Skip to main content
nx1-deployer image v1.14.0
The June 2026 release for non-web portal users introduces new API endpoints across AutoML, data migration, and policy management. It also adds an NX1 LLM router and new Keycloak roles.

New features

New features recently added to the NexusOne platform.

AutoML feature engineering

You can now delete a feature engineering proposal using the Delete a feature engineering proposal endpoint.

AutoML training

You can now check the live status of multiple training jobs in a single call using the Bulk reconcile job statuses endpoint.

Crew templates

You can now run Crew configuration templates using the Run template endpoint.

Data migration

You can now manage the full lifecycle of a data migration between storage formats or files using the following endpoints:

Data shares

You can now manage access to Gravitino shared datasets with Keycloak realm roles using the following endpoints:

Documents

You can now delete a document or browse DataHub tags, glossary-terms, and domains to use when classifying documents, using the following endpoints:

New Keycloak roles

The following roles are now available in NexusOne and you can assign them to users:
  • AutoML roles
    • nx1_automl_admin: Manage AutoML pipelines and model deployments
    • nx1_automl_user: Run feature engineering workflows and deploy ML models
  • Data migration roles
    • nx1_migration_admin: Run data migrations and manage data policies
    • nx1_migration_ops: Manage and monitor data migration operations
    • nx1_migration_user: View data migration run status
  • Document management roles
    • nx1-document-admin: Upload and manage user documents, tied to DataHub
    • nx1-document-user: Upload and classify documents, tied to DataHub
  • LLM Router roles
    • nx1_llm_admin: Configure routing rules and monitor the LLM router via the dashboard
    • nx1_llm_user: Send requests to LLM models via the LLM router
    • nx1_airouter_admin: Manage and update AI router settings
    • nx1_airouter_viewer: View AI router settings
  • Shared Trino role
    • trino-admin: Manage Trino queries and catalogs across all users

Identity

You can now verify your resolved identity and Keycloak roles, or check authorization at the Envoy/nginx proxy level, using the following endpoints:

Infrastructure configuration

You can now manage infrastructure configuration, test Airflow connections, and retrieve default values for migration runs using the following endpoints:

Kyuubi high availability

Kyuubi now runs across multiple pod replicas, so there’s no single point of failure. Engine-level query authentication is on by default, so only authorized users can access your query sessions.

NX1 LLM router

The NX1 LLM router is a new Envoy-based gateway for managing AI traffic. It supports the following:
  • Policy-based routing
  • Semantic caching
  • Request auditing
It also comes with two Grafana dashboards to give you visibility into operations and service performance. The LLM router accepts the standard /v1/chat/completions format. Clients such as the OpenAI SDK, LangChain, or LlamaIndex can send requests directly to the router. Anthropic Claude is the default backend. A NexusOne administrator can also configure a self-hosted Ollama model instead. Contact one if you need to.

Policy management

You can now manage Apache Ranger data access policies and sync Keycloak groups using the following endpoints:

Tools

You can now browse the full catalog of available AI agent tools, grouped by category, using the List agent tool catalog endpoint.

Bug fixes

Fixes to issues affecting apps or features on the NexusOne platform.

Metastore hardened base image

Metastore now ships on a hardened base image with no known CVEs at build time.

Enhancements

Enhancements to existing app features on the NexusOne platform.

Multiple S3 gateway instances

You can now run multiple S3 gateway instances, each backed by Amazon S3, HDFS, or Azure storage. HDFS support includes Kerberos authentication and namenode metadata-server failover. Instances scale based on traffic demand when Kubernetes Event-driven Autoscaling (KEDA) is available. Otherwise, they fall back to Horizontal Pod Autoscaler (HPA).

Standalone Ranger authorization service

Ranger policy enforcement now runs as its own namespace-scoped service in NexusOne. As a result, other components in your tenant can share it. It used to run as a sidecar bundled inside the NexusOne S3 gateway service.

Trino S3 spooling and nested namespaces

Trino now supports client protocol spooling, which buffers large query results in S3 so clients can retrieve them without holding an open connection. It also supports nested namespaces in the Iceberg REST catalog, giving you more flexibility in how you organize your data.

Gravitino

Gravitino integrates directly with the new Ranger Authorization service for access control on data shares.

Upgrades

Version upgrades to existing apps on the NexusOne platform.

Airflow v3.2.2 upgrade

Airflow now runs v3.2.2, with the UI now using the NX1 branded UI color palette.

Apache Superset v6.1 upgrade

Apache Superset now runs the v6.1 build, with the UI now using the NX1 branded UI color palette.

DataHub v1.4.0.3-nx1 upgrade

DataHub now runs v1.4.0.3-nx1, and includes CVE remediation and bundled pip packages for source connectors.

Gravitino v1.2.7 upgrade

Gravitino now runs v1.2.7. Access to your data catalogs is now enforced through Ranger, which gives you fine-grained control over who can see what.

Kyuubi v1.11.3 upgrade

Kyuubi now runs v1.11.3.

Metastore v3.0.13 upgrade

Metastore now runs v3.0.13, built on a hardened base image with no known CVEs at build time.

Portal and NLP v1.637 upgrade

The NexusOne portal and its backend API, NLP, now run v1.637, with policy management and data migration capabilities enabled. NLP API calls to S3 now also use a configured region. Previously, S3 operations could fail if your S3 bucket was outside the default region.

Spark v3.5.6-nx1.21 upgrade

Spark now runs v3.5.6-nx1.21.