v26.6.0

Features

• feat: add rhcustom provider to legacy settings.json configuration (#2776) @snecklifter

Fixes

• fix: block command injection in EE settings (#2804) @Hrithik-Gavankar
• fix(mcp): prevent path traversal in MCP server tools (CVE-2026-44192) (#2801) @shatakshiiii
• fix: validate activation script path to prevent command injection (#2800) @shatakshiiii
• fix: sanitize playbook filename to prevent command injection (#2799) @shatakshiiii
• fix: prevent API key disclosure via settings (#2796) @cidrblock
• fix(ci): fix lint and test-setup failures on main (#2795) @Hrithik-Gavankar

Maintenance

• chore(deps): update pnpm to v11.5.0 (#2813) @renovate[bot]
• chore(deps): lock file maintenance (#2791) @renovate[bot]
• chore: avoid creating deployment for ci workflow run (#2817) @ssbarnea
• refactor: unify path validation into shared helper (#2802) @shatakshiiii
• chore: upgrade pnpm to 11.x (#2808) @ssbarnea
• chore: upgrade node to 24.15 (#2809) @ssbarnea
• chore: use arm64 macos runner (#2811) @ssbarnea
• chore: sync agent skills from team-devtools (#2803) @ansibuddy
• chore(deps): update github actions (#2793) @renovate[bot]

v26.5.0

Features

• feat(mcp): publish container image on ghcr.io (#2780) @cidrblock

Fixes

• fix: Remove ansible-creator version checks from devfile/devcontainer views (#2790) @alisonlhart
• fix: add auto-detection for common Ansible content files (#2782) (#2785) @rockygeekz

Maintenance

• docs(mcp): add client setup guides (#2783) @cidrblock
• chore(deps): update dependency @google/genai (#2789) @renovate[bot]
• chore(deps): bump vite from 8.0.3 to 8.0.5 in the npm_and_yarn group across 1 directory (#2717) @dependabot[bot]
• chore(deps): lock file maintenance (#2716) @renovate[bot]

v26.4.7

• fix(mcp): use CJS entry point for bin (#2779) @cidrblock

v26.4.6

Fixes

• fix(mcp): copy resource data files to build output directory (#2777) @shatakshiiii
• fix: skip LLM initialization when Lightspeed is disabled (#2775) @rockygeekz

Maintenance

• chore(deps): update sonarsource/sonarqube-scan-action action to v8 (#2778) @renovate[bot]

v26.4.5

Fixes

• fix: bridge Python environment selection to content creator commands
  (#2763) @alisonlhart
• fix(mcp): restore MCP server activation in packaged extension (#2766) @shatakshiiii
• fix: resolve content creator webview rendering and interaction issues (#2762) @anusshukla
• fix: complete build isolation - no HOME pollution, no files outside out/ (#2757) @rockygeekz
• fix: bridge Python environment selection to Language Server (#2761) @anusshukla
• fix(mcp): add repository field and relax perf test (#2758) @anusshukla
• fix: 'nil' ansible-lint upgrade value in metadata display (#2737) @alisonlhart

Maintenance

• chore(deps): update pnpm to v10.33.2 (#2768) @renovate[bot]
• chore(deps): update github actions (#2760) @renovate[bot]
• chore: Only run precheck task in CI (#2759) @alisonlhart

v26.4.4

What's Changed

Bug Fixes

• fix(als): Change path for ALS binary installation to CJS instead of ESM (#2755)
  • Fixes ansible-language-server binary crashing with "Dynamic require of util is not supported" when invoked via npm/Mason
  • Changes bin field from dist/cli.js (ESM) to dist/cli.cjs (CJS)
  • Fixes #2754

Other Changes

• chore(deps): update github actions (#2729)

Full Changelog: v26.4.3...v26.4.4

v26.4.3

What's Changed

Bug Fixes

• fix(als): handle client/registerCapability rejection in non-VS Code LSP clients (#2753)
  • Adds .catch() handlers to connection.client.register() calls for DidChangeConfigurationNotification and DidChangeWatchedFilesNotification
  • Prevents ALS from crashing with exit code 1 when used in LSP clients that don't respond to client/registerCapability requests (e.g., Claude Code, Neovim built-in LSP)
  • Downgrades registration failures to console.warn with actionable messages
  • Adds unit tests for the rejection handling

Other Changes

• feat: replace Selenium UI tests with WebDriverIO (#2746)

Full Changelog: v26.4.2...v26.4.3

v26.4.2

Fixes
fix(ci): disable checkout clean on self-hosted runners (#2733) @cidrblock
fix(als): debounce config change invalidation (#2750) @cidrblock
fix(e2e): batch EE settings to avoid ALS race (#2749) @cidrblock
fix(als): await EE plugin doc copy before scan (#2748) @cidrblock
fix(ci): bump e2e download timeout to 60s (#2747) @cidrblock
fix(ci): remove root-owned files before git clean on WSL (#2741) @anusshukla
fix: add PET detection and Python extension fallback (#2731) @cidrblock
fix(ci): remove Podman overlays before checkout on WSL (#2738) @anusshukla
fix(ci): clean root-owned overlays on WSL runner (#2732) @cidrblock
fix(ci): remove root-owned files before git clean on WSL (#2741) @anusshukla
Tests
test(ui): skip flaky Selenium tests on CI (#2745) @anusshukla
Maintenance
Revert "fix(ci): wait for code-server before UI selenium tests" (#2724) @ssbarnea
chore: release drafter v7 workaround (#2725) @ssbarnea
chore: recognize conventional commit contexts (#2723) @ssbarnea

v26.4.0

Features

• feat: restore webview HMR with Vite dev server (#2703) @goneri

Fixes

• fix: update zod to v4 (#2706) @ssbarnea

Maintenance

• chore(deps): lock file maintenance (#2679) @renovate[bot]
• chore: ensure extension activation before MCP command registration tests (#2711) @rockygeekz
• chore: avoid uploading codecov reports on scheduled jobs (#2710) @ssbarnea
• chore: workaround npm publish bug (#2709) @ssbarnea
• chore(deps): update pnpm to v10.33.0 (#2705) @renovate[bot]

v26.3.5

Fixes

• fix: update all node deps (#2701) @ssbarnea
• fix: replace yarn with pnpm (#2699) @ssbarnea
• fix: remove @tomjs/* dependencies (#2689) @goneri
• AAP-69248: WCA OAuth ignores custom Lightspeed URL configuration (#2675) @hasys

Maintenance

• chore: make build less verbose (#2704) @ssbarnea
• chore: use OIDC for npmjs publishing (#2702) @ssbarnea
• chore: more eslint config cleanup (#2688) @ssbarnea
• chore(deps): update node.js to v24.14.1 (#2692) @renovate[bot]
• chore(deps): update codecov/codecov-action action to v6 (#2697) @renovate[bot]
• chore(deps): update dependency handlebars to v4.7.9 [security] (#2694) @renovate[bot]