1.23
These release notes cover changes made to the Private Mendix Platform in version 1.23.
1.23.0
Release date: June 26, 2025
Version 1.23.0 of Private Mendix Platform introduces a number of new features, improvements, and bug fixes.
New Features
Vault Available as Secret Storage
We have enabled the use of Vault as external secret storage for Private Mendix Platform. For more information, refer to the Private Mendix Platform Quick Start Guide.
NIST SP 800-53 Improvements
In addition to various features and improvements released in previous versions, we have made the following improvements to make Private Mendix Platform compliant with the NIST SP 800-53 Cybersecurity framework:
-
Running Private Mendix Platform on AWS GovCloud:
- Proved that Private Mendix Platform can be installed and run on AWS GovCloud.
- Identified and documented any gaps for successful running of Private Mendix Platform on AWS GovCloud.
- Proved that Private Mendix Platform can be installed and run on AWS GovCloud in FIPS mode.
- Identified and documented any gaps for successful running of Private Mendix Platform on AWS GovCloud in FIPS mode.
- Implemented automated deployment and testing of new Private Mendix Platform releases for compatibility with AWS GovCloud.
- Implemented the automated E2E testing (auto-provision, auto-test, and so on) also on AWS GovCloud.
-
Login screen improvements:
- Added support for configuring a login banner or pop-up that can show large amount of privacy and security notices, to which the user must agree in order to continue.
-
DevOps improvements:
- Added a toggle to disable the default MxAdmin account for all deployed apps.
-
IAM and governance - user account improvements:
- Added a toggle to disable inactive user accounts after a configurable time limit.
- Added configurable session expiration, so that active users are automatically logged out after a configurable session duration.
- Added configurable idle session timeout, so that idle users are automatically logged out after a configurable period of inactivity.
- Added a failed logon lockout capability, with the number of failed tries and lockout time period being configurable.
- Made the session lock duration and timeout configurable, so that users’ screens are automatically locked after a configurable period of inactivity.
- Allowed administrators to configure the amount of concurrent sessions for the same user account.
- Gave administrators the ability to force-logout any user, as well as all users.
-
IAM and governance - logging and auditing:
- Enabled the logging of every action by every role.
- Added the ability to configure what unit of time the audit logs are generated on.
- Increased the granularity of stored timestamps.
- Enabled outputting stored timestamps in a specific time zone.
- Added a setting to define logging to persist archive logs after the expiration of a configurable duration.
- Added the ability to directly write audit logs to an external database target.
- Added a setting to define the external logging target for real-time logging of events.
- Added the ability to set and test connection to multiple targets for writing logs.
- Enabled the activity log to use the Private Mendix Platform email notifications, if configured.
- Added a setting that alerts a customer-configured email to any audit logging failures.
- Added the ability to generate an on-demand audit with custom settings.
Improvements
Pipeline Improvements
We have updated the Build and Deploy pipeline to support app building blocks and address the CVE-2025-4949 fix.
UI Improvements
We have redesigned the Build Settings page to improve user experience.
Updates
Studio Pro Updates
- Studio Pro 9.24 LTS latest patch version updated to 9.24.35 (production support)
- Studio Pro 10.6 MTS latest patch version updated to 10.6.24 (innovation track, limited support)
- Studio Pro 10.12 MTS latest patch version updated to 10.12.17 (innovation track, limited support)
- Studio Pro 10.18 MTS support has been postponed due to incompatibility issues
Other Platform Components
- Mendix for Private Cloud Operator version 2.21.3
- Private Cloud License Manager (PCLM) version 0.10.3
- Svix Webhooks service version 1.65.0
Fixes
We have provided the following fixes:
-
(Platform) We have upgraded the Svix version from 1.62.0 to 1.65.0 to address the CVE-2024-56406 package vulnerability.
-
(Platform) We have addressed an issue with the import and export function.
-
(Platform) We have fixed an issue where users could not log out after unlocking the screen.
-
We have fixed vulnerabilities related to the following:
- CVE-2025-48734
- CVE-2025-4949
- CVE-2025-27817
-
(UI) We have made other, minor UI improvements and fixes.