2026 Alation Backend Releases

RELEASE 2026.1.0.0

build 22.0.0.129077

Released February 5, 2026

Note

This release is available for all Alation instance types: customer-managed (on-premise) and Alation Cloud Service.

In this release:

• Search Filter Customization

• URI Override for Data Product Chat

• Data Quality Standards

• FinOps Reporting

• Alamigo in Compose

• Support for Custom Content Security Policy (CSP)

• Integration API Debouncing

• Configurable Rich Text Field Truncation for Alation Analytics

• Enhancements

• Bug Fixes

New Features

Search Filter Customization

Alation Cloud Service, Customer Managed

With Search Filter Customization, admins can define to show only the relevant set of filters on the left side filter panel on the Search page to different groups of users, reducing the time to navigate through a large set of filters.

In Admin Settings > Customize Search Filters, Server and Catalog Admins can now create, update, duplicate, and delete custom search filters and scope them to specific user groups, enabling more relevant and targeted filtering experiences across teams.

To assign groups, admins assign Applicable Groups to each custom filter. Users see only the filters relevant to their groups in the full-search left panel, while users without an assigned group fall back to the Default Filter settings (which cannot be deleted). Each group can be assigned to only one filter setting; if a user belongs to multiple groups, visible filters are combined and hidden filters are applied conservatively. (AL-213373)

URI Override for Data Product Chat

Alation Cloud Service

Added support for specifying a URI override during data source authentication when chatting with data in a data product. The new text field allows users to provide a custom URI with parameters that differ from the default Delivery System URI, enabling greater flexibility in how connections can be established for Chat queries. (AL-215922)

Data Quality Standards

Alation Cloud Service

Introducing reusable, policy-driven data quality standards that make it easy to define, apply, and scale consistent quality rules across your most critical data assets. Data Quality Standards help ensure shared expectations between data producers and consumers, reinforce governance policies, and improve trust by standardizing how quality is measured and enforced across the organization. (AL-214457)

FinOps Reporting

Alation Cloud Service

Added Run Time charts in the Monitor details page to provide greater visibility into the cost and usage of your data quality monitoring. This feature provides clear insights into monitored assets, execution frequency, and overall consumption; helping teams optimize spend, forecast usage, and align data quality investments with business priorities. (AL-215984)

Alamigo in Compose

Alation Cloud Service

Alamigo is now supported in the Compose user interface. (AL-215359)

Support for Custom Content Security Policy (CSP)

Customer Managed

Alation now supports custom Content Security Policy (CSP) configuration for customer-managed (on-prem) deployments. This feature allows Server Admins to opt in to a more restrictive, security-hardened CSP to better protect against cross-site scripting (XSS) and other code-injection attacks, while maintaining compatibility with common third-party integrations. The restrictive CSP is disabled by default, so existing environments continue to use the current permissive policy unless explicitly enabled.

When turned on, the policy includes built-in support for widely used integrations. Administrators can also add custom trusted domains to support organization-specific integrations as needed. The feature is configured via two alation_conf settings: nginx.csp_custom_enabled (default False) to enable the restrictive CSP with default integrations, and nginx.csp_custom to specify additional trusted domains as a space-separated list. (AL-199087)

Integration API Debouncing

Alation Cloud Service, Customer Managed

Added support for debouncing public API integration jobs to reduce system load when processing small batch requests. When enabled via the alation.public_api.rdbms.integration.debounce_interval configuration flag, multiple calls to the RDBMS ingestion public APIs (/integration/v2/schema/, /integration/v2/table/, and /integration/v2/attribute/) are debounced and processed together, improving efficiency for high-frequency API usage patterns. (AL-219625)

Configurable Rich Text Field Truncation for Alation Analytics

Alation Cloud Service

For Alation Analytics, you can now enable configurable truncation of large TEXT and RICH_TEXT fields during Alation Analytics extraction to prevent extraction failures and out-of-memory errors caused by extremely large rich-text content. Truncation is only applicable to custom fields.

