Major Release 2026.1.0

March 19, 2026

In this release:

• Major Release 2026.1.0
  • Key Features: 2026.1.0
  • Enhancements: 2026.1.0
  • Bug Fixes: 2026.1.0
  • Bugs: Security Vulnerability Fixes
  • Breaking changes: 2026.1.0
  • Known Issues: 2026.1.0

Key Features: 2026.1.0

Observability Enhancements

This release introduces enhanced observability capabilities for Akana Platform to improve log analysis, monitoring, and integration with modern observability platforms.

Key Enhancements

• JSON Format Logging for Access Logs – In addition to existing NCSA format, access logs can now be generated in structured JSON format, enabling easier parsing and integration with observability platforms such as ELK, OpenSearch, Relic, and Splunk. Structured logs enable better filtering, indexing, and automated analysis of API traffic and operational events.

• JSON Format Logging for Container Trace Logs - In addition to existing Indented formatted logs, container trace logs can also be generated in structured JSON format. JSON-based trace logs provide consistent and machine-readable diagnostic data for easier troubleshooting and operational monitoring.

• Configurable Exception Stack Trace Size – Support for limiting the size of exception stack traces, helping reduce excessive log volume and optimize storage. This support is available in both existing Indented formatted container trace logs as well as new JSON formatted container trace logs.

Benefits

• Improved compatibility with centralized logging and monitoring systems.

• Reduced log storage overhead through structured logging and stack trace size control.

• Better operational visibility into API traffic and gateway behavior.

Please refer to the Observability documentation to get started using these features.

• Enable JSON format logging for Access Logs

• Enable JSON format logging for Trace Logs

• Configure Exception stack trace size

Case number: 01044189

Enhancements: 2026.1.0

Anti-Virus Policy Enhancements

This release introduces several enhancements to the Anti-Virus (AV) Policy to improve malware detection coverage, ICAP interoperability, and scanning flexibility across different HTTP payload formats.

These enhancements strengthen protection against malicious payloads in headers, body content, and multipart file uploads while improving integration with ICAP-compliant antivirus servers.

• ICAP X-Violations-Found Header Support – Looks for presence of X-Violations-Found header in response headers for improved malware detection accuracy.

• ICAP X-Infections-Found Header Support – Looks for the presence of the X-Infections-Found header in response headers to improve malware detection accuracy.

• Scan by Content-Type – Enables selective scanning based on configured Content-Type values to optimize performance and enforcement.

• Full Body Scope Coverage – Supports scanning across request, response, fault body, and other parts such as headers.

• Enhanced coverage of multipart request scanning – Scans individual file parts within multipart uploads, supporting multiple files and other multipart formats such as multipart/related and multipart/mixed.

• Backward Compatible & Configuration Changes – A new property in the ND admin console is introduced to configure the option to retain the Content-Type of the request sent downstream or change it to multipart/mixed.

Please refer Known Issues: 2026.1.0 section for known restrictions.

Please refer to How the Anti-Virus Policy works for further details.

Case number: 00798480, 01335194, 01335194, 01335194

Target Endpoint Client Timeout configuration support using Community Manager API

Now the client timeout setting for Target endpoints can be managed using Community Manager REST APIs. The REST APIs will allow to configure the setting for APIs with proxy or physical service pattern.

Following new API endpoints are added.

• GET /apis/versions/{ApiVersionID}/implementations/{ImplCode}/timeout

• PUT /apis/versions/{ApiVersionID}/implementations/{ImplCode}/timeout

For detailed API documentation please refer following documentation topics

• Get API Client Timeout

• Update API Client Timeout

Case number: 01337645

Bug Fixes: 2026.1.0

SNI Functionality Not Working as Expected

The SNI functionality was not operating correctly in scenarios where the PM containers and the CM portal were deployed separately, and the Gateways communicated exclusively with the PM containers.

With the applied fix, SNI functionality now behaves as expected across all scenarios and deployment configurations.

Case number: No associated case

Incorrect Behavior of Group Creation API in Specific Scenarios

When creating a group via the API without specifying the Visibility field (or when an invalid value was provided), the group would incorrectly default to Public, even when public groups were disabled in the Community Manager portal under Admin → Settings → Group → visibility settings.

Please refer to the API documentation for updated behavior.

Case number: 01337913

Incorrect response code for Cancel Contract CM API in certain scenarios

The Cancel Contract CM API would return status code HTTP 404 (Not Found) when attempting to cancel a non-existent contract, instead of HTTP 204 (No Content).

Case number: 01445803

SSO login timeout to Community Manager

Community Manager login would sometimes cause timeout, when there are large number of records in Akana Certificate Trust store. Introduced query optimizations resulting in slight improvement in overall performance. Additional performance improvements are planned in upcoming release.

Case number: 01438256, 01510683

Bugs: Security Vulnerability Fixes

Third-party libraries updated to mitigate vulnerabilities

Several third-party libraries have been updated to mitigate critical, high, and some medium priority vulnerabilities. See Using the Third-Party Libraries in the Akana documentation.

Case number: No associated case

Breaking changes: 2026.1.0

Change in the location of JMS configuration properties in container Admin console

The com.soa.jms PID configuration properties are deprecated. Use com.soa.messaging and com.soa.messaging.jms instead.

Case number: No associated case

Known Issues: 2026.1.0

Unsupported Anti-virus policy scenarios

Anti-virus policy doesn’t support certain scenarios.

• Scan by content-type limitations: The scan by content type option may not work for some content types listed in the policy user interface. Send the content type as application/octet-stream if the content-type is not found working.

• File stripping not supported: The option to strip the file before sending downstream is not currently supported.

For further details, refer to the text under Scan By Content Type in the To configure an anti-virus policy in Policy Manager section of the documentation.

Case number: No associated case