> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Fusion 5.18.0

Released on July 7, 2026, this is a [minor release](/docs/policies/lifecycle-policies/lw-semantic-version-support-lifecycle#minor-release-support-policy) that focuses on AI enhancements, connector reliability improvements, and operational stability.

Upgrading to the latest version of Fusion 5 offers several key benefits:

* **Access to latest features:** Stay current with the latest features and functionality to ensure compatibility and optimal performance.
* **Simplified process:** Fusion 5.9.X and later use an in-place upgrade strategy.
* **Extended support:** Upgrading keeps you up-to-date with the latest supported Kubernetes versions, as outlined in the [Lucidworks Fusion Product Lifecycle](/docs/policies/lifecycle-policies/lw-fusion-product-lifecycle) policy.

<Tip>
  **Looking to upgrade?**

  See [Fusion 5 Upgrades](/docs/5/fusion/operations/fusion-5-upgrades) for detailed instructions.
</Tip>

For supported Kubernetes versions and key component versions, see [Platform support and component versions](#platform-support-and-component-versions).

## Key highlights

### Secrets management

Fusion now provides [Secrets management using Fusion Vault](/docs/5/fusion/operations/security/external-vault) that interfaces with [Kubernetes External Secrets Operator (ESO)](https://external-secrets.io/latest/) to reference and use credentials stored in external databases, services, and APIs.

External secret providers include Kubernetes, HashiCorp Vault, Amazon Web Services Secrets Manager, Google Cloud Platform (GCP) Secret Manager, and Azure Key Vault.

Install and configure ESO to interface between the vault provider and Fusion, and then configure Fusion pipelines, jobs, and connectors with variable references for the secrets.
Fusion contains the variable references, but does not store the secret values, ensuring usernames, passwords, certificates, and API keys are kept secure.

Credential values never display in Fusion configurations.

These examples illustrate the datasources, index and query pipeline stages, and job settings in Fusion.

<Tabs>
  <Tab title="Datasources">
    <Frame caption="Set Fusion datasource to use a managed secret">
      <img src="https://mintcdn.com/lucidworks/zSVptxoAJhmUHuXC/assets/images/fusion-operations/secrets-mgt-datasource-use-managed-secret.png?fit=max&auto=format&n=zSVptxoAJhmUHuXC&q=85&s=5cb9b1aabbe00eb27c5d39ce459931f1" alt="Set Fusion datasource to use a managed secret" width="1754" height="1032" data-path="assets/images/fusion-operations/secrets-mgt-datasource-use-managed-secret.png" />
    </Frame>

    Your managed secret is found in the datasource configuration in **Crawl Authentication Properties > Basic Authentication > Host**.
  </Tab>

  <Tab title="Pipeline stages">
    <Frame caption="Set index and query pipeline stages to use a managed secret">
      <img src="https://mintcdn.com/lucidworks/zSVptxoAJhmUHuXC/assets/images/fusion-operations/secrets-mgt-stage-use-managed-secret.png?fit=max&auto=format&n=zSVptxoAJhmUHuXC&q=85&s=285476ad3eb9a11685d498dbf0de6e0c" alt="Set pipeline to use a managed secret" width="932" height="510" data-path="assets/images/fusion-operations/secrets-mgt-stage-use-managed-secret.png" />
    </Frame>

    If selected, **Use Managed Secret** applies to the name, password, and secret reference.
  </Tab>

  <Tab title="Jobs">
    <Frame caption="Set script to use a managed secret">
      <img src="https://mintcdn.com/lucidworks/zSVptxoAJhmUHuXC/assets/images/fusion-operations/secrets-mgt-custom-python-use-secret.png?fit=max&auto=format&n=zSVptxoAJhmUHuXC&q=85&s=8cd4e04c4566782fb220920fb2c0d57e" alt="Set script to use a managed secret" width="1366" height="1164" data-path="assets/images/fusion-operations/secrets-mgt-custom-python-use-secret.png" />
    </Frame>

    Your managed secret is found in **Advanced > Scripts Secrets**.
  </Tab>
</Tabs>

When you update a credential in your vault, all related pipelines change automatically without manual pipeline updates or service restarts.

