Skip to main content

Changelog

See what's new with Windmill.

Watch latest Windmill weekly keynotes

Weekly keynotes are hosted on Discord and Youtube on Friday at 5:45 pm CET+1.

See the Windmill roadmap and what's coming next

Roadmap

5 posts tagged with "Self-hosting"

View All Tags

Force sandboxing

Self-hostingSecurityv1.634.0
Docs

Instance-level setting to enforce nsjail sandboxing across all jobs, and per-script #sandbox annotation for bash scripts.

New features

  • job_isolation instance setting with nsjail_sandboxing value to enforce sandboxing for all jobs.
  • Sandboxing enabled when either job_isolation is set or DISABLE_NSJAIL=false.
  • #sandbox bash annotation to enable sandboxing for individual bash scripts.
  • Nsjail always probed at startup regardless of DISABLE_NSJAIL setting.

Health endpoints

Self-hostingv1.633.0
Docs

Unauthenticated and authenticated health endpoints for monitoring Windmill instances. Includes Prometheus metrics, Kubernetes readiness probe support, and detailed diagnostics.

New features

  • Unauthenticated /api/health endpoint with 5-second cache for lightweight uptime checks.
  • Authenticated detailed endpoint returning database latency, connection pool stats, worker groups, and queue depth.
  • Prometheus metrics: health_status_phase, health_database_latency_ms, health_active_workers, health_queue_depth.
  • SILENCE_HEALTH_LOGS environment variable to suppress health check log noise.

PocketID OAuth provider

AuthenticationSelf-hosting
Docs

PocketID is now supported as an SSO provider. Configure it from instance settings with your PocketID base URL, and OIDC endpoints are derived automatically.

New features

  • PocketID as a new SSO/OAuth provider
  • Automatic OIDC endpoint generation from base URL
  • Custom display name for the login button

Password reset via SMTP

AuthenticationSelf-hosting
Docs

Users can now reset their password from the login page when SMTP is configured on the instance. A "Forgot password?" link sends a time-limited reset email (1 hour expiry). The flow prevents email enumeration by always showing a success message.

New features

  • "Forgot password?" link on the login page
  • Secure token-based reset flow with 1-hour expiry
  • Email enumeration protection

Quiet mode for workers

WorkersSelf-hosting
Docs

Set QUIET=true on workers to suppress verbose per-job logs (fetched job, started handling, job finished) and reduce periodic log frequency by 10x. Useful for reducing log noise in production.

New features

  • QUIET environment variable to reduce worker log verbosity
  • Suppresses per-job lifecycle logs
  • Reduces periodic "still running" and memory snapshot log frequency by 10x
Changelog archive