DAI 26 Release Notes

The notes below provide descriptions of the new features and changes introduced in the 2026 releases of Eggplant DAI.

Any potential compatibility issues are highlighted.

To the extent you are entitled to a copy of the source code for the open source software distributed with this product, a free copy will be provided. Please contact us with your request.

System Requirements

You can find supported operating systems and system recommendations for this release on the Prerequisites page.

Upgrade Notes

Upgrade Notes

• DAI 26.2 is the latest major release of DAI.

• You must upgrade to Eggplant Functional 26.2 before you start your DAI 26.2 upgrade. DAI 26.2 is only compatible with Eggplant Functional (EPF) 26.2.

• The upgrade may take 10-20 minutes to complete.

Take a Backup

Before you upgrade, you need to back up your DAI database folders and configuration file. If there is a problem with your upgrade, you will want to restore your DAI Server to this point. If you have any questions or would like help testing your database before you upgrade, please contact your Technical Success Manager or our Customer Support.

Follow the steps below to back up a DAI Server on Windows:

1. Stop the DAI Server/Windows Service before you take a backup.

2. Back up your database folders (data and minio) and configuration file (config.yml).

3. Restart the DAI Server/Windows Service.

4. Run the installer to for the new version to which you are upgrading.

For information about upgrading container deployments, see Upgrading on the Deploying Eggplant DAI in Containers page.

The online documentation contains the latest information about DAI releases. If you are viewing this documentation online, you are seeing the latest update. If you are using the documentation embedded within DAI, please see the Release Notes on our Documentation website at: https://docs.eggplantsoftware.com/dai/dai-release-notes/ for the latest information.

Release 26.2 (April 2026)

DAI version 26.2 contains the following enhancements and defect fixes:

Features

DAI 26.2 contains the following new feature:

Spaces in DAI

DAI 26.2 introduces Spaces, a new capability that helps your teams organize test assets and manage access within a single DAI instance. Spaces address common challenges encountered when managing large numbers of models, configurations, and test cases. See About DAI Spaces for information about using this exciting new feature.

Security and Authentication

In the 26.1 Release Notes, we announced planned updates to DAI that introduce clearer and stricter expectations for TLS configuration. However, these changes will not be included in 26.2 release.

Important

26.2 does not contain any TLS updates.

There is no impact to current deployments (TLS configurations). All existing configurations, including HTTP connections to the DAI Server, will continue to operate as they did in 26.1 and prior versions.

These security enhancements will, however, be implemented in a future release. To prepare, please be aware that the TLS updates will include:

• HTTPS as the default access method for DAI Support for the following certificate types:

  • Publicly trusted CA certificates
  • Private or enterprise CA certificates
  • Self-signed certificates explicitly trusted by the runtime

• Continued support for alternative configurations, including HTTP-only setups, for environments with specific operational constraints (explicit configuration required)

We will announce a new timeline and publish updated documentation once these enhancements are finalized, providing you with ample time to review and prepare for the changes.

Defect Fixes

DAI 26.2 includes the following fixes for the following Customer Reported Defects (CRDS):

• Resolves an issue where the Origin field on the DAI Test Cases page was limited to 40 characters for existing test cases and 59 characters for new test cases. You can now enter up to 500 characters. (CRD-1950)

• Resolves an issue on the DAI Schedule page where later evening time slots (for example, 11:15 PM) are displayed at the top of the calendar view above earlier time slots (like 3:00 PM) instead of at the bottom. (CRD-1925)

Documentation Updates

You will notice that the 26.2 Release Notes are on the same page as the 26.1 Release Notes. Starting with the DAI 26.1 release, we will be listing the release notes for all the 26.x releases on one page, to make it easier to find them and read about updates in the previous 26.x releases.