### OpenTelemetry tracing support

OpenTelemetry (OTel) provides distributed tracing capabilities for Fusion that enable engineering and operations teams to identify performance bottlenecks and errors across microservices in real time.

This comprehensive, request-level observability across Fusion's microservices helps teams trace individual queries separately from monitoring systems such as Prometheus without overwhelming them.
The API Gateway handles incoming queries and routes them through the Query Service to Solr.

<Note>
  The services that support OpenTelemetry are API Gateway, Query, and Indexing.
</Note>

#### Distributed trace flow

This section illustrates and describes the OpenTelemetry distributed trace flow.

Fusion's distributed tracing uses the API Gateway as the trace root with selective sampling for Query Service requests, while the Query Service uses parent-based sampling to ensure complete trace coverage.
OpenTelemetry collectors run locally on each server to minimize network overhead, bundling trace data before sending it to Grafana Tempo.
The tracing system integrates with the existing Lucidworks observability stack (Grafana, Loki, Prometheus) without requiring code changes to Solr, which uses environment variable configuration.

<Frame>
  <img src="https://mintcdn.com/lucidworks/bC1Is6K0N-ejH-S8/assets/images/5.18/opentelemetry-flow.png?fit=max&auto=format&n=bC1Is6K0N-ejH-S8&q=85&s=a927b5214a7402b59763a2912fea1ff4" alt="OpenTelemetry distributed trace flow" width="1484" height="788" data-path="assets/images/5.18/opentelemetry-flow.png" />
</Frame>

For more information, see [OpenTelemetry Distributed Tracing](/docs/5/fusion/operations/monitoring-and-reporting/opentelemetry-implementation-fusion).

### Lucidworks MCP enhancements

Fusion's Model Context Protocol (MCP) implementation includes improved configuration capabilities, enhanced authentication options, and monitoring in this release.

Enhancements include:

* **OAuth authentication with external identity providers**: Fusion now supports OAuth 2.1 authentication using external identity providers for both HTTP and STDIO modes.
  This enables enterprise single sign-on workflows for MCP access and is the recommended authentication method for Claude Desktop applications.
  See [Set up authentication](/docs/5/fusion/getting-data-out/mcp#set-up-authentication) for configuration details.
* **UI-based search experience configuration**: For simpler setup, you can configure MCP search experiences directly through the Fusion [Query Profile](/docs/5/fusion/getting-data-out/query-basics/query-pipelines/query-profiles) panel instead of editing a configuration file.

<Frame>
  <img src="https://mintcdn.com/lucidworks/bC1Is6K0N-ejH-S8/assets/images/5.18/mcp-ui-experience-config.png?fit=max&auto=format&n=bC1Is6K0N-ejH-S8&q=85&s=a99c94631c8b1c541db12faca4fe0cb3" alt="Search experience configuration in the Query Profile panel" width="1289" height="872" data-path="assets/images/5.18/mcp-ui-experience-config.png" />
</Frame>

* **Multi-experience search**: The MCP server can now use multiple search experiences in a single request, allowing Claude to gather information from multiple data sources in one query.
  In 5.17.x, the server selected only the single best-matching search experience per request.
  This enables AI assistants to retrieve information from multiple data sources in one query.
* **Enhanced document descriptions**: The MCP server now checks the `body_t` field as an additional source for document descriptions returned to AI assistants, providing richer document summaries.
* **MCP usage monitoring documentation**: The existing API gateway metrics that track MCP server usage (available since Fusion 5.17) are now documented with setup instructions and a ready-to-use Grafana dashboard.
  The metrics provide request rates, latency percentiles, error rates, and traffic breakdowns by status code.
  Note that STDIO-based MCP usage (such as earlier Claude Desktop integrations) does not flow through the `/mcp` endpoint and is not captured in these metrics.
  See [MCP Server Monitoring](/docs/5/fusion/operations/monitoring-and-reporting/mcp-monitoring) for setup instructions and dashboard configuration.

