Changelog: Seqera Enterprise

Seqera Platform Enterprise version 25.2 introduces a series of enhancements to improve security, observability, and flexibility.

New features and improvements​

Single instance cloud compute environments​

Single instance compute environments create a single compute instance to execute Nextflow pipelines or run Studio sessions with a local executor. The new AWS Cloud and Google Cloud compute environments are optimized for small to medium pipelines and Studios, enabling faster startup time, simplified configuration, and fewer cloud provider dependencies. To activate these, add awscloud-platform and googlecloud-platform to the TOWER_ENABLE_PLATFORMS environment variable.

Studios​

Compute changes​

• Studios now supports ARM64 architecture and Spot instances in AWS Cloud and Google Cloud compute environments.
• Nested containerization is now supported in AWS Cloud compute environments:
  • VS Code Studios include a Docker-in-Docker configuration method, enabling you to run Nextflow directly.
  • The remaining Studios types support Docker via manual installation.
• Studios now supports path-based routing to enable fixed domains for Studio sessions. This removes the need for a wildcard SSL/TLS certificate.
• You can now add per-session user-defined environment variables when creating a new Studio.

Data Explorer​

• Platform CLI now supports file upload and download operations.
• You can now upload multiple files and folders to your cloud bucket simultaneously.
• New labels display read-only and public buckets.

Platform interface changes​

• The Platform top navigation has been replaced with a sidebar for improved navigation.
• The pipeline run details page has been refreshed and includes these improvements:
  • A progress bar provides a clear, dynamic view of pipeline execution in real time.
  • A dedicated Run info tab with a centralized view of run metadata and status details.
  • Improved navigation tabs for Tasks, Logs, Metrics, and Containers.
  • The Tasks tab is now the default for successful runs.

Fusion​

• Added Fusion Snapshots (beta) support in AWS Batch compute environments, enabling Fusion to automatically restore jobs interrupted by AWS Spot instance reclamation. See Fusion Snapshots for more information.
• Enabled Fusion licensing. A Fusion license sets a specific quota for Fusion use, measured by total pipeline throughput per month (defined by Nextflow’s I/O metrics). See Fusion licensing for more information.
• Added a Platform Fusion usage dashboard.

Audit logs​

• GxP compliance: Expanded audit log events.
• Support for IPv6 addresses in audit log UI and API.
• Audit log API improvements:
  • Pagination improvements for enhanced performance. If you use the audit log admin API in your internal processes, contact us to mitigate any breaking changes to your script.
  • Time range filtering support.

General​

• Bumped Nextflow launcher to 25.04.x.
• Added Conda helper text to the Conda packages field in Add new Studio > General config.
• Added AuditLog for dataset operations.
• Added support for providing launch form values via URL query parameters.
• Added support for markdown rendering for Nextflow object field help_text and description properties.
• Added Aborted task counts to run details.
• Pipeline revision form field formatting in Platform interface.
• Improved pipeline schema validation error messaging in launch form.
• Upgraded Azure Batch Ubuntu image version to 22.04.
• Upgraded AWS SDK dependencies to v2.
• Added support for array type parameters in the Launch form.
• Implemented support for multiple extension dataset parameters in the input form.
• Renamed Pipeline work directory to Work directory in compute environment forms.
• Updated on-hover copy for Metrics tab data widgets.
• Added a confirmation dialogue to prevent accidental termination of uploads and downloads by navigating away from Data Explorer.
• Datasets with the same name can be stored within the same organization.
• Added P5, P5e, P6-b200, I7i, C8gd, M8gd and R8gd EC2 families that support NVMe disk. Learn more on the AWS What's New page.
• Renamed data_set_ prefixed events to dataset_ for consistency with Dataset naming.
• Added indexes to improve performance on some potentially slow queries.
• Added OpenAPI tags to endpoints.
• Enabled revision control during fresh pipeline launch.

Bug fixes​

• Fixed pipeline secrets not being deleted in the context of a personal workspace.
• Fixed missing notifications on tasks in Submitted state.
• Fixed content mime types causing overly restrictive dataset parameters.
• Fixed cost reporting metrics failing to render for runs launched with Nextflow CLI.
• Updated navigation bar link to Dashboard instead of Launchpad.
• Fixed empty state condition for containers in the task details screen when using a version of Nextflow that didn’t have containerMeta support.
• Added support for the ? character in Data Explorer path and file names.
• Improvement to launch parameters handling after pipeline revision or config profiles are changed. Existing parameters are now overridden during a revision or config profile change.
• Fixed an issue where parameters were not updating on relaunch and removed/modified parameters were persisting.
• Improved error message handling for requests that have RequestOptions.responseType explicitly specified.
• Fixed discrepancy between Wall time and total run duration.
• Fixed an issue when editing a pipeline, the logo changed to the organization logo.
• Resolved Google VM propagate instance creation errors.

General warnings​

Removed maxSpotattempts setting from Platform​

This setting is now handled by Nextflow. See the Nextflow reference documentation for more information.

