---
id: v1.15.0
title: v1.15.0
description: Backstage Release v1.15.0
---

These are the release notes for the v1.15.0 release of
[Backstage](https://backstage.io/).

A huge thanks to the whole team of maintainers and contributors as well as the
amazing Backstage Community for their hard work in getting this release
developed and done.

## Highlights

This release has a few important security fixes, along with a lot of squashed
bugs and exciting additions as usual! Enjoy.

### **BREAKING**: Scaffolder build requirements

The Scaffolder backend uses a sandboxing environment to run its `nunjucks`
templating in, for security reasons. This used to leverage the `vm2` library,
but in this release it has been replaced by `isolated-vm`. This significantly
improves the confidence level in the sandbox implementation since it builds upon
`v8` isolates directly. However, it comes with a cost to implementers: it is a
native dependency, and as such needs to be built during `yarn` installation, on
the exact architecture that it then executes on. For those who compile and run
Backstage on stripped-down environments, you will want to ensure that you have
the build basics present, e.g. `build-essential` or similar corresponding to
your operating system of choice. The `isolated-vm` repo has [some further
information](https://github.com/laverdet/isolated-vm#requirements) about the
build environment requirements.

There is a [CVE-2022-39266](https://www.cve.org/CVERecord?id=CVE-2022-39266)
that has been reported for `isolated-vm`, which applies only when using
`CachedDataOptions`. We do not use that feature at all, since it is recommended
against in the [README](https://github.com/laverdet/isolated-vm#shared-options);
doing so can lead to breakouts and calling back to the main process. Some
security tools may report that this is a vulnerability but it is safe to ignore
this through your `.snyk` policy file or similar.

### **BREAKING**: `@backstage/plugin-linguist-backend`

There have been some significant updates to the Linguist plugin, in particular
the backend and its API. One breaking change is that `LinguistBackendApi` is now
an interface rather than a class, and you should create its implementation
`LinguistBackendClient` instead.

Contributed by [@ahhhndre](https://github.com/ahhhndre) in
[#16954](https://github.com/backstage/backstage/pull/16954)

### **BREAKING**: `@backstage/plugin-github-actions`

In order to make this plugin support GitHub enterprise as well as cloud, its
`GithubActionsClient` is updated to take an `scmAuthApi` instead of the previous
`githubAuthApi`.

Contributed by [@koalaty-code](https://github.com/koalaty-code) in
[#17781](https://github.com/backstage/backstage/pull/17781)

### New module: Unprocessed Entities

This frontend plugin and accompanying backend module lets you peek under the
covers of your catalog instance, finding those pesky unprocessed entities that
may be stuck in limbo because of an otherwise tricky-to-debug validation issue
or similar.

Check out [the plugin’s
README](https://github.com/backstage/backstage/blob/master/plugins/catalog-unprocessed-entities/README.md)
for details and installation instructions.

Contributed by [@alde](https://github.com/alde) in
[#17828](https://github.com/backstage/backstage/pull/17828)

### More movement toward Material UI v5 and React v18 compatibility

There have been some tweaks here or there to types and the theme system to
ensure a smooth future migration toward Material UI version 5. This should be
mostly transparent to adopters, but please let us know if you encounter any
oddities around the theme system after upgrading to this release.

To ensure your future compatibility with v5 plugins, you may want to upgrade
your theme provider to use the new unified one:

```diff
     Provider: ({ children }) => (
-    <ThemeProvider theme={lightTheme}>
-      <CssBaseline>{children}</CssBaseline>
-    </ThemeProvider>
+    <UnifiedThemeProvider theme={builtinThemes.light} children={children} />
     ),
```

We’ve also ensured to be more thorough with how we use `PropsWithChildren` to
ensure that there’s a smooth transition to the non-implicit children in the
React v18 types.

### New Backend System lifecycle changes

When using [the new Backend system](https://backstage.io/docs/backend-system/),
plugins are now started up concurrently instead of serially. This improves
startup times significantly in some cases.