<Frame>
  <img src="https://mintcdn.com/lucidworks/bC1Is6K0N-ejH-S8/assets/images/5.18/mcp-metrics-grafana.png?fit=max&auto=format&n=bC1Is6K0N-ejH-S8&q=85&s=a3bd19bbb31cb1e05811cd7350c3407a" alt="Imported Grafana dashboard showing MCP server usage metrics" width="1593" height="1242" data-path="assets/images/5.18/mcp-metrics-grafana.png" />
</Frame>

For more information about MCP configuration and setup, see [Lucidworks MCP](/docs/5/fusion/getting-data-out/mcp).

### Mutual Transport Layer Security support

Fusion 5.18 introduces Mutual Transport Layer Security (mTLS) for self-hosted Fusion and Lucidworks Search clients on 5.9.15 and later.
mTLS is a network-layer authentication feature that extends standard TLS encryption by requiring both the client and server to present valid certificates during the TLS connection process.
While standard TLS encrypts traffic and allows clients to verify the server's identity, mTLS adds bidirectional authentication where the server also verifies the client's identity before allowing the connection.

mTLS is implemented at the Google Cloud External Application Load Balancer level and ensures that only trusted, certificate-authenticated clients can access APIs and UI endpoints.
This feature complements but does not replace application-layer authentication methods like SSO and OIDC, and provides an additional security layer that satisfies zero-trust architecture requirements.

Performance impact is minimal with only sub-millisecond latency added during initial connection, and the feature supports multiple CA certificates as trust anchors for flexible multi-environment access control.

This diagram illustrates an example authentication process.

<Frame caption="mTLS and TLS service flow">
  <img src="https://mintcdn.com/lucidworks/Rk3pMZV1fKkqa5BK/assets/images/5.18/tls-and-mtls-service-flow.png?fit=max&auto=format&n=Rk3pMZV1fKkqa5BK&q=85&s=30326f303ef6dec6daa8954656539d03" alt="mTLS and TLS service flow" width="6107" height="3895" data-path="assets/images/5.18/tls-and-mtls-service-flow.png" />
</Frame>

For complete details, see [Mutual Transport Layer Security](/docs/5/fusion/operations/security/mtls-fusion).

#### Use cases

mTLS applies to B2B, B2C, and knowledge management scenarios.
Organizations can restrict Lucidworks Search API access to only authenticated services within their infrastructure, requiring valid client certificates signed by their certificate authority.

For multi-environment deployments, mTLS enables different certificate requirements across development, staging, and production environments.
Development environments can use self-signed certificates while production requires certificates from enterprise public key infrastructure (PKI).

The feature is particularly critical for organizations operating under zero-trust security frameworks that need to follow these guidelines:

* Adhere to strict compliance requirements such as SOC2, ISO 27001, or HIPAA

* Enforce network-layer security controls beyond application authentication

All client certificate usage is logged in Google Cloud logging, which provides comprehensive audit trails for regulatory compliance.

For more information, see [Lucidworks Search Mutual Transport Layer Security](/docs/5/fusion/operations/security/mtls-fusion).

{/*
### Cloud warming

<Badge color="green">[FSN-448](https://lucidworks.atlassian.net/browse/FSN-448) (Done)</Badge> <Badge color="green">[FSN-447](https://lucidworks.atlassian.net/browse/FSN-447) (Done)</Badge>

In Apache Solr, cache warming is the process of pre-populating a new searcher's caches with data from a previous searcher before making it active.
This prevents severe search latency spikes and timeouts that typically occur when a new index state requires caches to be rebuilt from scratch.

Cloud warming provides the same benefits at the deployment level.
Fusion 5.18 improves cloud warming with better interaction with query limits and enhanced handling of `maxReplicasToWarmFrom` settings.
These enhancements ensure more predictable cache preparation behavior and better resource utilization when preparing replica sets for query traffic.
REMOVED: MF-only feature, not appropriate for client-facing docs (per Maria Power review 2026-06-28)
*/}

### Ray environment variables

[Ray deploy jobs](/docs/5/fusion/reference/config-ref/jobs/create-ray-model-deployment) now support Ray environment variables, enabling better configuration and control of Ray-based machine learning workloads within Fusion's deployment infrastructure.
This enables configuration and control of Ray-based machine learning workloads, such as setting memory limits, adjusting worker parallelism, and configuring logging levels for Ray tasks within Fusion's deployment infrastructure.

