Harness Release Notes

Feature Flags release notes
Subscribe via RSS
Review the notes below for details about recent changes to Harness Feature Flags (FF). For release notes for Harness Self-Managed Enterprise Edition, go to Self-Managed Enterprise Edition release notes. Additionally, Harness publishes security advisories for every release. Go to the Harness Trust Center to request access to the security advisories.
note
Harness deploys changes to Harness SaaS clusters on a progressive basis. This means that the features and fixes that these release notes describe may not be immediately available in your cluster. To identify the cluster that hosts your account, go to the Account Overview page.
Last updated: February 13, 2026​
January 2026​
Go SDK​
Version 0.1.27​
Fixed issues:
Resolved a security vulnerability by updating core dependencies. (FFM-12790)
Node.js SDK​
Version 1.8.12​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12658)
React Native SDK​
Version 3.3.2​
Maintenance:
Bumped React SDK dependency to 2.4.0. (FFM-12572)
React SDK​
Version 2.4.0​
Maintenance:
Bumped JavaScript SDK dependency to 1.32.0. (FFM-12571)
December 2025​
Android SDK​
Version 2.2.7​
Bug fixes:
Improved retry backoff behavior to prevent rapid reconnect loops under transient failure conditions. (FFM-12760)
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12557)
Python SDK​
Version 1.7.3​
Fixed issues:
Resolved security vulnerabilities CVE-2025-8869 and CVE-2024-47081 by updating core dependencies. (FFM-12653)
.NET SDK​
Version 1.7.5​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12559)
Android SDK​
Version 2.2.6​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12557)
Updated the Android Gradle Plugin to 8.13.0 to include the latest upstream bug fixes and maintain compatibility with newer Android platform and Android Studio releases. (FFM-12658)
November 2025​
JavaScript SDK​
Version 1.31.3​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12567)
Ruby SDK​
Version 1.4.8​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12573)
Version 1.4.7​
Bug fixes:
Limited the number of targets that can be included in a single payload to prevent oversized batches and improve request reliability. (FFM-12713)
Maintenance:
Added documentation for the initialized function.
Java SDK​
Version 1.9.2​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12566)
Version 1.9.1​
Bug fixes:
Fixed a NullPointerException in the retry interceptor that caused retrieveAll to fail with a CompletionException. (FFM-12715)
Erlang SDK​
Version 3.0.3​
Maintenance:
Updated harness_ff_erlang_client_api dependency to resolve parsing issues with lowercase Content-Type headers. (FFM-12712)
React Native SDK​
Version 3.3.1​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12572)
React SDK​
Version 2.3.1​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12571)
Relay Proxy​
Version 2.0.18​
Bug fixes:
Fixed an issue introduced in version 2.0.17 where the Relay Proxy could drop newly created flags or segments before writing them to the Redis cache. (FFM-12750)
Version 2.0.17​
Maintenance:
Upgraded golang to 1.25.2.
Optimized how the Proxy retrieves Flag and Target Group config when changes are made.
Node.js SDK​
Version 1.8.11​
Maintenance:
Build and release pipeline has been migrated to Harness Code. (FFM-12568)
Version 1.8.10​
New features and enhancements:
Validate and convert Target.identifier to a string before sending to the metrics processor, improving data handling robustness. (FFM-12708)
Bug fixes:
Updated Axios dependency to resolve CVE-2025-58754. (FFM-12641)
Version bump and supporting updates related to Axios upgrade. (FFM-12641)
September 2025​
Java SDK​
Version 1.9.0​
Bug fixes:
Fixed build failures when using JDK 24. (FFM-12512)
Resolved multiple security vulnerabilities (CVEs). (FFM-12578)
Fixed build compatibility issues to support Java 25. (FFM-12612)
Updated Gradle version to ensure compatibility with JDK 25 LTS builds. (FFM-12612)
Version bump and related maintenance updates for Java 25 compatibility. (FFM-12612)
Relay Proxy​
Version 2.0.16​
Maintenance:
Upgrade from golang 1.23.5 -> 1.23.12 to resolve vulnerability CVE-2025-22871. (FFM-12648)
Upgrade the Proxy's base image to use pushpin-1.41.0 to resolve vulnerabilities in the older base image. (FFM-12648)
Version 1.0.8​
Maintenance:
Upgrade from golang 1.23.5 -> 1.23.12 to resolve vulnerability CVE-2025-22871. (FFM-12631)
Upgrade the Proxy's base image to use pushpin-1.41.0 to resolve vulnerabilities in the older base image. (FFM-12631)
Version 2.0.15​
Bug fixes:
Fixes a issue where the Proxy could incorrectly detect a delta between cached Target Group/Flag configs and SaaS during a stream disconnect or on startup. This caused the Proxy to send unnecessary SSE event to SDKs, even when no changes occurred. (FFM-12608)
August 2025​
JavaScript SDK​
Version 1.31.2​
Bug fixes:
Apply client.registerAPIRequestMiddleware to SDK streaming requests.
React Native Client SDK​
Version 3.3.0​
New features and enhancements:
Update the React SDK to v2.3.0.
Node.js SDK​
Version 1.8.9​
Bug fixes:
The SDK now retries on certain recoverable network errors.
Version 1.8.8​
New features and enhancements:
Support for providing tlsTrustedCa/httpsCa to StreamProcessor.
Fixed issues:
Internal version bump. (FFM-12520)
.NET SDK​
Version 1.7.4​
New features and enhancements:
Improved error logging: the SDK now catches HttpRequestException and logs detailed DNS resolution errors instead of a generic HTTP error message. (FFM-12553)
Relay Proxy​
Version 2.0.14​
New features and enhancements:
Added support for additional environment variables to enable advanced Redis configuration. These provide greater flexibility for fine-tuning your Redis setup with the Relay Proxy. (FFM-12528)
REDIS_MAX_RETRIES
REDIS_MIN_RETRY_BACKOFF_MILLIS
REDIS_MAX_RETRY_BACKOFF_MILLIS
REDIS_DIAL_TIMEOUT_SECONDS
REDIS_READ_TIMEOUT_SECONDS
REDIS_WRITE_TIMEOUT_SECONDS
REDIS_POOL_SIZE
REDIS_POOL_SIZE_LITERAL
REDIS_POOL_TIMEOUT_SECONDS
REDIS_MIN_IDLE_CONNS
REDIS_MAX_IDLE_CONNS
REDIS_MAX_ACTIVE_CONNS
REDIS_CON_MAX_IDLE_TIME_MINUTES
REDIS_CON_MAX_LIFETIME_MINUTES
For a full list and description of the available configuration options, see the Feature Flags documentation.
