# 2.6 Changelogs ## v2.6.2 Released: 2025-10-16 ### Access Grant Service #### Bugfix Linking an Access Grant to an Access Request using the `request` predicate now correctly updates the status of the Access Request at the query endpoint. Usage of the newly introduced `verifiedRequest` predicate is unchanged. ## v2.6.1 Released: 2025-09-29 ### All services #### **Security Fixes** **CRITICAL:** Fixed mTLS configuration for internal provision endpoints introduced in 2.6.0. ## v2.6.0 Released: September 2025 ## Services ### **Platform Management Service** **Additions** * New Platform Management service enables administrators to provision user accounts and resources before users access the system. For more information, see [Platform Management Services](https://docs.inrupt.com/ess/latest/services/service-platform-management). * HTTPS API for administrative user provisioning supports bulk user onboarding and preparation of user environments in advance. * When upgrading to ESS 2.6.0, the Platform Management service should use the same database that is used by the Purger service. ### **Authorization Service** **Updates** * Enhanced to manage more dynamic, fine-grained and extensible authorization checks other than ACP. It can now manage authorization of access for Agents, WebID + Storage root resources and other ESS Endpoints. The new permission models allows Service Account Agent access to resources on a User's behalf during provisioning in admin mode before activation. ### **WebID Service** **Updates** * The `webid-created` audit event no longer includes the `name` field in the actor section. * Service now allows Service Account Agent access to WebID resources on a User's behalf during provisioning in admin mode before activation. ### **Storage Service** **Updates** * Service now allows Service Account Agent access to Storage resources on a User's behalf during provisioning in admin mode before activation. ### **Access Grant Service** **Updates** * Service now allows Service Account Agent access to issue Access Credentials on a User's behalf during provisioning in admin mode before activation. ### **Start Service** **Updates** * Improved agent authorization checks with the Authorization service. ### **Provision Service** **Updates** * Improved agent authorization checks with the Authorization service. ### **Notification Service** **Updates** * Improved agent authorization checks with the Authorization service. ### **Purger Application** **Updates** * Base directory changed from `kubernetes/bases/ess-purger-job/` to `kubernetes/bases/platform/ess-purger-job/` as part of the Platform Management service collection. ### **All services** **Updates** * New configuration variables have been introduced to configure the keys used for message encryption on Kafka (see [the Kafka configuration doc page](https://docs.inrupt.com/ess/latest/services/appendix/appendix-kafka-configuration) for details): * `INRUPT_KAFKA_MASTER_KEYS_` defines keys which can be used for encryption and decryption * `INRUPT_KAFKA_ACTIVE_KEY_ID` defines the active key-id used by message producers for encryption