### Connectors

#### Stray content deletion

All V2 and Pro [connectors](/docs/fusion-connectors/overview) now include a configurable circuit breaker that prevents accidental mass deletion of indexed content.
Previously, stray content deletion could silently remove all of a datasource's content due to misconfigurations or source system issues, with no safety mechanism to detect anomalous deletion patterns.
You can set a threshold in a connector's settings for the maximum percentage of indexed items that may be deleted as stray in a crawl.
If the total stray items exceeds this percentage, the job fails, and the circuit breaker blocks the deletion to prevent accidental data loss.
Failure details are visible in the job history.

To enable tracking each document, child documents of an embedded parser such as entries in a ZIP file or lines in a CSV file are now tracked by a signature so these documents also participate correctly in stray content deletion and circuit breaker accounting, instead of being silently reindexed or deleted.

Stray content deletion and the circuit breaker are enabled by default. You can edit these settings in each connector's core properties.

<Frame>
  <img src="https://mintcdn.com/lucidworks/Rk3pMZV1fKkqa5BK/assets/images/5.18/stray-content-deletion-circuit-breaker-518.png?fit=max&auto=format&n=Rk3pMZV1fKkqa5BK&q=85&s=f3bbe755e65aa95a140975f589f5cd66" alt="Stray content deletion and circuit breaker for V2 and Pro connectors" width="1766" height="872" data-path="assets/images/5.18/stray-content-deletion-circuit-breaker-518.png" />
</Frame>

<Accordion title="Configuration parameters" defaultOpen="true">
  <ParamField path="Enable Stray Deletion" type="boolean" default="true" post={[<><span className="text-stone-400 dark:text-stone-500">API property: </span>enableStrayDeletion</>]}>
    When enabled, items not re-encountered in the current crawl are deleted from the content collection.
  </ParamField>

  <ParamField path="Enable Circuit Breaker" type="boolean" default="true" post={[<><span className="text-stone-400 dark:text-stone-500">API property: </span>enableCircuitBreaker</>]}>
    When enabled, stray deletion is blocked if the percentage of items to be deleted exceeds the configured threshold.
    Disable this setting only if unconditional stray deletion is required regardless of volume.
  </ParamField>

  <ParamField path="Stray Deletion Threshold (%)" type="number" default="80" post={[<><span className="text-stone-400 dark:text-stone-500">API property: </span>percentageThreshold</>]}>
    Maximum percentage of indexed items that may be deleted as stray in a crawl.
    If the total stray items exceeds this percentage, the circuit breaker blocks the deletion to prevent accidental data loss.
    Accepts values from 0 to 100.
  </ParamField>
</Accordion>

The circuit breaker setting eliminates expensive recovery operations, prevents search downtime, and maintains search quality even when source systems experience temporary issues.

#### Sidecar collections for graph security trimming

Connectors that use [graph security trimming](/docs/5/fusion/reference/config-ref/pipeline-stages/query-stages/security-trimming-graph-query-stage) can now route access-control documents to a dedicated sidecar collection separate from the content collection.
This enables improved performance and cleaner separation of documents for deployments using graph ACLs.

By default, ACL documents continue to land in the content collection, maintaining backward compatibility.
To use a sidecar collection, navigate to **Graph security filtering configuration** in your datasource and set the **ACL Collection ID** datasource parameter to the name of your dedicated ACL collection. After configuring your datasource, navigate to the Query Workbench and configure the graph security trimming query stage to use this sidecar collection.

Connectors that support sidecar collections include SharePoint Optimized, LDAP, and any V2 or Pro connector that emits graph ACLs.

