Changelog: Seqera Enterprise

Bug fixes​

A change in the nf-core tools template made config profile search in the pipeline launch form inconsistent in Platform as it's prepended by a ternary operator. This release introduces a fix that improves config profile name parsing.

Bug fixes​

• Solves an issue with Git URLs in Azure DevOps.
• Bumps Nextflow launcher to 24.10.4.

Improvements​

• Enterprise telemetry now differentiates between Platform UI and CLI workflow executions.
• Azure Batch job termination now includes the Nextflow head job, so queues no longer remain active after a workflow completes.

Fixes​

• Fix AWS base image security vulnerabilities.
• Fix runs list view deselecting checked runs.
• Fix Azure DevOps issues when launching from non-default project repositories.
• Fix pipeline editing errors for repositories without a main.nf file.

Seqera Enterprise version 24.2 introduces new Data Studios features, global Nextflow configuration at the compute environment level, Azure service principal and managed identity authentication support, and a number of bug fixes and performance enhancements.

New features and improvements​

Data Studios​

• Data Studios now supports custom environments:
  • Create custom analysis environments, or link to public or private ECR containers.
  • Custom environment build events are now added to the audit log. The events data_studio_session_build_started and data_studio_session_build_failed are added to the audit log events table.
• Data Studios dashboard:
  • A new dashboard provides information about Data Studios usage to help you manage your resources.
• In a GPU instance type compute environment, both CPU and GPU resources are supported and can be added to your Data Studio sessions.
• NVMe support added.
• EFS volume mounting is now supported.
• Browse a studio session's mounted data directly from the studio details page using Data Explorer.

Nextflow configuration updates​

• Added a Global Nextflow config field to all compute environments. This field allows you to define Nextflow configuration values in the compute environment that are then pre-filled in the pipeline Nextflow config file field during launch.
• Implemented custom launch container logic in the workflow/launch API endpoint. This allows you to specify a custom container using the launchContainer key in your request body when submitting a workflow execution. For example:

  {
    "launch": {
        "id": "T3xxxxxxxxxxig",
        "launchContainer": "quay.io/seqeralabs/nf-launcher:j17-23.10.1-up1", 
        "computeEnvId": "6Uxxxxxxxxxxxhl",
        "workDir": "s3://your-bucket",
        "pipeline": "https://github.com/nextflow-io/hello",
        ...
    }
  }
  

Azure Batch: Entra service principal and managed identity authentication support​

• Authentication using Microsoft Entra service principals is now supported in manual Azure Batch compute environments. This provides a secure alternative to long-lived access keys, as service principals enable role-based access control with more precise permissions.
• You can now also use a managed identity in conjunction with your credentials (access keys or service principals) to authenticate Nextflow to Azure services. The combination of an Entra service principal and user-assigned managed identity offers enhanced security over access keys. Note that both authentication methods are only supported in manual Azure Batch compute environments.

Launchpad​

• The new Launch Form is now enabled by default. See Core feature configuration for options to disable the launch form per workspace or globally.

Compute environments​

• AWS Batch Forge compute environments now support Amazon Linux 2023. Previously, Batch Forge only created compute environments with Amazon Linux2. Seqera now supports specifying Amazon Linux 2023 ECS-optimized AMIs when you create AWS Batch compute environments. AWS-recommended Amazon Linux 2023 AMI names start with al2023-.
• The Google Life Sciences API will be deprecated in June 2025. A Google Life Sciences API deprecation notice has been added to the Seqera Platform UI.
• Tag propagation has been added to the AWS Batch launch templates created by Batch Forge, which propagates resource labels to storage volumes (as well as instances which are the default).

Credentials​

• The Password field is no longer required for GitLab credentials, as public repositories only require an access token. Note that private repositories will require a credential with both a password and access token.

Settings​

• Added flexibility for pipeline names in workspaces. Pipeline names must be unique at the workspace level for private workspaces, while shared workspaces require names to be unique at the organization level.

General​

• Refactor now reports file streaming over Agent connections directly to the browser.
• Input forms now support JSON schema draft 2020-12 features. Includes: Nested parameters, "anyOf", "allOf", and "oneOf" input form validation support, "dependantSchemas" initial support, and "if-then-else" support. This improves support of JSON schema and prevents form errors for unrecognized validations.
• ECS agent configuration variables have been added to set the timeout for several container actions:
  • ECS_CONTAINER_CREATE_TIMEOUT=10m: Timeout for creating a container.
  • ECS_CONTAINER_STOP_TIMEOUT=10m: Timeout for stopping a container. Increase to prevent Nextflow from being forcibly killed and leave running jobs.
  • ECS_MANIFEST_PULL_TIMEOUT=10m: Timeout for pulling a container manifest. This may be needed when pulling a Wave container with a long build time.
• Disable AWS and Google Cloud Batch spot auto-retry: This disables the automatic retry of Batch jobs submitted by Nextflow in favour of using the classic Nextflow retry mechanism. This is because the Batch automatic retry is completely invisble to Seqera and the user. Nextflow retry gives better feedback and allows the user to have more control.
  note

  This requires a change to pipeline configurations that previously used Spot auto-retry for AWS and Google Cloud Batch.

• Bump nf-launcher:j17-24.10.2.
• Upgrade to Angular 16.
• Security fixes: All security fixes for previous versions.