When the feature flag alation_analytics-v2.extract.rtf_text_truncation is enabled, TEXT and RICH_TEXT values are truncated during extraction to the size specified by alation_analytics-v2.extract.rtf_truncation_limit_in_bytes (default: 1 MB).

Truncation affects analytics extraction only and does not modify catalog data. This feature is disabled by default. (AL-186350)

Enhancements

• Updated the Admin user interface for Data Product entitlements to ensure the data product widget is displayed only when the Data Product feature flag is enabled, preventing unintended visibility when the feature is turned off. (AL-215425, Alation Cloud Service)

• Previously, only Server Admins could see and change the SSO configuration dropdown in Data Products, which limited delegated management. We’ve expanded visibility and adjusted the permission checks so that Data Product Admins who hold a role consuming the Creator license can now select and configure SSO for their data products without needing full Server Admin rights. (AL-219624, Alation Cloud Service)

• Removed the hard limit of 1,100 data sources in the upstream or downstream connections selector in Lineage settings and updated the component to scale better. Instead of loading all sources client-side, the selector and search are now powered by the Catalog Search API, which may surface broader (partial) matches in addition to exact matches. Results are now paginated, loading 50 items at a time, with Load More and Load Previous controls, and search can be used to quickly find specific data sources in large environments. (AL-207090)

• If the customer is using PrivateLink or Dedicated Access, Alation now displays an alternative user interface with the correct URL of the dedicated forward proxies. The option to use the shared proxies still exists. (AL-183194, Alation Cloud Service)

Bug Fixes

• Fixed an issue where non-admin users could edit picker fields added to a domain template when the Unified Tags feature flag was enabled. Picker field editability on the Domain catalog page is now correctly enforced, ensuring that only users with appropriate roles can modify these fields. (AL-220530)

• Fixed an issue where the SCIM token creation section did not appear in Admin Settings even after SCIM was enabled. The SCIM token section now correctly displays in the Auth tab when directory sync is enabled (user_group_management.sync_from_directory_provider.enabled = true) and the sync protocol is set to SCIM (user_group_management.sync_from_directory_provider.protocol = scim).

• Fixed an issue where private dbt objects appeared in search results for Stewards but returned a 403 error when opened. Search query filters now respect granular permissions, ensuring users only see DBT objects they are authorized to access. (AL-218010)

• Fixed a document editing issue by ensuring a document page honors and applies permissions inherited from its immediate parent folder. When a document inherits permissions, the parent folder’s edit or view rules are now enforced correctly on the document. (AL-217718)

• When Unified Tags are enabled, duplicate Picker custom field names are now restricted consistently across both the Custom Fields UI and the public Custom Fields API. Other field types (such as Multi-Picker, Date, Rich Text, and Object Set) can be created or updated without restrictions. The public API now enforces the same duplicate-name validation as the user interface, preventing bulk creation or updates of picker fields that conflict with existing picker field names. (AL-216970)

• Fixed an issue where @-mentioned objects in catalog descriptions (rich-text custom fields) were not rendering correctly in notification emails for Stewards. Mentions now display as expected in notification emails. (For article objects, title hydration is skipped since they are being phased out to avoid unnecessary performance overhead.) (AL-216654)

• Fixed an issue where the SCIM token section was visible in the Auth tab of Admin Settings even when the SCIM feature was disabled. The section is now hidden unless the required SCIM feature flags are enabled, and the token status message has been updated to clearly read “The token expired on <time>” when a token has expired. (AL-216220)

• Fixed an issue where the SCIM token expiry banner appeared in the New User Experience UI even when SCIM sync was disabled. The banner is now shown only when directory sync is enabled (user_group_management.sync_from_directory_provider.enabled = true) and the sync protocol is set to SCIM (user_group_management.sync_from_directory_provider.protocol = scim). (AL-216030)

• Fixed an issue where the statement was not displayed on the execution results page if {""} appeared in comments or elsewhere within the statement. (AL-215356)

• Fixed an issue in Bulk Management document imports where uploading documents to a Document Hub folder could appear successful in the user interface but fail in the error report with a NoneType object has no attribute replace message. The document creation flow now correctly handles cases where title and description field IDs are present in the header row, ensuring imports complete reliably. (AL-215211)