Maintenance:
Upgrade the go-redis client library version from 9.5.5 to 9.11.0. (FFM-12528)
Upgrade dependencies to resolve an OAuth2.0 vulnerability. (FFM-12517)
July 2025​
Java SDK​
Version 1.8.3​
Bug fixes:
Avoid logging disconnect errors on shutdown. A previous change (v1.8.0) unintentionally increased log noise by logging reset/cancel errors when the SDK was already shutting down. This fix ensures inflight requests aborted during shutdown are no longer logged, reducing misleading endpoint logs. (FFM-12506)
New feature and enhancements:
Added stack traces in logs to improve diagnostics during SDK operation. (FFM-12506)
Improved polling log messages to make them more unique and easier to trace. (FFM-12506)
Version 1.8.2​
New features and enhancements:
Adding experimental support for HTTP proxy configuration. The SDK now supports the following system properties for proxies: http(s).proxyHost, http(s).proxyPort, http.proxyUser, and http.proxyPassword. These are passed directly to OkHttp. (FFM-12489)
Relay Proxy​
Version 2.0.13​
New features and enhancements:
Optimized SSE event handling for Primary Proxy restarts or disconnections from Harness SaaS. The Proxy now sends patch events only for resources that changed while it was disconnected, instead of patching all flags. This reduces unnecessary updates and improves efficiency. The change is backward compatible and includes an automatic data structure migration in Redis on startup. (FFM-12528)
Security and Maintenance:
Updated Redis data model to support more efficient resource tracking during disconnections. While upgrading from Proxy version 2.0.12 or earlier to 2.0.13 requires no manual action, reverting back to 2.0.12 after an upgrade requires setting a different REDIS_DB index to avoid data incompatibility. (FFM-12441)
Node.js SDK​
Version 1.8.8​
New features and enhancements:
Added support for providing tlsTrustedCa/httpsCa to StreamProcessor.
Maintenance:
Bumped version to address technical debt. (FFM-12520)
Version 1.8.7​
Bug fixes:
Fixed an issue where the Node.js SDK did not retry after initialization failure. (FFM-12484)
Fixed an uncaught exception occurring when fetching flags or segments fails on SSE events. (FFM-12499)
.NET SDK​
Version 1.7.3​
This minor release updates the build process to sign the NuGet package, improving package integrity and trust.
Bug fixes:
Documentation fixes. (FFM-12465)
New features and enhancements:
Signed NuGet package as part of the build process. (FFM-12415)
June 2025​
Relay Proxy​
Version 2.0.12​
Security and maintenance:
Adds HOST & Remote IP to the request logging middleware. (FFM-12488)
Updates dependencies to resolve a vulnerability in the github.com/golang-jwt/jwt package. (FFM-12432)
Version 1.0.7​
Security and maintenance:
Removed indirect dependency on github.com/golang-jwt/jwt version 3.2.2 or later which was incompatible for improved stability. (FFM-12443)
Java SDK​
Version 1.8.1​
Maintenance:
Migrated artifact publishing from OSSRH to the Maven Central Repository. This release includes no functional changes or bug fixes. (FFM-12481)
Android Client SDK​
Version 2.2.5​
Maintenance:
Migrated artifact publishing from OSSRH to Maven Central Repository. This release includes no functional changes or bug fixes. (FFM-12482)
Node.js SDK​
Version 1.8.6​
Bug fixes:
Various streaming reliability improvements and fixes to enhance connection stability and reduce disconnections. (FFM-12477)
May 2025​
Relay Proxy​
Version 2.0.11​
Security and maintenance:
Updated third-party dependencies to address security vulnerabilities identified by scanners. (FFM-12432)
April 2025​
iOS SDK​
Version 1.3.4​
Bug fixes:
Fixed a crash that could occur when re-initializing the SDK. Replacing the custom singleton with a thread-safe static let pattern to prevent force-unwrapping a nil optional. Also synchronized initialize and destroy to avoid memory corruption. (FFM-12377)
Version 1.3.3​
Bug fixes:
Fixed an issue where the main thread could be blocked if disk writing took too long. The saveToDisk method now uses DispatchQueue.async to ensure the main thread returns immediately. (FFM-12377)
JavaScript SDK​
Version 1.31.0​
New features and enhancements:
Added a new enableAnalytics option to control whether metrics are sent from the SDK. See the Options interface for usage details. (FFM-12373)
Security and maintenance:
Bumped esbuild to address a CVE. As a result, the minimum Node version required to build the SDK is now 18. This change only affects development environments and does not alter the minimum supported Node version for SDK users.
Node.js SDK​
Version 1.8.5​
Bug fixes and enhancements:
Added retries for timed out requests and authentication requests.
Introduced axiosRetries option to control the number of retries (see documentation).
Removed dumping of entire Axios objects on request failures to reduce log noise.
Fixed an issue where waitForInitialization() could unblock prematurely before flags and groups were fully loaded, preventing brief returns of default variations. (FFM-12374)
March 2025​
Relay Proxy​
Version 2.0.10​
Fixed Issues:
Resolved an issue where the REDIS_DB environment variable was not passed to the Redis client, causing the default DB to be used regardless of configuration
Updated third-party dependencies to address security vulnerabilities identified by scanners.
Version 2.0.9​
New features and enhancements:
Added support for rotating auth secrets without downtime or requiring SDK restarts.
