Skip to main content


These are the release notes for the v1.13.0 release of Backstage.

A huge thanks to the whole team of maintainers and contributors as well as the amazing Backstage Community for their hard work in getting this release developed and done.


This release has an important security fix, along with a lot of squashed bugs and exciting additions! Enjoy.

BREAKING: Removed the Tabs core component

The Tabs component was removed from @backstage/core-components. It was a thin shim that provided very little value and was considered confusing, when the native Material UI tabs were already fully usable out of the box. Check out the pull request below for more details.

Contributed by @tudi2d in #16587

BREAKING: GitlabDiscoveryEntityProvider branch handling

The way that the GitlabDiscoveryEntityProvider handles branches has changed, to remove the confusion of whether you want to force the use of a certain branch name or whether you just want to provide a fallback branch name. If you were passing in the branch parameter intending it to be just a fallback, you may want to rename it to fallbackBranch.

Contributed by @Andy2003 in #16502

BREAKING: Kubernetes backend

The Kubernetes backend is receiving some really nice overhauls to prepare it for the future and streamlining its interfaces. There are a few breaking changes in there, but not everyone is affected by them. Rather than listing each breaking change individually, check out the package changelog for more information if you see new type errors after upgrading.

TypeScript 5

The Backstage project is now built with the new v5 version of TypeScript! This meant making some small adjustments to types here and there, but we do not expect any end user impact besides having even better and clearer TypeScript support.

You are now able to upgrade your own project to depend on version 5 of TypeScript, should you desire to - it’s an optional upgrade on your end and our libraries should still work fine with version 4 of TypeScript as well.

Added in #17094

Automated orphaned entity cleanup in the catalog

There is a new catalog.orphanStrategy app-config option for the catalog, allowing adopters to enable automatic cleanup of so-called "orphaned" entities. This helps with common use cases where catalog-info files are moved around or renamed, or where entities within a single catalog-info file are partially removed.

The default behavior is unchanged, i.e. if you do not explicitly set this new option to 'delete', orphaned entities will still stay around and await manual deletion.

Added in #17363

Scaffolder Filters

You can now use some new filters in your placeholder expressions in Scaffolder templates. This gives the ability to combine things like:

${{ parameters.entity | parseEntityRef | pick('name') }}

to get the name of a specific entity, or

${{ parameters.repoUrl | parseRepoUrl | pick('owner') }}`

to get the owner of a repo.

Added in #17091

Scaffolder Permissions

Support for template permissions has finally landed in the Scaffolder!

This allows you to define a backstage:permissions property to parameters and steps which is then used to authorize part of the template using the permissions framework. Docs for this feature is a work in progress still, it’s that fresh out of the oven!

Contributed by @vinzscam and @HHogg in #15798

Experimental CLI onboard command

We are experimenting with a new onboard command for the Backstage CLI. It’s still early days, but the intent is to help adopters with some common tasks in the early onboarding / evaluation phase.

Contributed by @marcuseide in #16526

OpenAPI utilities

Backstage now has experimental support for declaring OpenAPI schemas for your services, and automatically building type safe routers out of them. The Catalog plugin is the first user of these facilities.

This comes in the form of a @backstage/backend-openapi-utils Node package assists with the type trickery, and the new schema:openapi:verify and schema:openapi:generate commands in the @backstage/repo-tools CLI package.

Contributed by @sennyeya in #15667

Experimental inline auth flows

There’s new support for running auth flows inline in the current page instead of in a separate popup window, enabled via the enableExperimentalRedirectFlow app-config parameter. This will allow the use of some providers that do not support popup flows. It’s still an experimental feature, but do try it out if this applies to you!

Contributed by @headphonejames in #15841

New plugin: PuppetDB

Visualize your data from PuppetDB!

Contributed by @tdabasinskas in #17260

New catalog entity provider: GithubMultiOrgEntityProvider

This provider lets you ingest org data (users and groups) into your catalog more easily from multiple orgs in one fell swoop. Give it a try!

Contributed by @kuangp in #17285

New Scaffolder actions

  • confluence:transform:markdown: This action converts Confluence doc pages to Markdown and can be found in the @backstage/plugin-scaffolder-backend-module-confluence-to-markdown package. Contributed by @tradcliffe-expediagroup in #16820
  • fetch:plain:file is the natural sibling to fetch:plain, but fetching individual files instead of directories. Contributed by @gavlyukovskiy in #16935

Search now supports the new backend system!

Search is now available to use in the new backend system! The plugin itself has a new searchPlugin alpha export, and most of the collators etc are available as modules for it. The following packages have been created or updated as part of this:

  • @backstage/plugin-search-backend
  • @backstage/plugin-search-backend-module-explore
  • @backstage/plugin-search-backend-module-elasticsearch
  • @backstage/plugin-search-backend-module-pg
  • @backstage/plugin-search-backend-module-explore
  • @backstage/plugin-search-backend-module-techdocs

For documentation on how to migrate, check out the convenient how-to guide.

Contributed by @emmaindal and @camilaibs in #16710

Security Fixes

A security flaw in the vm2 package used by the Scaffolder plugin was patched by our automated security processes in #17296. The fixed version of vm2 was already covered by the required version range of the Scaffolder plugin, so adopters are able to address this vulnerability separately without upgrading Backstage itself, as part of their regular security processes.

Upgrade path

We recommend that you keep your Backstage project up to date with this latest release. For more guidance on how to upgrade, check out the documentation for keeping Backstage updated.

Below you can find a list of links and references to help you learn about and start using this new release.

Sign up for our newsletter if you want to be informed about what is happening in the world of Backstage.