Skip to main content
Version: ACE 5

Release 26.3

Configuration changes

See configuration for more details.

Release notes

See docker images below.

ACE 26.3.1

May 21, 2026

Bug Fixes

  • DIG2022-83723
    Invalid token for subsequent git requests due to missing username

ACE 26.3.0

May 16, 2026

ACE support for MCP sever

Added ACE support for API metadata update in API MCP server. It's possible to add custom OpenAPI attributes, like x-mcp and deployment scripts can now pull server url from /api-spec endpoint.

  • DIG2022-81652
    Return configurable server info from /api-spec
  • DIG2022-80762
    Support for custom OpenAPI operation attributes

Debugger improvements

Continued debugger improvements, including execution info section, step execution history and better indication of flow end in the middle of flow.

  • DIG2022-81636
    Execution info section in debugger
  • DIG2022-80769
    Show info that flow has ended in the middle of flow
  • DIG2022-80760
    Step execution history
  • DIG2022-82784
    Debugger improvements_Previous Step is not working as expected with Step that has toggle breakpoint
  • DIG2022-81851
    UI bug: input and output accordions dont use all of available space

Workspace reference check

Added support for validating workspace references, and reworked ACE CLI to support workspace validation on Desktop without need for deployment server.

  • DIG2022-83802
    Support workspace folder validation via CLI
  • DIG2022-80768
    ACE CLI support for workspace validation on Desktop
  • DIG2022-80317
    Entity types restructuring - common, runtime, UI types
  • DIG2022-80188
    Error handler and handler reference validation
  • DIG2022-12988
    Schema Reference Validation
  • DIG2022-12987
    Flow Reference Validation
  • DIG2022-76209
    Workspace validation documentation
  • DIG2022-81640
    Workspace Validation: Getting error message for path is required property for OpenAPI template validation error

Other features

  • DIG2022-82087
    Support storing mongo ObjectId using ACE MongoDB step

Bug Fixes

  • DIG2022-82808
    JSONata step returns object instead of array when array has a single element after upgrade to v26.1.3
  • DIG2022-82124
    Git - Remote does not support the "deepen-relative" fetch
  • DIG2022-83733
    Security: CVE-2026-44288, CVE-2026-44289,CVE-2026-44290,CVE-2026-44292,CVE-2026-44293,CVE-2026-442924(protobufjs-7.5.5,utf8-1.1.0)
  • DIG2022-83675
    Security: CVE-2026-44902 (exporter-prometheus-0.200.0,sdk-node-0.200.0,auto-instrumentations-node-0.58.1)
  • DIG2022-83497
    Security: CVE-2026-41907, CVE-2026-41988 (uuid-10.0.0, uuid-8.3.2, uuid-9.0.1, uuid-3.4.0)
  • DIG2022-83507
    Security:CVE-2026-42044, CVE-2026-42264,CVE-2026-42039,CVE-2026-42040,CVE-2026-42042,CVE-2026-42036,CVE-2026-42037 (axios-1.15.0, axios-1.15.1)
  • DIG2022-83503
    Security: CVE-2026-42338 (ip-address-9.0.5)
  • DIG2022-83498
    Security: CVE-2026-6321, CVE-2026-6322 (fast-uri-3.1.0)
  • DIG2022-82669
    Security: CVE-2026-40895 (follow-redirects-1.15.11.tgz)
  • DIG2022-82614
    Security: CVE-2026-41672, CVE-2026-41673, CVE-2026-41674, CVE-2026-41675 (xmldom-0.8.12)
  • DIG2022-82613
    Security:CVE-2026-41238, CVE-2026-41239, CVE-2026-41240 (dompurify-3.3.2)
  • DIG2022-82610
    Security: CVE-2026-41242 (protobufjs-7.5.3)
  • DIG2022-81940
    Security: CVE-2026-2950, CVE-2026-4800 (lodash-4.17.23, lodash-es-4.17.23)
  • DIG2022-81937
    Security: CVE-2026-40175, CVE-2025-62718 (axios-1.13.5)
  • DIG2022-81936
    Security: CVE-2026-34601 (xmldom-0.8.10)

Docker images

Designer Web

Hash: sha256:821a1df0fd275ef342c8e1c7e0f7d59c564e6729aea8c57bc0769662c880ecde
docker pull euadigportalcoredev02acr.azurecr.io/ace-designer:26.3.1

Runtime server

Hash: sha256:ce86505efcf6b18055c60238f5bb7d58ba1a18dfb740cd54f9576ff774a517e7
docker pull euadigportalcoredev02acr.azurecr.io/ace-runtime-server:26.3.1

Deployment API server

Hash: sha256:4a552cc44ea3628c40404a91729afbf768cf362e6ec40126865d38b3695118ff
docker pull euadigportalcoredev02acr.azurecr.io/ace-deployment-server:26.3.1

Scheduled job (BullMQ) administration

Hash: sha256:d6ca51522653db77f5ca81ff447c3869cc9fc6d2b1146fb3e47a94455cae7fb5
docker pull euadigportalcoredev02acr.azurecr.io/bull-board:26.3.1

Developer API portal

Hash: sha256:3407965d7098311742c9f10ffd1088792a1fe8e9d0b90ed960948ca3b7aa7a01
docker pull euadigportalcoredev02acr.azurecr.io/api-developer-portal:26.3.1

Designer Desktop

ACE Designer Desktop is available here