If you were relying on feature registration order to make sure that one plugin
was completely initialized before being consumed by other plugins, we at the
same time introduced a new `addStartupHook` method to the
`coreServices.lifecycle` that you can use instead to act after all plugin
initializations have completed.

At the same time, the default HTTP server implementation adds a middleware to
the top of the chain, which stalls incoming requests for a short period of time
while waiting for service startup. If it takes longer than that predefined time,
it responds with a `503 Service Unavailable` error. The end result is that as
long as startup is typically fast, callers should only see slightly higher
turnaround times for requests to services that are starting up, instead of
getting 404 errors or similar which was often the case in the past.

### Azure identity improvements

On the Azure front, there’s been work toward ensuring support for service
principals, managed identities, and workload identities.

Contributed by [@sanderaernouts](https://github.com/sanderaernouts) in
[#17780](https://github.com/backstage/backstage/pull/17780) and
[@afscrome](https://github.com/afscrome) in
[#18324](https://github.com/backstage/backstage/pull/18324)

### Resource utilization and error display for k8s pods

You can now see some resource utilization statistics and errors, where present,
for your Kubernetes pods.

Contributed by [@mclarke47](https://github.com/mclarke47) in
[#17563](https://github.com/backstage/backstage/pull/17563) and
[#18169](https://github.com/backstage/backstage/pull/18169)

### Printable TechDocs

There have been some changes to the TechDocs styles, to properly handle `print`
media. This should make PDF exports and printing of documentation work better.
Let us know how it goes!

Contributed by [@maapteh](https://github.com/maapteh) in
[#18007](https://github.com/backstage/backstage/pull/18007)

### OpenAPI linting

The `backstage-repo-tools` CLI’s OpenAPI features now have a new `lint`
subcommand. This lets you automatically lint the OpenAPI schemas of plugins for
correctness and best practices.

Contributed by [@sennyeya](https://github.com/sennyeya) in
[#18185](https://github.com/backstage/backstage/pull/18185)

### Catalog conflict events (experimental)

If you pass in an event broker to the catalog backend, it now has the
experimental ability to emit events onto the event bus describing entity
conflicts as they happen internally. This can then be observed and acted upon by
external consumers.

Contributed by [@sblausten](https://github.com/sblausten) in
[#16977](https://github.com/backstage/backstage/pull/16977)

## Security Fixes

- See the note above about the Scaffolder replacing `vm2` with `isolated-vm`.
- There were some cases where sensitive configuration settings could be seen by
  the browser. The configuration schemas have been tightened up accordingly in a
  few places to counter this.
- The TechDocs base Docker image has been upgraded to include a few security
  fixes. This will get picked up automatically for future Docker based TechDocs
  runs, after upgrading Backstage.

## Upgrade path

We recommend that you keep your Backstage project up to date with this latest
release. For more guidance on how to upgrade, check out the documentation for
[keeping Backstage
updated](https://backstage.io/docs/getting-started/keeping-backstage-updated).

## Links and References

Below you can find a list of links and references to help you learn about and
start using this new release.

- [Backstage official website](https://backstage.io/),
  [documentation](https://backstage.io/docs/), and [getting started
  guide](https://backstage.io/docs/getting-started/)
- [GitHub repository](https://github.com/backstage/backstage)
- Backstage's [versioning and support
  policy](https://backstage.io/docs/overview/versioning-policy)
- [Community Discord](https://discord.gg/backstage-687207715902193673) for
  discussions and support
- [Changelog](https://github.com/backstage/backstage/tree/master/docs/releases/v1.15.0-changelog.md)
- Backstage [Demos](https://backstage.io/demos),
  [Blog](https://backstage.io/blog),
  [Roadmap](https://backstage.io/docs/overview/roadmap) and
  [Plugins](https://backstage.io/plugins)

Sign up for our [newsletter](https://mailchi.mp/spotify/backstage-community) if
you want to be informed about what is happening in the world of Backstage.