Feature Enhancements

• Added support for roles in CSV uploads for custom apps
• Updated search to correctly show the logo for Resource Apps instead of the logo for their parent Apps.

Bug Fixes

• Fixed the 'Create UAR without Scope' warning modal incorrectly appearing when only scoping by group types

• Fixed bulk expiration button showing incorrect expiration option on first load

Self-hosted only

• Replaced Bitnami Redis images with Opal-hosted alternatives (On-prem customers must upgrade to this version by 08/28/2025)

New Functionality

• Added the ability to delegate access request reviews to other organization members. Schedule delegates from Settings > Delegates, accessible from your user profile in the lower left corner of the dashboard

Bug Fixes

• Fixed groups in the Group Access table and Group Details modal not being clickable

• Fixed an issue with API-initiated access requests having a broken support ticket when no support_ticket parameter is passed.

• Fixed search functionality on the sent tab of requests

User Experience Improvements

• Improved end user details interface by separating ID and link copy buttons for better usability

New Functionality

• Admins can now download requests from the admin tab

Bug Fixes

• Fixed UAR cells getting cut off to prevent content truncation in the user interface

• Fixed inventory tag and inventory owner links to navigate to the correct tab on the details page when clicked

• Fixed requests incorrectly indicating requested assets as never used

User Experience Improvements

• Improved owner escalation policy validation to prevent setting values below 5 minutes or above 1440 minutes

New Functionality

• Added custom date option to bulk expirations menu

• Added connector group and connector resource app identifiers to sublabels and hovercards

• Added ability to filter inventory/owners by specific users

Feature Enhancements

• Reworked access rules failsafe threshold for better accuracy

  • The threshold is now evaluated against additions and removals separately (as opposed to cumulative changes)
  • The threshold no longer has a 20 user minimum, this will make the failsafe useful for smaller single-team rules.

• Updated notification styling

Bug Fixes

• Fixed GitHub connection creation sync failure

Self-hosted only

• Added support for SMTP connections on port 25, with or without STARTTLS

Feature Enhancements

User Experience Improvements

• Added explore to the KBar
• Improved request approver flow with slight visual changes
• Added a new table view in User Settings to display active request reviewer delegations, making it easier to manage and track who can review requests on your behalf
• Added manager full name and manager ID to user export CSVs
• Display Role name on soon to expire notification subevent table

Search and Filtering

• Enhanced search filter on Inventory group users or resource user tables to now filter on names, email, or position
• Added the ability to filter resources by remote ID and resource type in the Resources API, enabling more precise resource lookups based on external system identifiers

API Enhancements

• Added REST Public API support for Github Org Roles

Bug Fixes

• Updated errors to include more details when Jira credentials are incorrect

Self-hosted only

• Added ability to tune memory requests and limits for some key opal pods

Feature Enhancements

Access Review Improvements

• Enhanced Resource Preview with pagination, sorting, and filtering capabilities
• Added pagination and sorting to Group Preview, improving performance for large datasets
• Replaced "Other Reviewers" column with a comprehensive list view instead of an icon

API Enhancements

• Added ability to request all resources a user has access to via the API

Integrations

• Added support for GitHub app installations
• Implemented app validations for Tailscale and allow authentication via OAuth instead of API keys
• Enabled automatic provisioning of Snowflake users
• Updated roles dropdown under User Access tab on resources

User Experience Improvements

• Changed resource creation flow to use modal instead of full page
• URLs are now clickable links in custom field descriptions and labels
• Performance improvements for the Risk Center

Bug Fixes

• Fixed issue where Soon To Expire notifications were being sent multiple times for the same asset
• Fixed conjugation/pluralization issue in Request Ticket banner
• (Self-Hosted only): Resolved a bug in Kubernetes manifest formatting that was preventing upgrades

• [Airgap Self-Hosted Only] Fixed a bug where customers could not toggle dry-run/read-only modes, nor update org-wise notification settings.
• [Self-Hosted only]: Fixed a bug in kubernetes manifest formatting that prevented upgrades.

• Fixed a bug where assets were still selected after removing from Bundle
• Updated Jira integration to use their new search endpoint. You must update or Opal cannot query the status of existing tickets during sync.

• Fix bug on Owners group escalation policy where opening the edit form would not reflect the current state of the policy when on
• Adding support for startTLS over smtp connections using port 587

• Improved Risk Center page performance
• Fixed a bug in UARs where some groups and resources were not appearing in the generated PDF