<Frame>
  <img src="https://mintcdn.com/lucidworks/bC1Is6K0N-ejH-S8/assets/images/5.18/graph-security-trimming-acl.png?fit=max&auto=format&n=bC1Is6K0N-ejH-S8&q=85&s=42280ba722a4d44d4831a85e13c798c9" alt="ACL collection ID in datasource settings" width="1272" height="242" data-path="assets/images/5.18/graph-security-trimming-acl.png" />
</Frame>

<Accordion title="Configuration parameter" defaultOpen="true">
  <ParamField path="ACL collection ID" type="string" post={[<><span className="text-stone-400 dark:text-stone-500">API property: </span>security.collectionId</>]}>
    Name of the dedicated sidecar collection for storing ACL records.
    If not specified, ACL records are stored in the content collection (default behavior).
  </ParamField>
</Accordion>

#### Document signatures

V2 and Pro connectors now evaluate document signatures to prevent reindexing unchanged content.
Each document, including parsed child documents, receives a `_lw_signature_s` field containing a fingerprint built from the document's fields, metadata, and ACLs.
During recrawls, documents with unchanged signatures skip reindexing, reducing memory overhead.

## API changes

### Connectors SDK upgrade

The Fusion Connectors SDK has been upgraded to version 4.2.5.
This release includes protobuf schema improvements, enhanced plugin resolution, and updated dependencies for custom connector development.

For details, see [Connectors SDK 4.2.5 Javadocs](https://lucidworks.github.io/connectors-sdk-javadocs/4.2.5/).

### Connector configuration endpoints removed

The Connectors API has removed the following internal configuration management endpoints:

* `DELETE /configs`
* `DELETE /configs/{id}`
* `GET /configs`
* `GET /configs/{id}`
* `POST /configs`
* `PUT /configs/{id}`

Applications using these connector configuration endpoints must migrate to alternative configuration management approaches.

### Templating API enhancements

Twenty-one templating endpoints received parameter additions and type corrections. These changes appear to be non-breaking enhancements that add missing parameters and fix type definitions in the OpenAPI specification. Review the [Fusion Templating API](/api-reference/render-controller/get-template-information-using-your-app-name) specification for complete details.

## Bug fixes

### Connectors

#### PhaseState no longer causes cached failures in fusion-connectors

In previous versions of Fusion, PhaseState operations resulted in cached failures that persisted inappropriately in the fusion-connectors service.

Fusion now properly manages PhaseState caching to prevent spurious failure states.

#### RepositoryPluginsService cache failures resolved

In previous versions of Fusion, the RepositoryPluginsService experienced cached failures that prevented proper plugin loading and initialization in fusion-connectors.

Fusion now correctly manages the plugin service cache lifecycle.

#### Stray content deletion now works correctly when parsers emit marker documents

In previous versions of Fusion, stray content deletion failed to remove orphaned child documents when a parser emitted an error or comment marker document before any records, causing orphaned documents to accumulate in the content collection across crawls.

Fusion now properly removes orphaned child documents to prevent document accumulation.

#### Connector plugin pods now allocated increased resources

In previous versions of Fusion, connector plugin pods operated with insufficient resource allocations, causing performance degradation and potential out-of-memory issues.

Fusion now allocates appropriate CPU and memory resources to connector plugin pods for reliable operation under load.

### AI and machine learning

#### LWAI stages now continue pipeline execution on failure

In previous versions of Fusion, LWAI stage failures caused entire pipelines to fail, preventing subsequent stages from executing.

Fusion now logs LWAI stage failures while allowing the pipeline to continue execution, ensuring that temporary AI service issues do not block document processing.

#### Ray vectorization now handles non-ASCII text correctly

In previous versions of Fusion, Ray vectorization failed for non-ASCII text due to missing UTF-8 encoding configuration.

Fusion now properly encodes text using UTF-8 before vectorization, ensuring reliable processing of international and special characters.

#### Machine Learning stage now works correctly with Neural Hybrid Query and Apply Rules

In previous versions of Fusion, using the Machine Learning stage together with the Neural Hybrid Query stage and the Apply Rules stage caused query pipeline failures.