Bug fixes​

• Check if a workspace is disabled before fetching data links.
• Allow resume with compatible compute environments when using Tower Agent and $TW_AGENT_WORKDIR as working directory.
• Fix input form view for private GitHub repositories using pipeline Quicklaunch.
• Fix issue where workspace secrets were not being selected by default when using pipeline Quicklaunch.
• Fix incorrect role access in new launch form which allowed users with "Maintain" role and lower to edit resource labels when launching.
• Fix Entra and javax.mail transitive dependency problem.
• Shared pipelines without an associated compute environment now default to using the workspace primary compute environment.
• Display initial mounted data when starting an existing Data Studio session.
• Add managedIdentityId to the API response payload when describing a compute environment.
• Send fetch schema request in quicklaunchmode, even if revision is empty.
• Fix issue where searching for task tags using underscores wasn't returning the expected values.
• Improve performance of queries reported as intensive on the RDS database. Added an index to the tw_workflow(complete) column, which improves the performance of the query that finds workflows with missing progress. Added an index to the tw_workflow(status) column conditionally; the index was already present in the cloud.seqera.io database, but not previously included in the database migration scripts.
• Avoid using master as the fallback pipeline revision, so that pipeline repositories without a master version don't return errors on Quicklaunch.
• Update lastUsed on compute environment when creating a job for a Data Studios session.
• Enable task working directory navigation using Data Explorer in personal workspaces.
• Allow changing the working directory when launching a pipeline.
• Encode file names when requesting a download URL in Data Explorer.
• Fix report access issue for Nextflow CLI runs with TOWER_CONTENT_URL set.
• Fix NF schema nested object values being lost when switching to input form view. Remove processing of unsupported JSON schema types inside pipeline input form components.
• Show CORS modal when detecting an incorrect eTag configuration for Data Explorer, and update link to Seqera docs.

Breaking changes and warnings​

Seqera AWS ECR repository customer access ends June 1, 2025​

Customers will no longer be able to pull Seqera Enterprise container images from the legacy Seqera AWS ECR repository after June 1, 2025. All Seqera Enterprise images must be retrieved via the cr.seqera.io container registry after this cutoff date. The installation and configuration templates provided for both Docker Compose and Kubernetes installations already reference the cr.seqera.io container image URLs. If you have not yet transitioned to this registry, contact Support to request credentials and for any further assistance.

See Legacy Seqera container image registries for more information on the AWS ECR and other deprecated Seqera container registries.

Redis version change​

From this version of Seqera Platform:

• Redis version 6.2 or greater is required.
• Redis version 7 is officially supported.

Redisson properties deprecated​

From this version of Seqera Platform, redisson.* configuration properties are deprecated. If you have set redisson.* properties directly previously, do the following:

• Replace /redisson/* references in AWS Parameter Store entries with TOWER_REDIS_*.
• Replace redisson.* references in tower.yml with TOWER_REDIS_*.

MariaDB driver: New MySQL connection parameter required​

MariaDB driver 3.x requires a special parameter in the connection URL to connect to a MySQL database:

jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=true

All deployments using a MySQL database (regardless of version: 5.6, 5.7, or 8) should be updated accordingly when upgrading to Platform version 24.1 or later.

MariaDB driver: No truncation support for MySQL 5.6​

The MariaDB driver has dropped support for the jdbcCompliantTruncation parameter, which was true by default and set the STRICT_TRANS_TABLES SQL mode. The STRICT_TRANS_TABLES mode produces an error when the value of a VARCHAR column exceeds its limit, instead of truncating it to fit. Most common installations of MySQL 5.7 and 8 already include this mode at the server level, but the Docker container version of MySQL 5.6 does not.

The SQL mode must be set explicitly through the connection URL for deployments still using MySQL 5.6:

jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=true&sessionVariables=sql_mode='STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION'

Micronaut property key changes​

The property that determines the expiration time of the JWT access token (used for authenticating web sessions and Nextflow-Platform interactions) has changed since version 24.1:

Previous	New
micronaut.security.token.jwt.generator.access-token.expiration	micronaut.security.token.generator.access-token.expiration

Enterprise deployments that have customized this value previously will need to adopt the new format.

Upgrade steps​

1. This version includes an update to the Platform Enterprise H8 cache. Do not start the upgrade while any pipelines are in a running state as active run data may be lost.
2. This version requires a database schema update. Make a backup of your Platform database prior to upgrade.
3. If you are upgrading from a version older than 23.4.1, update your installation to version 23.4.4 first, before updating to 24.2 with the steps below.
4. For recommended Platform memory settings, add the following environment variable to your Platform configuration values (tower.env, configmap.yml, etc.):

   JAVA_OPTS: -Xms1000M -Xmx2000M -XX:MaxDirectMemorySize=800m -Dio.netty.maxDirectMemory=0 -Djdk.nio.maxCachedBufferSize=262144
   
5. See Upgrade installation for installation upgrade guidance.

Bug fixes​

• Search task names in run details.

Bug fixes​

• Mailer dependency issue causing email send failures.

Security updates​

• Fix critical frontend vulnerabilities.

Feature updates and improvements​

• Improvement: Add tag propagation for storage volumes to AWS launch template.
• Improvement: Implement custom H8 2nd-level cache to replace Redisson cache.
• Improvement: Extend determineTextFormat helper function.

Bug fixes​

• Disable launch form submit button during form validation.
• Allow workDir edit during pipeline launch.
• Data Explorer preview for Azure Blob Storage files.
• GCP resource leak.
• Remote config read issue.
• Dependency vulnerabilities.

Version bumps​

• Bump nf-launcher:j17-24.04.4

Bug fixes​

• Redis TLS connection issue.

Security updates​

• Security patches.