Legacy Seqera container image registry access ended June 1, 2025​

You can no longer pull Seqera Enterprise container images from the legacy Seqera container registries (AWS ECR, GCP AR, Azure CR). All Seqera Enterprise images must be retrieved via the cr.seqera.io container registry. The installation and configuration templates provided for both Docker Compose and Kubernetes installations already reference the cr.seqera.io container image URLs. If you have not yet transitioned to this registry, contact Support to request credentials and for any further assistance.

See Legacy Seqera container image registries for more information on the deprecated Seqera AWS ECR registry.

Upgrade steps​

See Upgrade deployment for installation guidance.

Feature updates and improvements​

• Fusion
  • Backported Fusion quotas.

Security updates​

• Fixed security IDOR vulnerability.

Feature updates and improvements​

• Fusion
  • Backported Fusion quotas.

Security updates​

• Fixed security IDOR vulnerability.

Feature updates and improvements​

• Fusion
  • Backported Fusion quotas.

Security updates​

• Fixed security IDOR vulnerability.

General​

This release backports the default Azure image fix from v25.1.1 to v24.2.x:

Azure Batch support for Ubuntu 20.04 LTS ending

The default Azure Batch Ubuntu image has been updated with sku 22.04. This is to ensure there are no issues with the existing Azure Batch Ubuntu image (sku 20.04) which will be deprecated after April 23, 2025. See, https://github.com/Azure/Batch/issues/174 for more information about the deprecation.

General​

• Azure Batch support for Ubuntu 20.04 LTS ending: The default Azure Batch Ubuntu image has been updated with sku 22.04. This is to ensure there are no issues with the existing Azure Batch Ubuntu image (sku 20.04) which will be deprecated after April 23, 2025. See, https://github.com/Azure/Batch/issues/174 for more information about the deprecation.
• Implement support for multiple extension dataset parameters in the input form.

Seqera Platform Enterprise version 25.1 introduces Studios GA and a number of bug fixes and performance enhancements.

Studios is Seqera's in-platform tool for secure, on-demand, interactive data analysis using containers created from Seqera-managed container template images or your own organization-managed custom environments. You only pay for the compute your Studio sessions consume, and the compute is adjacent to your data, significantly reducing data transfer costs and wasted time copying data from storage to analysis. This significantly reduces infrastructure management requirements, removes data silos, adheres to strict in-platform role-based access control, and lowers your operational costs. Learn more about Studios.

New features and improvements​

Studios​

• Labeled templates: Labels indicate the status of support (recommended or deprecated) for a Seqera-managed Studio container template version. Users can migrate a Studio to a new base container template when Adding as new.
• Private sessions: When adding a new Studio, the number of concurrent connections (private vs. all workspace members) can now be defined in General Config > Collaboration.
• Custom session lifespans: This new feature allows you to set a maximum lifespan for a session, after which time the session is stopped automatically and a checkpoint created, or the session can be extended on-demand.
• Resource labels: Users with at least workspace maintainer role permissions can manage the resource labels inherited from the compute environment and attached to the Studio. Resource labels attached to each Studio don’t affect the default resource labels associated with the compute environment.

Fusion​

• AWS Batch compute environments default to Amazon Linux 2023 AMI when Fusion v2 is enabled.
• Add support for Fusion licensing.

General​

• Updated list of EC2 families with NVMe disks available.
• Audit log update: Pipeline edit events are now logged.
• Switch AWS Batch compute environment dependencies to AWS SDK v2.
• Switch Compute dependencies to AWS SDK v2.
• You can upload custom icons when adding or updating a pipeline. If no user-uploaded icon is defined, Platform will retrieve and attach a pipeline icon in the following order of precedence:
  1. A valid icon key:value pair defined in the manifest object of the nextflow.config file.
  2. The GitHub organization avatar (if the repository is hosted on GitHub).
  3. If none of the above are defined, Platform auto-generates and attaches a pipeline icon.
• New dynamic page title for easy bookmarking.
• Added totalProcesses to workflow progress responses.
• Implement collapsible view for JSON workflow parameters tab and add View as YAML option.
• Update the pipeline name regular expression to allow pipeline names containing dots ('.').
• Allow Nextflow configuration parameters with embedded references to other parameters to be shown verbatim.
• Improved error messaging when pipeline information can't be fetched indicates whether the issue is due to a missing resource, or failed authentication due to expired credentials.
• Azure jobs are now automatically terminated after all tasks are complete.
• Send only added/updated run parameters when launching a pipeline. This includes all defaults and parameters passed during the launch.
• Allow users to remove organization logos.
• New workflow job monitoring collects and publishes Platform metrics.
• Notify the user when secrets cleanup fails.
• Dashboard page: Add a date filter.
• Bump nf-launcher default to version 25.10.5.
• Upgrade to Angular 18.

