2026-05-11
Upgraded Concourse to 8.1.1
Concourse has been upgraded from 8.0.2 to 8.1.1, new pipeline features, several bug fixes, and security updates.
New features
- Wolfi base image — The
concourse/concourseDocker image and all built-in resource-types now use Wolfi as their base image. - Pipeline identity token — The pipeline identity token can now be used as a native
var_sourcecredential manager. See the docs for details. - S2 compression — New S2 compression option for streaming container volumes, improving performance.
CONCOURSE_POSTGRES_APPLICATION_NAME— New environment variable to name the PostgreSQL connection on the web node.
UI & security improvements
- Pipeline name now shows a tooltip with the last updated date on hover.
SameSiteattribute added to authentication and CSRF cookies.- Identifiers in configs can now start with a number.
fly improvements
fly destroyno longer asks for confirmation if the pipeline does not exist.- Unknown fields in inline task configs are now validated.
- Improved error handling during
fly loginvia async XHR.
Security fixes (8.1.1)
- Symlink breakout — A
BreakoutErroris now returned when a symlink points outside the destination directory. - Static containerd binaries — containerd, runc, and CNI plugin binaries are now statically compiled from Wolfi, eliminating Go-related CVEs. No known CVEs in the Linux tarball at time of release.
Resource-type updates
| Resource | Version |
|---|---|
git | v1.22.0 |
registry-image | v1.16.0 |
s3 | v2.5.3 |
github-release | v1.13.2 |
docker-image | v1.12.4 |
semver | v1.11.2 |
time | v1.11.2 |
pool | v1.7.2 |