Previously, updating the AUTH_SECRET invalidated existing SDK tokens. Now, you can assign a new AUTH_SECRET and move the old one to LEGACY_SECRETS. The Proxy will accept tokens signed with both. Once all SDKs are using tokens signed with the new secret, you can remove the legacy value.
Node.js SDK​
Version 1.8.4​
Bug fixes:
Reduced log verbosity for stream disconnection and retries. Now logs an error once per disconnection period, a warning on the first retry, the 10th attempt, and every 50th attempt thereafter. All other retries are logged at the debug level. Also downgraded some overly verbose info logs in the Evaluator to debug level. (FFM-12353)
Go SDK​
Version 0.1.26​
Bug fixes:
Fixed pipeline issues. (FFM-167)
Addressed .NET vulnerability. (FFM-12309)
Updated x/net dependency to latest version. (FFM-12359)
Resolved vulnerabilities related to infrastructure-as-code. (IAC-3407)
Python SDK​
Version 1.7.2​
Bug fixes:
Fixed an issue where string values were not correctly cast to booleans when evaluating a boolean equals clause (e.g. checking if a target with premium: True belongs to a group with the rule premiums equals true). Added error handling for failed type casts to prevent runtime errors and log the issue instead. (FFM-12349)
February 2025​
Relay Proxy​
Version 2.0.8​
Upgrades packages and dependencies to resolve CVEs
Updates to documentation
JavaScript SDK​
Version 1.30.0​
New features and enhancements:
Added a new optional prop onFlagNotFound, which triggers a callback when a requested flag cannot be found and a default variation is served. The callback receives two arguments:
flagNotFound: A typeDefaultVariationEventPayload containing the flag identifier and the default variation.
loading: A boolean indicating whether the SDK was still initializing at the time of the request.
This feature helps developers monitor when default variations are returned due to issues like typos, misconfigurations, or early variation calls before SDK initialization. It listens to the ERROR_DEFAULT_VARIATION_RETURNED event introduced in JavaScript SDK v1.29.0. See the README for usage details. (FFM-12306)
Maintenance:
Updated README documentation for clarity and to reflect recent SDK enhancements.
React Native Client SDK​
Version 3.2.0​
New features and enhancements:
Updated React SDK to latest version. (FFM-12322)
Version 3.1.0​
New features and enhancements:
Updated React SDK to latest version. (FFM-12315)
React Client SDK​
Version 2.2.0​
New features and enhancements:
Added support to automatically re-initialize the SDK when configuration options change. (FFM-12320)
Version 2.1.0​
Maintenance:
Bumped JavaScript SDK version and updated README documentation. (FFM-12313)
January 2025​
Ruby SDK​
Version 1.4.6​
Fixed Issues:
Thread safety issues have been resolved. Previously, the Ruby SDK was marked a singleton and did not ensure only one instance can be created. This caused some issues where multiples were created in a quick period of time. This fix helps protect you from it. (FFM-12281)
Added initialized method. This checks if client is initialized and returns true if initialization is complete and false if it has
not. (FFM-12277)
Python SDK​
Version 1.7.1​
Bug fixes:
Increased the default size of the LRU cache to improve caching behavior. (FFM-12288)
Previous releases​
2024 releasesDecember 2024​
Android Client SDK​
Version 2.2.4​
New features and enhancements:
Remove unused org.threeten:threetenbpdependency. (FFM-12237)
iOS SDK​
Version 1.3.1​
Fixed issues:
Fixed an issue where the jsonVariation method returned double-escaped JSON strings, requiring developers to manually code them. The method now returns correctly formatted JSON, eliminating the need for manual unescaping. (FFM-12241)
November 2024​
Ruby Server SDK​
Version 1.4.5​
Fixed Issues:
Following from 1.4.3, we are still investigating an edge case in the SDK, where segmentation faults can occur when the SDK aggregates and sends metrics at the end of an interval:
Evaluation metrics now use String keys, instead of class based keys. (FFM-12192)
Version 1.4.4​
Fixed Issues:
Following from 1.4.3, we are still investigating an edge case in the SDK, where segmentation faults can occur when the SDK aggregates and sends metrics at the end of an interval:
Replaces concurrent-ruby/ConcurrentMap with our own thread safe hash implementation.
Fixed race condition if the optional timeout_ms argument is provided to wait_for_initialization and the SDK times out and initializes at the same time which could cause undefined behaviour for the lifetime of the SDK. (FFM-12192)
We have fixed some behaviour around default variations being returned:
Default variations are returned immediately:
if the SDK is not initialized or still initializing. This avoids potentially incomplete evaluations caused by partial cache data.
if a flag cannot be found and logs a warning.
if a requested variation does not match the flag type, the SDK now returns the default variation and logs a warning. (FFM-12192)
Version 1.4.3​
Fixed Issues:
Resolves an issue where Segmentation faults can occur on Ruby 3.4 and above. (FFM-12192)
Version 1.4.2​
Fixed Issues:
Following from 1.4.1, we are still investigating an edge case in the SDK, where very large projects can generate
invalid metric events shortly after the SDK has initialised. This patch includes possible fixes for this issue.
(FFM-12192)
Version 1.4.1​
Fixed Issues:
Skips processing invalid metrics if they are detected. We are currently investigating an edge case in the SDK, where very large projects can generate
invalid metric events shortly after the SDK has initialised. This patch release ensures these invalid metrics events are skipped, and a warning is logged
if the SDK encounters them. The impact of flag evaluation metrics will not include any events that have been skipped. (FFM-12192)
React Native Client SDK​
Version 2.0.0​
New features and enhancements:
Renamed the optional prop async to asyncMode on the FFContextProvider in the React Native SDK to resolve a conflict with updates in React Native 0.76.