• Fixed an issue where enabling the Unified Source Tags feature flag caused the migration script to fail with a duplicate key value violates unique constraint unique_source_tag error. The migration now correctly handles duplicate tag entries, which can occur when source tags are recreated in Snowflake, ensuring the unified tags migration completes successfully. (AL-215018)

• Resolved performance issues on the Alation Analytics ETL Status Dashboard that caused 504 Gateway Timeout errors due to slow queries exceeding load balancer limits. The ETL status query was optimized by removing unnecessary joins and consolidating timing data to use etl_metrics as the primary source, reducing execution time from over 60 seconds to under 1 second. (AL-214624)

• Addressed CIS Docker Benchmark recommendations. For customer-managed installations, inter-container communication (ICC) is now explicitly disabled on the default Docker bridge to further restrict network traffic, even though the default bridge is not otherwise used. For both Alation Cloud Service and Customer-managed deployments, the ADD instruction in Dockerfiles has been replaced with COPY in the base transform image used by Alation Analytics. (AL-214329)

• Fixed a bug affecting CSV metadata uploads for Virtual Data Sources where the has_user_defined_multipart_schema_names field was incorrectly initialized as None. The field is now explicitly set to False by default when data sources are created via the API, ensuring metadata uploads work as expected. (AL-214242)

• Previously, some SAP BO reports were still missing lineage even though their queries referenced HANA models. This update correctly handles nested prompts enabling lineage for the affected reports. (AL-213112)

• Fixed an issue where the Lineage chart did not switch to Incremental load even when it was set as the default. Lineage now correctly applies user preferences on first load. (AL-210722)

• Fixed an issue where newly created subfolders always defaulted to public access regardless of the parent folder’s permissions. Subfolders now copy the parent folder’s access settings at creation time, ensuring consistent access control. Permissions are cloned at subfolder creation time, not dynamically inherited (unlike document inheritance mode permission). Existing subfolders retain their current permissions unless updated manually. (AL-210101)

• Fixed an issue where scheduled queries for RDBMS data sources could fail and cause the active queue to back up. The scheduler now detects Daylight Saving Time (DST) transitions to prevent duplicate executions. (AL-209796)

• Fixed an issue where a single-reference field could end up containing multiple links after a linked document was deleted and later restored. The reference field now enforces its one-to-one relationship by replacing any existing reference (including soft-deleted ones) when a new reference is added, preventing duplicate links and ensuring consistent behavior. (AL-209373)

• Fixed a potential HTML injection issue in Workflow Center (Classic User Experience) where the workflow creation success message could render HTML content from the title. The snackbar alert now sanitizes HTML content, aligning behavior with the New User Experience. (AL-208704)

• Updated the Classic User Experience to enable Alamigo integration that can detect configuration issues and Metadata Extraction (MDE) job errors for supported connectors and provide guided, in-product assistance to help Admins resolve problems quickly.(AL-207941)

• Fixed an issue where the ETL job for the data_products_searches analytics table failed due to a unique constraint violation on search_id. The job now correctly handles cases with empty search_id values, preventing constraint violations and ensuring the load to the dimension table completes successfully. (AL-207936)

• Fixed a permissions issue where Catalog Admins with the correct custom field access were unable to upload a data dictionary for BI data source objects when updating descriptions. The data dictionary upload flow now correctly honors BI asset permissions, preventing errors like “You do not have permission to edit catalog object”. (AL-207096)

• Fixed an issue where Lineage continued to display catalog objects that were deleted, which confused users because those objects no longer appeared in the catalog user interface. With this change:

  • Soft-deleted (“GONE”) objects are hidden from lineage charts by default, so the lineage view matches what users expect to see in the Catalog.

  • Hard-deleted objects will still appear as temporary (“TMP”) objects in lineage charts (since lineage may still reference them).

  • Users can view soft-deleted objects in lineage charts by enabling the Show Gone objects filter. (AL-201146)