Security
- Secure SAML signing defaults (#2824)
- Harden SAML deployment defaults (#2825)
- Hardcode require signed SAML responses (#2826)
Integrations
- Add duckdb S3 + HTTP-header secrets and pin extensions (#2821)
- Add Cloudflare admin SDK (#2818)
- Add Kubernetes admin SDK (#2820)
- LeakCheck secret name (#2830)
- Exa registry templates (#2803)
Agents
- Bump model catalog (#2845)
Enhancements
- Add MCP skill management tools (#2812)
- Add batch table row tools (#2796)
- Add agent folder tools (#2823)
- Add duckdb S3 + HTTP-header secrets and pin extensions (#2821)
- Restructure Tracecat best practices (#2834)
- Add include_headers toggle to webhook trigger (#2837)
- Add case dropdown management tools (#2847)
Bug fixes
- Yield while spawning scheduler tasks (#2802)
- Collect for_each loop errors (#2795)
- Report OAuth-backed registry actions as configured (#2829)
- Don't mark actions unconfigured for optional secrets (#2832)
- Avoid portless port collision (#2844)
- Delete users with dependency cleanup (#2815)
- Workspace model selection scroll (#2846)
- Resolve current org for multi-org users (#2813)
- Clean up org-scoped user removal (#2814)
Documentation
Dependencies
- Bump vulnerable deps; pin carets (#2838)
Full Changelog: 1.0.0-beta.49-rc.4...1.0.0-beta.49-rc.5