If you are upgrading to this version, you must update your usage accordingly:
<FFContextProvider
asyncMode
apiKey="YOUR_API_KEY"
target={{
identifier: 'YOUR_TARGET_IDENTIFIER',
name: 'YOUR TARGET NAME'
}}
options={{
cache: true
}}
>
<MyApp />
</FFContextProvider>
This change prevents errors caused by reserved keyword conflicts in newer React Native versions. (FFM-12209)
October 2024​
Relay Proxy​
Version 2.0.7​
Fixed Issues:
Fixes an issue where you weren't able to configure the Proxy to use different DBs within redis. This was happening because the REDIS_DB config wasn't being passed to the redis client so the client always used the default DB.
Version 2.0.6​
Fixed Issues:
Upgrades dependencies to resolve CVEs
Reduces pushpin log level from info to error level. This reduces the amount of ephemeral pod storage the Proxy consumes in k8s.
Ensures the Proxy only writes to the response body if the response hasn't already been committed.
JavaScript SDK​
Version 1.29.0​
New features and enhancements:
Added a new event ERROR_DEFAULT_VARIATION_RETURNED, emitted whenever the SDK returns a default variation. This allows you to listen for and handle cases where a fallback is used. See the README for usage details. (FFM-12129)
Java SDK​
Version 1.8.0​
New features and enhancements:
New HarnessConfig options:
-- maxRequestRetry: Defines the maximum number of retry attempts for the following request: authentication, polling, metrics, and reacting to stream events
-- flushAnalyticsOnClose: Indicates whether to flush analytics data when the SDK is closed.
-- flushAnalyticsOnCloseTimeout: The timeout for flushing analytics on SDK close. (FFM-12087)
For full details, see associated Java docs and for sample usage, see ConfigExample.
Fixed Issues:
Resolved an issue where initial connection attempts to the
stream, as well as reconnection attempts after disconnection, were
limited to 5 tries. Now, reconnection attempts have no limit and
utilize exponential backoff, with a 60-second cap on retry
intervals reached after several attempts. (FFM-12087)
Fixed a memory leak caused when the SDK was closed but the
stream’s ScheduledExecutorService remained active. All SDK
resources are now properly shut down when close() is called.
Addressed an issue where, after calling close() and shutting
down the stream, the SDK would still make a poll request,
resulting in error logs due to evicted network resources. Now, no
polling requests are made after close() is invoked.
React Client SDK​
Version 1.14.0​
New features and enhancements:
Added a new optional onFlagNotFound callback prop, which is triggered whenever a variation is requested for a flag that cannot be found and the default variation is returned.
The callback receives two arguments:
flagNotFound: A typeDefaultVariationEventPayload containing the flag identifier and the default variation served.
loading: A boolean indicating whether the SDK was still initializing at the time of the request.
This feature leverages the ERROR_DEFAULT_VARIATION_RETURNED event (available in JavaScript SDK v1.29.0+) and helps teams identify issues like typos, misconfigurations, or early variation calls before SDK initialization. See the README for usage examples. (FFM-12129)
September 2024​
Relay Proxy​
Version 2.0.5​
New features and enhancements:
If you include a Harness-SDK-ApplicationID header in your request to the Proxy it will be included in the logs e.g. {"level":"info","ts":"2024-09-10T15:36:00+01:00","caller":"middleware/middleware.go:44","msg":"request","component":"LoggingMiddleware","method":"GET","path":"/client/env/:environment_uuid/feature-configs","status":401,"took":"80.619µs","appID":"app-123"}
Fixed Issues
Fixes an issue where the cache status wasn't being reported properly in the /health response if the Proxy disconnected/reconnected to redis after startup
Fixes an issue where a stale inventory key would remain in redis even though stale assets had been removed which caused unecessary memory usage in redis.
Version 2.0.4​
Fixed Issues:
Fixes an issue where the Proxy could send SSE events with truncated flag identifiers if the flag identifiers contained an underscore e.g. HELLO_WORLD. When the Primary Proxy starts up it pulls down config from Saas, compares it with the config in redis and generates SSE events to make sure SDKs don't miss out on changes. However in this scenario if the flag identifier contained an underscore e.g. HELLO_WORLD the SSE event would indicate a change for the flag HELLO.
Version 1.0.5​
Fixed Issues
Fixes CVEs by upgrading packages and dependencies
Erlang SDK​
Version 3.0.1​
Fixed Issues:
Fixed an issue where a flag or target group change would not be stored with the Outdated error.
.NET SDK​
Version 1.7.2​
New features and enhancements:
Added .NET 8.0 TFM. (FFM-12057)
Upgraded System.IdentityModel.Tokens.Jwt for .NET 7.0 and 8.0
TFMs.
Remove unused Disruptor library.
Javascript Client SDK​
Version 1.13.0​
New features and enhancements:
Added the authRequestReadTimeout config option. Have a look at the readme for further information and how to enable it. (FFM-11972)
Bug fixes:
If authentication fails, the correct error will be logged instead of Invalid Token. (FFM-11972)
React Client SDK​
Version 1.13.0​
New features and enhancements:
Bumped Javascript SDK to 1.13.0. (FFM-11972, FFM-11852, ZD-68087)
React Native SDK​
Version 2.2.0​
New features and enhancements:
Bumped FF React SDK to 2.2.0. (FFM-11972)
Ruby SDK​
Version 1.3.2​
Fixed Issues:
No longer ships rake, minitest and standard as dependencies. (FFM-11995)
Flutter SDK​
Version 2.3.0​
New features and enhancements:
Upgraded internal Feature Flags SDKs: Android SDK to v2.2.3 and iOS SDK to v1.3.1. (FFM-11972)
Golang SDK​
Version 0.1.25​
New features and enhancements:
Added configurable limit and clearing schedule for the seen targets map. Use WithSeenTargetsMaxSize to set the maximum size and WithSeenTargetsClearInterval to configure the clearing interval. (FFM-11660)
August 2024​
Node.js SDK​
Version 1.8.3​
Fixed issues:
Patched Axios CVE: CVE-2024-39338. (FFM-11888)
Relay Proxy​
Version 2.0.3​
Fixed Issues:
Cached data from old Proxy Keys is now removed from redis. There was an issue where if you configured a Proxy with Proxy Key A, then reconfigured it with Proxy Key B and restarted the service you would end up with config for Proxy Key A & B in Redis when there should only be config for Proxy Key B.
