking lab
- Audit trail β dual-write to PostgreSQL + OpenSearch
- ArgoCD GitOps β declarative deployment on OVH + Hetzner
- 4 CRDs β Tool, ToolSet, GatewayInstance, GatewayBinding
- mTLS support β certificate-bound tokens (RFC 8705)
Breaking Changesβ
- Python MCP Gateway moved to
archive/mcp-gateway/ - Gateway API endpoints changed from
/mcp/*to/v1/* - CRD API group changed from
stoa.iotogostoa.dev - Keycloak client audience mapper must include new gateway
Migrationβ
# Update CRDs
kubectl apply -f charts/stoa-platform/crds/
# Update Keycloak audience mapper to include stoa-gateway
# Re-deploy all components with new Helm chart
helm upgrade stoa-platform ./charts/stoa-platform -n stoa-system
v0.1.0 (February 2026)β
Initial Public Release β MVP
First public open-source release of STOA Platform under Apache 2.0 license.
Highlightsβ
- Control Plane API β Python/FastAPI, multi-tenant architecture
- Python MCP Gateway β MCP support, OPA policies, API key auth
- Console UI β tenant management, user admin, policy configuration
- Developer Portal β self-service catalog, subscriptions, usage dashboards
- Keycloak SSO β OIDC integration, LDAP federation, multi-realm
- Helm chart β full Kubernetes deployment
- E2E test suite β Playwright + BDD (Gherkin)
Breaking Changesβ
N/A β initial release.
Versioning Policyβ
STOA Platform follows Semantic Versioning:
| Segment | When Incremented | Example |
|---|---|---|
| Major (X.0.0) | Breaking API changes | Removed endpoint, changed schema |
| Minor (0.X.0) | New features, backwards-compatible | New endpoint, new CRD field |
| Patch (0.0.X) | Bug fixes, security patches | Fix regression, update dependency |
Deprecation Policyβ
| Stage | Timeline | Action |
|---|---|---|
| Deprecated | Announced in release notes | Feature works but logs warnings |
| Removal planned | Next major version | Documentation updated, migration guide provided |
| Removed | Major version release | Feature removed, breaking change documented |
Deprecated features are supported for at least one major version cycle.
Stay Updatedβ
- GitHub Releases: github.com/stoa-platform/stoa/releases
- Blog: docs.gostoa.dev/blog
- RSS: Subscribe to the blog RSS feed for release announcements
- Roadmap: Current roadmap for planned features
Relatedβ
- Upgrade Guide β Version upgrade procedures
- Roadmap β Planned features
- Security Changelog (
SECURITY-CHANGELOG.mdin repo root) β Security-specific changes - ADRs β Architecture decisions