Bug fixes​

• Studios
  • Fixed resource labels being erroneously non-editable for the Maintain role when adding or starting a Studio session.
  • Fixed searches for names containing special SQL wildcard characters (_, %).
• Prohibit duplicate Git credentials and tie-break on lastUpdated for existing duplicates. Preference is given to the last-updated credentials when there are multiple candidates. A check is also added to avoid duplicates when creating new credentials.
• Set ECS_CONTAINER_START_TIMEOUT to 10 minutes in the ECS settings used by AWS Batch CEs, to prevent Task failed to start - DockerTimeoutError: Could not transition to started; timed out after waiting 3m0s errors.
• Compute environment creation form allows pre- and post-run scripts to be longer than the accepted value of 1024 characters.
• Disable reset selection on data change in workflow list component.
• Take into account the alternative mainScript path.
• Use preferred_username as fallback email field for OIDC login.
• Drop the last characters in job definition names longer than the prescribed limit.
• Fixed an additional reference to the mainScript parameter in the pipeline-info API response.
• Fixed a problem with Entra and javax.mail transitive dependency.
• A change in the nf-core tools template made config profile search in the pipeline launch form inconsistent in Platform as it's prepended by a ternary operator. This release introduces a fix that improves config profile name parsing.
• Do not fetch info for INVALID status pipelines, fetch for all other statuses including DISABLED.
• Fallback to primary compute environment when launching a shared pipeline without an associated compute environment from a private workspace.
• Fixed regression of the quick launch form not selecting the primary compute environment by default.

Breaking changes and warnings​

OIDC Secrets injection modifications​

The auth-oidc-secrets Micronaut environment has been replaced with oidc-token-import. If you use this configuration, you must change the MICRONAUT_ENV environment variable in the manifest during the migration process. If you activate the feature with the TOWER_OIDC_TOKEN_IMPORT environment variable, no changes are needed.

Seqera AWS ECR repository customer access ends June 1, 2025​

Customers will no longer be able to pull Seqera Enterprise container images from the legacy Seqera AWS ECR repository after June 1, 2025. All Seqera Enterprise images must be retrieved via the cr.seqera.io container registry after this cutoff date. The installation and configuration templates provided for both Docker Compose and Kubernetes installations already reference the cr.seqera.io container image URLs. If you have not yet transitioned to this registry, contact Support to request credentials and for any further assistance.

See Legacy Seqera container image registries for more information on the AWS ECR and other deprecated Seqera container registries.

Redis version change​

From Seqera Enterprise version 24.2:

• Redis version 6.2 or greater is required.
• Redis version 7 is officially supported.

Redisson properties deprecated​

From Seqera Enterprise version 24.2, redisson.* configuration properties are deprecated. If you have set redisson.* properties directly previously, do the following:

• Replace /redisson/* references in AWS Parameter Store entries with TOWER_REDIS_*.
• Replace redisson.* references in tower.yml with TOWER_REDIS_*.

MariaDB driver: New MySQL connection parameter required​

MariaDB driver 3.x requires a special parameter in the connection URL to connect to a MySQL database:

jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=true

All deployments using a MySQL database (regardless of version: 5.6, 5.7, or 8) must be updated when upgrading to Seqera Enterprise version 24.1 or later.

MariaDB driver: No truncation support for MySQL 5.6​

The MariaDB driver has dropped support for the jdbcCompliantTruncation parameter, which was true by default and set the STRICT_TRANS_TABLES SQL mode. The STRICT_TRANS_TABLES mode produces an error when the value of a VARCHAR column exceeds its limit, instead of truncating it to fit. Most common installations of MySQL 5.7 and 8 already include this mode at the server level, but the Docker container version of MySQL 5.6 does not.

The SQL mode must be set explicitly through the connection URL for deployments still using MySQL 5.6:

jdbc:mysql://<domain>:<port>/tower?permitMysqlScheme=true&sessionVariables=sql_mode='STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION'

Micronaut property key changes​

The property that determines the expiration time of the JWT access token (used for authenticating web sessions and Nextflow-Platform interactions) has changed as of Seqera Enterprise version 24.1:

Previous	New
micronaut.security.token.jwt.generator.access-token.expiration	micronaut.security.token.generator.access-token.expiration

Enterprise deployments that have customized this value previously will need to adopt the new format.

Upgrade steps​

1. This version includes an update to the Platform Enterprise H8 cache. Do not start the upgrade while any pipelines are in a running state as active run data may be lost.
2. This version requires a database schema update. Make a backup of your Platform database prior to upgrade.
3. If you are upgrading from a version older than 23.4.1, update your installation to version 23.4.4 first, before updating to 25.1 with the steps below.
4. For recommended Platform memory settings, add the following environment variable to your Platform configuration values (tower.env, configmap.yml, etc.):

   JAVA_OPTS: -Xms1000M -Xmx2000M -XX:MaxDirectMemorySize=800m -Dio.netty.maxDirectMemory=0 -Djdk.nio.maxCachedBufferSize=262144
   

5. See Upgrade installation for installation upgrade guidance.

Bug fixes​

A change in the nf-core tools template made config profile search in the pipeline launch form inconsistent in Platform as it's prepended by a ternary operator. This release introduces a fix that improves config profile name parsing.

Bug fixes​

• Solves an issue with Git URLs in Azure DevOps.
• Bumps Nextflow launcher to 24.10.4.

Bug fixes​

• Fix AWS base image security vulnerabilities.