Fixes a race condition where concurrent map access could happen in the Primary Proxy when it's aggregating metrics data.
Cleans up error logs that shouldn't have been logged.
Java SDK​
Version 1.7.0​
New features and enhancements:
Introduced the ability to store and retrieve FeatureSnapshot (previous and current feature config).
Updated FeatureSnapshot for JavaSDK. (FFM-1844)
Javascript SDK​
Version 1.27.0​
Fixed issues:
Added maxStreamRetries config option. (FFM-11788, ZD-66828)
If retries are exhausted, one of these two states would occur:
If polling is enabled, the SDK would remain in polling mode and no further streaming reconnection attempts would be made. The default polling option, if not supplied, is whatever the streamingEnabled value is or,
If polling is disabled, the SDK would not get any further evaluation updates for the remainder of the SDK client instance's life. The SDK would need re-initialised, e.g the app being restarted, to get new evaluations in this state.
Fixed an edge case where if the stream disconnects and resumes during a request made by the fallback poller (60 seconds later), the fallback poller will not be disabled and will continue polling for the lifetime of the SDK instance. (FFM-11852, ZD-68087)
Version 1.26.3​
Fixed issues:
The following CVEs have been patched:
ws
braces
Python SDK​
Version 1.7.0​
Enhancements:
Added httpx_args option. (FFM-11935):
For further reading, you can refer to this doc on httpsx_args
You can find a sample of the change by Harness in our Python SDK repo.
Node.js SDK​
Version 1.8.3​
Security Updates:
Patched Axios vulnerability CVE-2024-39338 by upgrading the dependency to a secure version. (FFM-11888)
July 2024​
Relay Proxy​
Version 2.0.2:​
Fixed Issues:
Fixed an issue where username & password auth for redis wasn't working
Fixes an issue where the Proxy didn't validate the environment in the request matched the environment in the token claims
Explicitly makes REDIS_ADDR a required environment variable. A connection to redis is required for the Proxy to function but the REDIS_ADDR wasn't explicitly requried in the code which could lead to vauge startup errors if you forgot to set it.
Reduces excessive memory usage from having an excessive amount of labels on prometheus metrics. This required is to remove the following labels from the following metrics
Removed the key label from the following metrics
ff_proxy_redis_cache_scan_duration
ff_proxy_redis_cache_write_count
ff_proxy_redis_cache_read_count
ff_proxy_redis_cache_remove_count
ff_proxy_redis_cache_scan_count
Removed the method label from the ff_proxy_http_requests_total metric
Removed the envID label from the ff_proxy_http_requests_duration metric
Removed the url and envID label from the ff_http_requests_content_length_histogram metric
Enhancements:
Optimises memory by reducing the number of memory allocations
Adds support for using the Harness-Target header to perform evaluations. This means that if you're using an SDK that sends the Target in the Harness-Target the Proxy will use it to perform the evaluation rather than having to fetch the target from redis to perform the evaluation.
Cleans up unecessary error logs
Android SDK​
Version 2.2.3​
Fixed issues:
Fixed an issue where the SDK Client would not be closed correctly if Close() or CloseWithFuture() was called, and Streaming and/or Polling requests would continue to be made in the background. (FFM-11779)
Version 2.2.2​
Fixed issues:
Fixed the high initialization latency for large projects. (FFM-11750)
Resolved an issue where using the callback method to initialize the SDK when the device had no connectivity. It would fail to give a success/failure result until the device regains connectivity. Now, a failure result is immediately sent and a success callback will be sent when the device is able to reconnect once the SDK initializes successfully. (FFM-11750)
Java SDK​
Version 1.6.1​
Fixed issues:
Sorted AND/OR rules when caching a group instead of during an evaluation call. This change prevents latency that could occur if the group is large. (FFM-11654)
.NET SDK​
Version 1.7.1​
Fixed issues:
Fixed incorrect number variation warning message. (FFM-11759, ZD-66232)
Fixed an issue when client.close() is called the stream remains connected. The stream now exits correctly and resources are released. (FFM-11801, ZD-66232)
If WaitForInitialization() was called and no timeout argument provided, the SDK could block permanently on unrecoverable authentication failures. Now, the SDK will unblock immediately on 40x errors, and retry up to 10 times on 50x errors, after which it will unblock. (FFM-11759, ZD-66232)
New features and enhancements:
Add FlagsLoaded Event - see events. (FFM-11759, ZD-66232)
Python SDK​
Version 1.6.4​
Fixed issues:
Fixed an issue where SDK dependencies, tenacity and typing_extensions, were pinned to fixed versions, which could make integration with the SDK impossible if different versions are specified in an application or its dependencies. (FFM-11770, ZD-66342)
Version 1.6.3​
Fixed issues:
Pins typing_extensions to latest release compatible with 3.7 to resolve compatibility issues with code brought in from the OAPI Generator. (FFM-11655)
Added a guard around the debug log. The guard being a None check on the feature config type before we attempt to log it. (PL-51773)
Ruby SDK​
Version 1.3.1​
Fixed issues:
Sorted AND/OR rules when caching a group instead of during an evaluation call. This change prevents latency that could occur if the group is large. (FFM-11657)
June 2024​
Relay Proxy​
Version 2.0.1​
New features and enhancements:
Beta support added to support AND rules in Harness Saas. To opt in to this feature you need to configure your Proxy to set the AND_RULES environment variable to true
Adds the same validation that Harness Saas uses on Targets in the /client/auth path. This prevents the Proxy from accepting invalid targets from SDKs and logging out an error when it tries to forward them to Saas
Bug Fixes:
This fixes a bug where the Proxy metric aggregation wouldn't work properly with certain SDKs (Java, .NET)
Fixes an issue where the context could time out and prevent connect/disconnect stream events from being published to redis.