Third-Party Component Updates

DAI 26.2 updates the following component:

• Upgrades Keycloak to version 26.5.5

Security Fixes (CVEs)

DAI 26.2 remediates the following security vulnerabilities:

Dependency	Remediated Vulnerabilities
Keycloak	- CVE-2025-66021 / GHSA-g9gq-3pfx-2gw2, OWASP Java HTML Sanitizer vulnerability allowing XSS via <noscript> tags and improper <style> tag sanitization - CVE-2026-1529 / GHSA-hcvw-475w-8g7p, Improper invitation token validation - CVE-2026-1486 / GHSA-37gf-gmxv-74wv, Tokens issued without verifying whether the Identity Provider (IdP) is enabled
Keycloak Quarkus	CVE-2025-66560 / GHSA-5rfx-cp42-p624
Bug-hunting – Keras	CVE-2026-0897 / GHSA-xfhx-r7ww-5995
Bug Hunting – Werkzeug	CVE-2026-27199 / GHSA-29vq-49wr-vm6x
PostgreSQL 17.7	CVE-2026-2006, Memory corruption via buffer overflow in the pg_mblen function
RabbitMQ 4.2.2	BDSA-2018-3189, Man-in-the-middle vulnerability due to missing TLS hostname validation in RabbitMQ and Spring-amqp

Release 26.1 (February 2026)

Upgrade Notes

For information about upgrading to DAI 26.1 on Windows, see Upgrade Notes in the version 26.1 documentation.

For information about upgrading container deployments to 26.1, see Upgrading on the "Deploying Eggplant DAI in Containers" page in the version 26.1 documentation.

DAI version 26.1 contains the following enhancements and defect fixes:

Important

• CORRECTION: The note below states that only TLS (Transport Layer Security) will be supported in DAI 26.2. This change is not in DAI 26.2, but it will be implemented in a future release.

• DAI 26.1 will be the last release to support HTTP connections to your DAI Server. Starting in DAI version 26.2, TLS (Transport Layer Security) only will be supported. This means you must move your DAI Server to use a secure HTTPS connection rather than HTTP only. This important change enhances application security and results from our Identity Access Management (IAM) solution only supporting HTTPS from the most recent version onwards. To upgrade to DAI 26.2, you will need TLS certificates in place. You should consult your organization’s Cyber/App Security function to arrange these certificates.

• The DAI Public API V3 will be released in a near future, and with it, we will be deprecating and removing Public API v1. Users are advised to make necessary preparations and move to a supported later version.

Features

DAI 26.1 contains the following new feature:

Support for Xray Cloud Test Management Tool Integration

DAI 26.1 adds support for test management tool integrations, starting with Xray Cloud Test Management for Jira. Integrating a third-party test management tool with DAI streamlines test case synchronization and reporting. Once you connect DAI to a test management tool, DAI can automatically synchronize your test cases, requirements, and test results between the two systems. For more information, see Test Management Tool Integrations.

3rd Party Updates

DAI 26.1 includes the following 3rd-party product updates:

Component	Previous Version	Upgraded To
Nginx	1.29.1	1.29.4
RabbitMQ	4.1.4	4.2.2
Postgres	17.7.1	17.7.2
OpenJDK	21.0.8+9	21.0.9+10
Mingit	25.1	25.2

Security Fixes

DAI 26.1 remediates the following security vulnerabilities:

Dependency	Remediated Vulnerabilities
Bug hunting (werkzeug)	CVE-2026-21860 / GHSA-87hc-h4r5-73f7
Marshmallow	GHSA-428g-f7cq-pgp5 / CVE-2025-68480
rllib3	RETEST 26.1.0+2: CVE-2025-50182 / GHSA-48p4-8xcf-vxj5 GHSA-38jv-5279-wg99 / CVE-2026-21441
aiohttp	CVE-2025-69223 / CVE-2025-69224 / CVE-2025-69225 / CVE-2025-69226 / CVE-2025-69227 / CVE-2025-69228 / CVE-2025-69229 / CVE-2025-69230