Fusion now supports all three stages working together correctly in query pipelines.

#### lwai-gateway now returns correct error code on authentication failure

In previous versions of Fusion, the lwai-gateway service incorrectly returned HTTP 401 (Unauthorized) when it failed to authenticate itself with backend services, misleading clients about the nature of the error.

Fusion now returns HTTP 500 (Internal Server Error) to accurately indicate server-side authentication failures.

### Jobs and infrastructure

#### Jobs now display correct status

In previous versions of Fusion, jobs occasionally displayed incorrect status information in the UI.

Fusion now correctly reports job status in all cases.

#### job-launcher-spark Role now includes correct permissions

In previous versions of Fusion, the job-launcher-spark Kubernetes role was missing the `deletecollection` verb and referenced an incorrect PVC resource name, preventing proper cleanup operations.

Fusion now includes the correct RBAC permissions and resource references for Spark job management.

#### EventBus memory leaks eliminated

In previous versions of Fusion, Google Guava's EventBus caused memory leaks in singleton components, particularly affecting the DefaultDataProcessor and RPC service.

Fusion now migrates all remaining EventBus usage to Spring's event system, eliminating memory leaks and improving long-term stability.

#### Selenium driver updated in rpc-service

In previous versions of Fusion, the rpc-service used an outdated Selenium driver version with known issues and security vulnerabilities.

Fusion now uses the latest Selenium driver, providing improved compatibility and security.

#### Merge Async Results thread safety improved

In previous versions of Fusion, the DefaultContext class in the CDW 5.9.16 merge async results implementation was not thread-safe, causing ConcurrentExecutionException errors under concurrent load.

Fusion now resolves thread safety issues in asynchronous result merging.

#### apps-manager now starts correctly with SSL enabled

In previous versions of Fusion, the apps-manager service failed to start when SSL/TLS was enabled.

Fusion now properly initializes SSL configuration, allowing apps-manager to start successfully in TLS-enabled environments.

### User interface

#### Datasource configuration UI checkbox labels now align correctly

In previous versions of Fusion, checkbox labels in the datasource configuration UI appeared below or misaligned from their checkboxes, creating a confusing user experience.

Fusion now renders checkbox labels in the correct position next to their controls.

#### Blob binary data uploads now work correctly through UI

In previous versions of Fusion, binary blob data became corrupted when uploaded through the Admin UI.

Fusion now preserves binary data integrity during upload operations, ensuring files are stored and retrieved without corruption.

#### ACL label description clarified

In previous versions of Fusion, the ACL configuration label description was unclear, causing confusion during security configuration.

Fusion now provides clearer ACL label descriptions in the UI and documentation.

### Search and query

#### Bury by attribute now uses correct query parameter

In previous versions of Fusion, the Experience Manager API's bury by attribute functionality incorrectly used the `bq` (boost query) parameter instead of the `boost` parameter.

Fusion now correctly applies negative boosts using the `boost` parameter, ensuring buried items are properly demoted in Commerce Studio's search results.

#### Pinned documents now respect query parameters

In previous versions of Fusion, pinned documents returned by query rules did not inherit query parameters from the main query pipeline, such as the field list (`fl`) filter configured in the Query Fields stage.
Non-pinned documents correctly applied these parameters, but pinned documents outside the initial row count returned all fields regardless of pipeline configuration.

Fusion now propagates query parameters to the secondary lookup used to retrieve pinned documents, ensuring consistent field filtering across all results.

{/*
### CrawlDB cache items are now properly reprocessed during recrawls

In previous versions of Fusion, a cache issue prevented CrawlDB items from being reprocessed during recrawls, causing content to be skipped even when it had changed.

Fusion now properly invalidates cache entries to ensure items are reprocessed as expected during recrawls.
REMOVED: Internal-only change, not customer-facing (per Cesar Vera Bernal review 2026-06-29)
*/}

{/*
### Stale FetchInput items now cleaned up after configuration changes

In previous versions of Fusion, after configuration changes such as narrowing a regular expression to include items, stale `FetchInput` rows in the CrawlDB persisted indefinitely because they were excluded from stray deletion.