Fixes an issue introduced in 2.0.0 that caused read replicas to not close streams with SDKs properly
There was an issue with how the Proxy handled redis URLs prefixed with redis://. This fixes that issue so that all of the below options work for configuring the redis URL
Android SDK​
Version 2.2.1​
New features and enhancements:
Added a new method for closing the SDK. The closeWithFuture() method can be used to ensure the SDK has been closed before continuing, for example, re-initializing the SDK. (FFM-11625, ZD-64818)
Flutter SDK​
Version 2.2.1​
Fixed issues:
Fixed an issue on Android where the SDK would crash with the error,
java.lang.IllegalStateException: Reply already submitted, if the SDK was closed and re-initialised multiple times within quick successions. (FFM-11625, ZD-64818)
Golang SDK​
Version 0.1.24​
Fixed issues:
Sorted AND/OR rules when caching a group instead of during an evaluation call. This change prevents latency that could occur if the group is large. (FFM-11653)
New features and enhancements:
Bumped go-retryablehttp from 0.7.4 to 0.7.7.
.NET SDK​
Version 1.7.0​
New features and enhancements:
Further cache optimisations to improve performance and reduce memory usage. (FFM-11619)
Exposes new jsonVariationToken method which supports JSON array variations. Note that jsonVariation has been marked as Obsolete due to the fact it only supports JSON object variations. (FFM-11548)
Version 1.6.10​
New features and enhancements:
Improves SDK evaluation performance and memory usage.
Update to use PackageLicenseExpression.
Make System.Net.Http conditional. (FFM-11509)
Optimize IN clause rules. (FFM-11056)
Cherry pick 1.6.9 patch. (FFM-11531)
Remove excessive ToList() allocations in Evaluator. (FFM-11551)
Wrap log statements with if statements. (FFM-11557)
SeenTargets cache memory improvements. (FFM-11549)
Sort rules when retrieving instead of per evaluation. (FFM-11585)
Remove rules sorting from the evaluation path. (FFM-11597)
Fixed issues:
Fixed an issue where streams would not remain open for longer than 60 seconds when the SDK is running .NET 4.8:
-- Previously, if the stream disconnected, it would take 70 seconds for it to reconnect. It now reconnects using an exponential backoff and delay, where the base delay is 500ms. (FFM-11573, ZD-64099)
The SDK version has been bumped from 1.6.x to 1.7.0-rc2. (FFM-11549)
Fix streaming issues for .NET 4.8. (FFM-11573, ZD-64099)
Node.js SDK​
Version 1.8.2​
Fixed issues:
Sorted AND/OR rules when caching a group instead of during an evaluation call. This change prevents latency that could occur if the group is large. (FFM-11656)
Version 1.8.1​
Fixed issues:
Patched CVE for braces. (FFM-11673)
Version 1.8.0​
New features and enhancements:
Global Axios settings are no longer configured by the SDK, which could override Axios settings used elsewhere in an application. The default timeout is 30s but can be changed using options within axiosTimeout. See: 'Available Options' in the Node.js further reading docs in the GitHub repo. (FFM-9097)
Added SDK support for AND/OR rules (Please note that this feature is not GA yet). (FFM-11243)
The target-segments v2-rule parameter has been added and ready to use. (FFM-11364)
Python SDK​
Version 1.6.2​
New features and enhancements:
Bumped requests from 2.31.0 to 2.32.0.
Fixed issues:
Sorted AND/OR rules when caching a group instead of during an evaluation call. This change prevents latency that could occur if the group is large. (FFM-11656)
Fixed error logging when metrics are processed for targets without any attributes. (FFM-11655)
May 2024​
iOS SDK​
Version 1.3.1​
Fixed issues:
Fixed an issue in iOS Proxy V2 where a missing projectIdentifier in the authentication token caused a crash. This field is now treated as optional to prevent nil reference errors. (FFM-11492)
Golang SDK​
Version 0.1.23​
New features and enhancements:
Previously, from versions v0.1.21 to v0.1.22, a critical bug was identified where evaluation metrics processing could cause a system panic. This occurred when at least one evaluation involved a target with nil attributes — either due to attributes being omitted or explicitly set to nil. This release addresses this issue by implementing a fix that prevents such panics. (FFM-11470, ZD-63281)
Enhanced Testing:
To ensure the stability and reliability of this fix and similar functionalities, we have expanded the evaluation metrics suite of unit tests. These additional tests will help safeguard against regressions and improve code coverage.
Fixed issues:
Versions v0.1.21 and v0.1.22 have been retracted.
Removes GitHub Actions step Static Code Analysis / Build (push) as it is constantly failing due to out of date credentials. These checks have moved to Harness CI but this step had yet to be removed until now.
Version 0.1.22​
Version 0.1.22 Retracted
This version was retracted on 13th May 2024 due to a critical bug being identified. Please use Version 0.1.23 or later versions.
Refactored the evaluation logic to remove inefficiencies in the GetAttr(ibute) function. (FFM-11332)
Upgraded the Go SDK version in analytics.
Java SDK​
Version 1.6.0​
New features and enhancements:
Updated the Java SDK example to include a delay. (FFM-10981)
Target v2 updates:
Added support for AND/OR in clauses. (FFM-11193)
Returns false when no clauses exist. (FFM-10861)
Added a new query parameter to target-segments. (FFM-11356)
Added a config option to suppress the SDK code 6001. (FFM-11425, ZD-62796)
Updated BC to 1.78.1. (FFM-11502)
Downgraded the OpenAPI plugin to allow for a broader range of Springboot compatibility. (FFM-11459)
.NET SDK​
Version 1.6.9​
New features and enhancements:
Added SDK support for AND/OR rules - feature not GA yet. (FFM-11242)
You can now use the target-segments v2-rule parameter. (FFM-11363)
Fixed issues:
Fixed a Null Pointer Exception that occurred when a null target was used in an evaluation with analytics enabled. (FFM-11537, ZD-63847)
Python SDK​
Version 1.6.1​
New features and enhancements:
SDK support has been added for AND/OR rules. Please note that this feature is not generally available yet. (FFM-11455)
Improved the retry logic used by SDK http requests, as well as the clarity of logs if requests fail. (FFM-11441)
Fixed issues:
Only deletes cache key if it exists. (FFM-11331, ZD-62250)
React Client SDK​
Version 1.11.0​
We've reduced the ES (ECMAScript) target to 2018. (FFM-11353)
The Javascript SDK has also been updated.
