Release Date: 11/15/2023


    • This release requires Docker 20 with the updated Compose Plugin, Compose V2. (Earlier versions of Docker and Docker Compose V1 are no longer supported.) For more details, see https://docs.docker.com/compose/migrate/.

  • Added new stack for the Ingress Router. It uses the same .env file as the base Nucleus stack and stands up an NGINX-based router for Nucleus with TLS enabled.

  • Added support for Nucleus bridge, allowing the Ingress Router (see above) to connect to Omniverse Cloud. This enables your Enterprise Nucleus Server to be accessible from streaming applications running in Omniverse Cloud.

  • Removed legacy standalone Navigator stack.

  • Components updates:

    • Core 1.14.25

    • Discovery Service 1.5.0

    • Auth Service 1.5.0

    • Search Service 3.2.7

    • Thumbnails Service 1.5.7

    • Tagging Service 3.1.7

    • Nucleus Navigator 3.3.3

View the detailed release notes



  • Connection libraries

    • [OMFP-2984/OMFP-3281] - Protect OmniChannelPtr in SendContext by adding refcount

  • API server

    • Fixing mutex scoping for outMsgMtx/mSubscriptionsLock.

    • Resolver logging fixes for utf-8

    • Minor quality fixes

    • [OM-102112] Add process stats command to the service API, set it to trip when we have no available fibers


  • [OMFP-2475] - Nucleus Apollo GDPR: Create Secure Port for Bearer Token (3106)

  • Add X-Forwarded-For header handling for setting peer IP

  • Fix notification order to reduce mutex holding time while notifying subscriptions

  • Obfuscate “token”: “<token>” fields in logs


  • Connection libraries

    • Update libcurl to 8.4.0

  • API server

    • [OM-95906] Structured logging

    • [OM-109929] Memory leak fix

    • [OMFP-1024] s3 bucket authorization is now supported by nginx resolver cache

    • [OMFP-1698] messaging and connection leak fix. deadlock resolution

  • LFT

    • [OMFP-1210] Do not check token validity when calling finalizeAssetCreate


  • Connection libraries



    • [Windows] in P12 format through OMNI_MTLS_CLIENT_CERTIFICATE/OMNI_MTLS_CLIENT_CERTIFICATE_PASS P12 certificate doesn’t need the private key to be specified separately, but might need a password to be specified (if the certificate was issued with the password)

    • [OM-102988] - Bugfix in mtls.toml parsing

  • API server

    • [OM-100900] Fix an issue when a signed URL to an Azure blob was rendered with an invalid file name


  • API server

    • [OM-106509] - Update OpenSSL to version 3.0, curl, LWS

    • [OM-95902] - Update zlib

    • [OM-96631] rename_user: service call in non-public API to implement a portion of GDPR requirements - this scrubs the meta database and renames all mentions of a specific username


  • Connection libraries

    • [OM-102988] mTLS improvements (supporting client certificate password for websocket connections and mtls.toml lookup)

  • Verifier

    • [OM-104743] option to prevent content check in Azure environment

  • Docker

    • Added metadata snapshotting and restore functionality


  • Connection libraries

    • [OM-74305] better detect certificate store paths on Linux in LFT code path

    • [OM-100198] supply JWT to LFT for all requests

    • [OM-91120] rename interface macros







  • API server

    • [OM-98423] do not verify JWT token between LFT <-> API

    • [OM-100672] fixing deadlock in Subscriptions

  • Docker

    • [OM-95771] change icmp nucleus server check to a tcp connect


  • API server

    • [OM-98815] Fixed a bug in the task scheduler

Discovery Service


  • Support structured logging. [OM-95906]

  • Support passing access_token to Discovery libraries. [OM-94834]

  • Support verifying incoming connections with the access_token query parameter. [OM-94502]

  • Add __interface_meta__ attribute with service meta for Python libraries.

  • Add warning for using default capabilities in the Python library.


  • Update Python 3.10 to use OpenSSL 3.0.10

Authentication Service


  • Support structured logging. [OM-95906]

  • Add a new function for invalidating refresh tokens by system administrators. [OM-86735]

  • Fixed an issue where refresh tokens were not invalidated after disabling user profiles. [OM-86734]

  • Support OpenID Connect for SSO. [OM-56114]

  • Nucleus to NLS Integration. [OM-70616]

  • Add MASTER_USER, MASTER_PASSWORD, and ADMIN_PASSWORD_OVERWRITE environment variables. [OM-92595]

  • Fixed an issue where query params were not included in the destination field for SAML2 requests. [OM-92395]

  • Integrate Starfleet Service Accounts. [OM-94506]

  • Device flow support. [OM-94323]

  • Fixed an issue where declined authentication results were sent via nonce subscription. [OM-96578]

  • Added groups from IDP tokens into the generated Nucleus token. Two new optional env vars were introduced to support this: SERVICE_AUTHORIZATION_FILE and OPENID_CLAIM_GROUPS [OM-96932]

  • Include detailed debug information displayed with authentication errors. [OM-99060]

  • Support verifying incoming connections with the access_token query parameter. [OM-94502]

  • Add optional client_id parameter for all APIs that generate access and refresh tokens.

  • Include claims passed from the IdP into Nucleus JWTs. [OM-103902]

  • Remove an API for user registration. [OM-109150]

  • Fixed an issue where token generation for invitations and reset password links could work incorrectly due to the information missing in the specified JWT. [OMFP-2808]

  • Add all profile fields to JWT during SSO authentication. [OMFP-2808]

  • Log usernames when service returns EXPIRED status for refresh and API tokens.


  • Update Python 3.10 to use OpenSSL 3.0.10.

Search Service


  • Added functionality to avoid using omni-config-py in docker [OM-104695]

  • Support structured logging. [OM-95906]

  • Update Python 3.10 to use OpenSSL 3.0.10.

  • Display service version during the startup and register it in the discovery service

Tagging Service


  • Added functionality to avoid using omni-config-py in docker [OM-104695]

  • Support structured logging. [OM-95906]

  • Updated to Python 3.10.13-nv1 for the OpenSSL fix (CVE-2023-40217) [OM-104322].

  • Updated idl.py to 0.22

Thumbnail Service


  • Added functionality to avoid using omni-config-py in docker [OM-104695]

  • Support structured logging. [OM-95906]

  • Updated to Python 3.10.13-nv1 for the OpenSSL fix (CVE-2023-40217) [OM-104321].

  • Updated Pillow lib to 10.0.1 to fix the WebP vulnerability (CVE-2023-4863) [OM-109689].

Nucleus Navigator


  • Improve error messaging for the dialog that adds users to groups. [OMFP-1927]

  • Disable account creation when SSO is enabled. [OMFP-2808]


  • Fixed an application crash caused by displaying connection errors. [OM-102088]

  • Redirect the user to the OVC portal for starting a cloud stream. [OM-103116]

  • Fixed an issue where the server list could not be initialized correctly if had an offline session. [OM-108364]

  • Fixed an app crash occurred when users clicked on Log in button in error messages. [OM-108360]

  • Fixed opening the content browser when unauthenticated users clicked on the server icon on the home screen. [OMFP-1216

  • Fixed an issue where network requests stopped working after uploading large folders. [OMFP-1918]


  • Update electron to 25.8.4 to address CVE-2023-5217 and CVE-2023-4863. [OMFP-1679], [OM-111204]