Fusion now deletes `FetchInput` items at the end of each successful crawl.
REMOVED: Internal-only change, not customer-facing (per Cesar Vera Bernal review 2026-06-29)
*/}

## Known issues

### JavaScript and Active Directory stages defer Vault validation

The Active Directory Security Trimming Stage and JavaScript pipeline stages (GraalVM, Nashorn, OpenJDK Nashorn) do not validate Vault-backed credentials during stage initialization.

The Active Directory stage recreates the LDAP resolver on every request using freshly resolved Vault credentials. Misconfigured or unavailable secrets only surface when the first query arrives, rather than being caught during pipeline deployment or updates.

JavaScript stages currently access Vault secrets through a polling mechanism that checks for updates on a fixed interval, rather than through a native integration with the Fusion Vault API. This means a JavaScript stage configured with a required secret that is unavailable in Vault can initialize successfully and only fail at request time. Secret values updated in the vault are not guaranteed to be reflected in the stage without a service restart.

**Impact:** Query pipelines with misconfigured Vault credentials appear to deploy successfully but fail when processing the first query.

**Workaround:** Manually verify all required Vault secrets are available and correctly configured before deploying or updating query pipelines that use the Active Directory Security Trimming Stage or JavaScript stages with Vault-backed credentials.

<Tip>
  A future release will introduce Vault API integration for JavaScript stages, including seamless secret value updates without requiring service restarts and improved secret refresh capabilities.
  This integration will change how secrets are accessed in JavaScript stage scripts.

  If you use secrets management with JavaScript query stages, review and update your stage configurations before upgrading once this change is released.
</Tip>

## Deprecations

In Fusion 5.18.0, all V1 connectors are deprecated. This means they are no longer being actively developed and will be removed in Fusion 6.

* **Some V1 connectors already have a direct replacement available.** You can find the replacement connector on the [Fusion Connectors Deprecations and Removals page](/docs/fusion-connectors/deprecations-and-removals).
* **For all other V1 connectors, a replacement is still under development.** The documentation is updated when the replacement is available.

If you are using a V1 connector, you must migrate to the replacement connector or a supported alternative before upgrading to Fusion 6. Migrate to the replacement connector as soon as possible to avoid any disruption to your workflows.

## Platform support and component versions

### Kubernetes support

Lucidworks has tested and validated support for the following Kubernetes platforms and versions:

* **Google Kubernetes Engine (GKE):** 1.31, 1.32, 1.33, 1.34, 1.35, 1.36
* **Microsoft Azure Kubernetes Service (AKS):** 1.31, 1.32, 1.33, 1.34, 1.35, 1.36
* **Amazon Elastic Kubernetes Service (EKS):** 1.31, 1.32, 1.33, 1.34, 1.35, 1.36

Lucidworks also supports Rancher Kubernetes Engine (RKE and RKE2) and OpenShift 4 versions that are based on Kubernetes 1.31, 1.32, 1.33, 1.34, 1.35, 1.36.
RKE2 may require Helm chart modification.
OpenStack and customized Kubernetes installations are *not* supported.

For more information on Kubernetes version support, see the [Kubernetes support policy](/docs/policies/lifecycle-policies/lw-fusion-product-lifecycle#kubernetes-support).

### Components

The following table details the versions of key components that may be critical to deployments and upgrades.

| Component           | Version                                           |
| ------------------- | ------------------------------------------------- |
| Solr                | fusion-solr 5.18.0 *(based on Solr 9.6.1)*        |
| ZooKeeper           | 3.9.5                                             |
| Spark               | 3.4.1                                             |
| Ingress Controllers | Nginx, Ambassador (Envoy), GKE Ingress Controller |
| Ray                 | ray\[serve] 2.46.0                                |
| Helm                | 4.1.1                                             |

See [Lucidworks Fusion Product Lifecycle](/docs/policies/lifecycle-policies/lw-fusion-product-lifecycle) for more information about support dates.