Ruby SDK​
Version 1.3.0​
New features and enhancements:
Target v2: Adding SDK support for AND/OR rules. Please note that this feature is not generally available yet. (FFM-11241)
Adding rules-v2 query parameter to optimise the rules that the FF backend sends for AND/OR rules. Please note that this feature is not generally available yet. (FFM-11365)
Fixed issues:
If the metrics buffer size fills, it no longer flushes and sends all metrics to the FF service, which could affect evaluation performance. Instead, it logs a warning that the buffer is full and does not process anymore metrics for that interval. (FFM-11211)
Optimizes the payloads sent by the metrics service. Previously, there would be an individual payload entry based on flag + variation served + target. Now, the entry is based on flag + variation. This drastically reduces payload size for similar evaluations served for targets. The SDK continues to register targets correctly as before.
Fixes an issue where targets used in evaluations across metrics intervals would still be included in payloads. Now, only unique targets are included in payloads.
April 2024​
Android SDK​
Version 2.2.0​
Bug fixes:
The NetworkInfoProvider has been replaced. This was due to customers experiencing crashes while using the Harness library for Feature Flags, specifically in the Andriod app. (FFM-11216, ZD-61312)
Security Updates:
The bouncycastle dependency has been updated to 1.78 to remove CVE-2024-29857. (FFM-11222)
The threeten dependency has been updated to 2.6.9 to remove CVE-2024-23081. (FFM-11223)
Version 2.1.1​
This update fixes a ConcurrentModificationException that could be thrown if network connectivity was lost and regained. (FFM-11156)
Golang SDK​
Version 0.1.21 - Retracted​
Version 0.1.21 Retracted
This version was retracted on 13th May 2024 due to a critical bug being identified. Please use Version 0.1.23 or later versions.
New features and enhancements:
SDK support for processing AND/OR rules:
Note that this feature is not enabled yet and the SDK will continue to use the existing group rule format until further notice. (FFM-11297)
Internal metrics code enhancements.
Fixed issues:
Fixed an issue where only a single target would be registered in a metrics window.(FFM-11297)
Version 0.1.20​
Optimized the evaluation logic to be more efficient. (FFM-11183)
Version 0.1.19​
Added additional debug logging around evaluation logic. (FFM-11091)
Javascript SDK​
Version 1.26.1​
The Stream disconnections and timeouts are now logged at debug level. If the SDK takes longer than 5 separate requests to reconnect, it will log an error. It will then continue to log errors for every 5 failed reconnection attempts. (FFM-11248)
Version 1.26.1​
Replace btoa usage with custom Base64 encoding to handle non-ASCII characters. (FFM-11103, ZD-60634)
.NET SDK​
Version 1.6.8​
We've fixed an issue where evaluation related debug logs, even if debugging wasn't enabled, would cause extra latency when making evaluations. This fix restores performance to do normal pre-logging levels. (FFM-11121)
There are no longer information logs json payloads. (FFM-11022)
Version 1.6.7​
Logs flags/groups payload as info level log. (FFM-11022)
Version 1.6.6​
We've made cache & exception handling improvements including:
-- improving cache locking and synchronization,
-- improving stream error handling,
-- increasing the capacity of dictionary, and
-- additional cache recovery checks. (FFM-11089)
Node.js SDK​
Version 1.7.0​
Applies metrics hardening to Node SDK.. (FFM-11022)
Applies standard Metrics Enhancements. (FFM-11022)
Fixed issue where only the first prerequisite was being processed. (FFM-9291)
Adds Harness-SDK-Info, Harness-AccountID, or Harness-EnvironmentID headers. (FFM-7051)
Adds support for custom TLS CA certificates. (FFM-7017)
PHP SDK (Beta)​
Version 0.2.0​
Fixed the JWT fields missing in the cache on authentication. (FFM-11123, ZD-60936)
Added SDK type, version, and lang to the HTTP header. (FFM-7037)
March 2024​
Android SDK​
Version 2.1.0​
Enhancements:
We've provided a new configuration option that allows polling to be disabled. Do have a look at the streaming and polling mode on GitHub for information on how to use this feature. (FFM-10961)
This version now updates the GettingStarted application to demonstrate usage of all initialzation methods. You can have look at our updated Initialzation Documentation on GitHub for more details.
Bug Fixes:
We have fixed an issue that resulted in the initialize success callback again being triggered if the SDK needed to re-authenticate. This would happen in scenarios such as losing connectivity. Because of this, any code you supplied specifically related to initiailization success would get executed again. The initialize callback has been updated to correct this. Do feel free to have a look at the new callback documentation on GitHub for more information on this. (FFM-10940)
The issue involving having to register for a second, or multiple, event listeners at the same time as an event comes through has been resolved. On the previously registered listener, it could throw an unchecked ConcurrentModificationException.
Version 2.0.2​
We have fixed the non-blocking behaviour. (FFM-8138)
We've updated okhttp and okio-jvm in relation to CVE-2023-3635. (FFM-10903)
Version 2.0.1​
We've added support for the Retry-After header. (FFM-10745)
The TooManyRequestsException error has now been resolved. (FFM-10879)
Flutter SDK​
Version 2.2.0​
We've tidied up behaviours around flag deletion:
-- Previously, if a flag was deleted, its evaluations would remain in the SDK cache and any variation calls made to it would result in an out-of-date evaluation for your target. (FFM-8138)
-- This update exposes a new EVALUATION_DETE event you can listen for which is emitted when a flag has been deleted.
