# 2.6 Changelogs ## v2.6.2 Released: 2025-10-16 ### Access Grant Service #### Bugfix Linking an Access Grant to an Access Request using the `request` predicate now correctly updates the status of the Access Request at the query endpoint. Usage of the newly introduced `verifiedRequest` predicate is unchanged. ## v2.6.1 Released: 2025-09-29 ### All services #### **Security Fixes** **CRITICAL:** Fixed mTLS configuration for internal provision endpoints introduced in 2.6.0. ## v2.6.0 Released: September 2025 ## Services ### **Platform Management Service** **Additions** * New Platform Management service enables administrators to provision user accounts and resources before users access the system. For more information, see [Platform Management Services](/ess/latest/services/service-platform-management.md). * HTTPS API for administrative user provisioning supports bulk user onboarding and preparation of user environments in advance. * When upgrading to ESS 2.6.0, the Platform Management service should use the same database that is used by the Purger service. ### **Authorization Service** **Updates** * Enhanced to manage more dynamic, fine-grained and extensible authorization checks other than ACP. It can now manage authorization of access for Agents, WebID + Storage root resources and other ESS Endpoints. The new permission models allows Service Account Agent access to resources on a User's behalf during provisioning in admin mode before activation. ### **WebID Service** **Updates** * The `webid-created` audit event no longer includes the `name` field in the actor section. * Service now allows Service Account Agent access to WebID resources on a User's behalf during provisioning in admin mode before activation. ### **Storage Service** **Updates** * Service now allows Service Account Agent access to Storage resources on a User's behalf during provisioning in admin mode before activation. ### **Access Grant Service** **Updates** * Service now allows Service Account Agent access to issue Access Credentials on a User's behalf during provisioning in admin mode before activation. ### **Start Service** **Updates** * Improved agent authorization checks with the Authorization service. ### **Provision Service** **Updates** * Improved agent authorization checks with the Authorization service. ### **Notification Service** **Updates** * Improved agent authorization checks with the Authorization service. ### **Purger Application** **Updates** * Base directory changed from `kubernetes/bases/ess-purger-job/` to `kubernetes/bases/platform/ess-purger-job/` as part of the Platform Management service collection. ### **All services** **Updates** * New configuration variables have been introduced to configure the keys used for message encryption on Kafka (see [the Kafka configuration doc page](/ess/latest/services/appendix/appendix-kafka-configuration.md) for details): * `INRUPT_KAFKA_MASTER_KEYS_` defines keys which can be used for encryption and decryption * `INRUPT_KAFKA_ACTIVE_KEY_ID` defines the active key-id used by message producers for encryption --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inrupt.com/ess/2.6/releases/changelog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.