Dynamic Engine v1.6.0 release
Dynamic Engine
v1.6.0 improves workload hardening, security upgrades, softer requirements on storage,
and broader support for cloud platforms.
Release information
- Release Name: Dynamic Engine 1.6.0 (June 2026)
- Release Date: June 18, 2026
- Compatibility: Kubernetes v1.30 and above
Notable new features
| Feature | Description | Ticket | Related documentation |
|---|---|---|---|
| Dynamic Engine error reporting | Reported errors to Talend Management Console by leveraging log4j and fluent-bit, and aligned error handling. | DPE-3204 | No dedicated configuration guidance. This change is primarily implementation-level behavior improvement. |
| Job status consistency | Added pending Job status messaging and unified Job/Pod status utility methods. | DPE-3127 | No dedicated configuration guidance. This change is primarily runtime status reporting behavior improvement. |
| Image profile management | Added support for K8S:ImageProfile to select standard or minimal images. | DPE-3017, DPE-3024 | See Using minimal images. |
| Pod disruption and labeling | Added PodDisruptionBudget support for Data Services and Routes and Data Integration Jobs, and added the missing job-name label. | DPE-3060 | See Configuring PodDisruptionBudget. |
| Job security context controls | Made Job securityContext and securityContextConstraint configurable. | DPE-2207, DPE-3084 | See Configuring security context. This topic covers configuration of the full security context mechanism and does not describe each ticket-specific code change. |
| Deployment stability | Reduction of avoidable service rollouts during no-op or low-impact configuration upgrades. | DPE-3113 | No dedicated configuration guidance. This change is primarily runtime rollout behavior optimization. |
| PVC removal | Removed persistent volume claim usage from targeted runtime flows. | DPE-2507 | See Deploying Dynamic Engine with existing PersistentVolumeClaims. |
| Java 21 support | Added runtime support for Java 21 workloads. | DPE-1854 | See Resource settings for Talend Management Console task executions. |
| Network policies | Added network policy support for workload communication hardening. | DPE-2484 | See Deploying Dynamic Engine with default network policies. |
| Automode support for managed Kubernetes | Added automode support for AWS EKS and Google GKE. Azure AKS is not officially supported yet because the validation is not completed, but it should already work. | DPE-1949, DPE-1950 | See Managed Kubernetes operating modes. |
Key improvements and fixes
- DPE-3198: Improved configuration readiness checks and protected services before runtime initialization
- DPE-3109: Added validation for JVM arguments
- DPE-3078: Made ActiveMQ health checks non-blocking by using TransportListener
- DPE-3119: Restricted Hybrid Control Plane (HCP) reconciliation to environments where GKE and HTTPRoute are detected
- DPE-3230: Fixed vulnerability issues in org.apache.activemq:activemq-client 6.2.5 package set
- DPE-3074, DPE-3056: Improved image handling by supporting deployments without Docker authentication and avoiding duplicated image paths
Security CVE improvements
The following CVE remediations are included in v1.6.0, grouped by component for reference.
- io.netty (26 CVEs): CVE-2026-42583, CVE-2026-44894, CVE-2026-50009, CVE-2026-42579, CVE-2026-41417, CVE-2026-42580, CVE-2026-42581, CVE-2026-42584, CVE-2026-42585, CVE-2026-50020, CVE-2026-42587, CVE-2026-47244, CVE-2026-48043, CVE-2026-50560, CVE-2026-42582, CVE-2026-44892, CVE-2026-48748, CVE-2026-44249, CVE-2026-45416, CVE-2026-50010, CVE-2026-42578, CVE-2026-45673, CVE-2026-45674, CVE-2026-47691, CVE-2026-42577, CVE-2026-45536
- io.vertx_vertx-core (1 CVE): CVE-2026-6860
- java (7 CVEs): CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-34268, CVE-2026-34282
- idna (1 CVE): CVE-2026-45409
- opentelemetry-extension-trace-propagators (1 CVE): CVE-2026-45292
- org.apache.activemq_activemq-client (6 CVEs): CVE-2026-42253, CVE-2026-42588, CVE-2026-45505, CVE-2026-46605, CVE-2026-49157, CVE-2026-49270
- pip (1 CVE): CVE-2026-8643
- spring-security-core (6 CVEs): CVE-2026-40988, CVE-2026-40993, CVE-2026-41003, CVE-2026-41008, CVE-2026-41694, CVE-2026-41706
- tomcat-embed-core (7 CVEs): CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43512, CVE-2026-43513, CVE-2026-43514, CVE-2026-43515
- urllib3 (2 CVEs): CVE-2026-44431, CVE-2026-44432
Included services
| Helm chart name | Chart version | Scope | Artifact path |
|---|---|---|---|
| dynamic-engine-crd | 1.6.0 | Custom resource definitions | ghcr.io/talend/helm/dynamic-engine-crd |
| dynamic-engine | 1.6.0 | Dynamic Engine infrastructure | ghcr.io/talend/helm/dynamic-engine |
| dynamic-engine-environment | 1.6.0 | Dynamic Engine environment | ghcr.io/talend/helm/dynamic-engine-environment |
| Service | Image version | Feature | Artifact path |
|---|---|---|---|
| engine-operator | 1.7.0 | Infrastructure | ghcr.io/talend/engine-operator |
| reloader | v1.4.16 | Infrastructure | ghcr.io/talend/reloader |
| docker-registry | 3.1.0 | Infrastructure | ghcr.io/talend/registry |
| engine-config-manager | 1.15.0 | Pairing | ghcr.io/talend/engine-config-manager |
| di-job-deployer | 2.28.0 | Data Integration | ghcr.io/talend/di-job-deployer |
| di-job-controller | 2.26.0 | Data Integration | ghcr.io/talend/job-controller |
| di-job-restore-orphans | 1.23.0 | Data Integration | ghcr.io/talend/di-job-restore-orphans |
| log-collector | 1.13.0 | Common | ghcr.io/talend/dynamic-engine-log-collector |
| fluent-bit | 4.2.4 | Common | ghcr.io/talend/fluent-bit |
| data-service-route-deployer | 1.15.0 | Data Services and Routes | ghcr.io/talend/data-service-route-deployer |
| image-builder | 1.13.0 | Data Services and Routes | ghcr.io/talend/image-builder |
| metrics-agent | 0.3.0 | Metrics | ghcr.io/talend/dynamic-engine-metrics-agent |
| metrics-config-manager | 0.3.0 | Metrics | ghcr.io/talend/dynamic-engine-metrics-config-manager |
Artifact signature verification
Qlik provides digital signatures for all official images and Helm charts from Dynamic Engine v0.22 onwards. All artifacts are signed at build time with an asymmetric key pair: the private key is used for signing, and the public key is made available for signature verification.
For further information about this optional authenticity check of Dynamic Engine artifacts, see Security option: Verifying Dynamic Engine artifact signatures.