We've fixed an issue in iOS where if an evaluation failed, null would be returned instead of the default variation that was supplied.
We've upgraded Feature Flags iOS SDK to 1.3.0.
We've upgraded Feature Flags Android SDK to 2.0.2.
Golang SDK​
Version 0.1.18​
This adds Connection: closes header to metrics requests. (FFM-11039)
iOS SDK​
Version 1.3.0​
We've tidied up behaviour around flag deletion:
-- It now exposes new onDelete event that you can listen for which is emitted when a flag has been deleted.
Previously, if a flag was deleted, its evaluations would remain in the SDK cache and any variation calls made to it would result in an out-of-date evaluation for your target. (FFM-10877)
It doesn't report metrics when default variation served which would result in inaccurate flag metrics. (FFM-8318)
Java SDK​
Version 1.5.2​
We've removed the metrics flush on map overflow. (FFM-10816)
We've added Retry-After HTTP header support. (FFM-10821)
Javascript SDK​
Version 1.26.0​
We have enabled the logger to be overridden so users can use their own logger. (FFM-10880)
.NET SDK​
Version 1.6.5​
When you're making an evalution, if the Flag or Group cache are found to be in an invalid state, then a cache refresh is made and the evaluation re-attempted once. This cache refresh has a default timeout of 5 seconds, which can be decreased or increased by using the new configuration option SetCacheRecoveryTimeout(int timeoutMilliseconds). (FFM-11022)
Version 1.6.4​
The Evaluation logic refactored to use immutable principles, to aid in maintenance and readability. (FFM-11057)
If the target group cache is found to be in an invalid state, such that any groups that beloing to a flag are not in the cache, the SDK will asynchronously update the group cache and immediately return the default variation.
There are extra evaluation logs added to aid troubleshooting.
Version 1.6.3​
This update now generates additional debug-level logs that detail the flag, target, and the specific reason for the variation result. This includes identifying the exact rule, such as a group rule, that led to the served variation. (FFM-11002)
Version 1.6.2​
The exception handling in auth success callback has been resolved. (FFM-11002)
Version 1.6.1​
We've fixed an analytics issue that caused a target's attributes to not be sent in analytics payloads, as well fail to appear in the UI. (FFM-10943)
We've resolved an issue that caused new targets to not be sent in analytics payloads. This issue commonly happened when multiple instances of the SDK were created.
Version 1.6.0​
We've made further enhancements to the 'evaluations per second' performance. The SDK can now process an extra 90,000 evaluations per second. (FFM-10837)
This version marks Target.isPrivate as 'no longer obsolete'. We've also made improvements to the SDK processing of private targets:
-- Previously, the private targets were still stored in cache, but only dropped at the end of a metrics interval. The SDK no longer stores private targets in cache at any point.
Version 1.5.0​
We've increased evaluation performance for when analytics are enabled. This provides up to an 80% decrease in mean time to process 100k evaluations using 100k unique targets. (FFM-10822)
We've made improvements to analytics cache for per-interval processing. You can now process analytics for unique evaluations for up to 2K flags with 5 variations each and can now process up to 100K unique targets.
Node.js SDK​
Version 1.6.1​
We have fixed an issue that resulted in metrics requests failing and displaying a 400: Bad Request error message. (FFM-10963)
We've upgraded Axios to 1.6.8 to address a CVE that highlighted known vulnerabilities in the follow-redirects package.
Python SDK​
Version 1.6.0​
We've added support for custom TLS CA certs. (FFM-7006)
Version 1.5.0​
This update keeps track of targets that have been used in evaluations. It will no loner send targets already seen in the mtrics payload. This allows for fair processing of new targets for analytics purposes. (FFM-10837)
The following bugs have been fixed:
-- We've resolved an issue where if a target was marked as anonymous, it would be sent in analytics.
-- We've also fixed the typing of get_flag_kind method.
React SDK​
Version 1.10.0​
We've updated the Javascript Client SDK to 1.26.0 and we've updated the README to show you how to override the internal logger. (FFM-10886)
Version 1.9.0​
We've updated the internal Javascript Client SDK to v1.25.0 to unlock the ability to change the mechanism used for caching flags. (FFM-10875)
February 2024​
Android SDK​
Version 2.0.0​
There's been a major refactoring in the 2.0.0 version of the Android SDK which included some API changes and additional imporovements:
-- Improvements
This is a major hardening effort of the SDK to improve its overall reliability:
--- With a now simplified threading model, we now use a dedicated thread for authentication, streaming and polling which lives for the lifetime of the SDK until close() is called. Previous 1.x.x versions of the SDK would start and stop threads on demand and/or submit code to thread pools. This made it difficult to identify critical regions in the code and was error prone.
--- A 2nd thread is now used for posting metrics to the analytics backend however all interactions between the two threads are done via a ConcurrentHashMap() and passing a read-only authentication token, no other state is needed for metrics.
--- The user entry points into the SDK such as boolVariation(), stringVariation(), numberVariation() and so on are now designed in such a way that they will never perform network activity. Instead they will only query the internal cache. This prevents unexpected blocking of UI code or code that is sensitive to delays.
--- There is proper use of constructors and final fields to make SDK thread state immutable (and reduce the likelihood of null pointer exceptions where possible).
--- Centralized error handling, the SDK will reset itself on dropped connections, timed out connections or any other exception. it will never get into undefined state but restart after a delay of 1 minute.
--- Centralized network detection, SDK thread will go to sleep when there is no network and wake up when an Android network online event is detected.
-- API Deprecations
--- The following overloaded versions of initialize() have been marked deprecated:
public void initialize(final Context context, final String apiKey, final CfConfiguration config,final Target target, final CloudCache cloudCache, @Nullable final AuthCallback authCallback) throws IllegalStateException
public void initialize(final Context context, final String apiKey, final CfConfiguration config,
final Target target, final AuthCallback authCallback) throws IllegalStateException
public void initialize(final Context context, final String apiKey, final CfConfiguration config,
final Target target, final CloudCache cloudCache) throws IllegalStateException