2026.3 version release (May 2026)

New features

Continuous Data for PaaS (Early Access)

DCT-managed downstream PaaS Instances and PaaS DBs now include a Compliance tab on their details pages. The Compliance tab provides an integrated view of Masking and Profiling status, connector management, and job collection assignment — enabling compliance workflows directly within DCT.

Key capabilities

  • Masking and Profiling status cards: View whether a database has been successfully masked since its last refresh, along with the assigned Masking Job Collection and Profile Job Collection. Each card displays the last run timestamp and result.

  • Compliance Connectors: Add and manage connectors directly from the Compliance tab. The Add Connector workflow auto-populates the JDBC hostname and port from the database's connection details.

  • Job collection assignment: Assign Masking and Profiling job collections to PaaS Instances and PaaS DBs from the Actions dropdown via Change Job Collections.

  • Run jobs: Execute assigned Masking or Profiling jobs from the Actions dropdown.

  • Timeline integration: Masking and Profiling operations now appear in the Timeline tab for audit and tracking purposes.

The Compliance tab is only available on managed downstream databases and instances. It is not displayed on Root Sources or unmanaged databases to prevent accidental masking of production data.

Complete Continuous Data Parity — Select Connectors

All Select Connector's UI and API features in Continuous Data are now fully supported in Data Control Tower, introduced in DCT 2026.3.0. This release includes support for environment creation, dSource linking, snapshot ingestion, and VDB provisions. We encourage Delphix administrators to install and migrate their day-to-day Select connector management to DCT.

Snapshot actions for VDBs and dSources now include metadata visibility for increased transparency during data operations. Other enhancements to VDB provisioning and lifecycle operations help improve reliability and user experience.

The following Select connectors are supported in DCT 2026.3.0 release:

Continuous Compliance — Tokenization, logging, and support enhancements

  • Algorithm tokenization support

    • DCT now indicates whether an algorithm supports tokenization and prevents non-tokenizable algorithms from being assigned as a data class's default tokenization algorithm.

  • Large execution log download

    • Compliance job execution logs that exceed 100 KB are now stored as files and available for download from the job execution details page, replacing the previous size-limit error.

  • Job orchestrator support bundle

    • Users can now generate and download a diagnostic support bundle for all or a subset of compliance nodes directly from a job orchestrator's details page.

Hyperscale Compliance on DCT — Oracle (Early Access)

DCT now includes an integrated user interface for managing Hyperscale Compliance workflows for Oracle databases. Users can configure and execute Hyperscale masking jobs, monitor orchestrator flows, and track job execution and status, all from within DCT, without needing to interact with Hyperscale directly.

This release brings together orchestrator flow management, job creation and monitoring, and real-time execution tracking into a unified DCT experience, with algorithm synchronization across Hyperscale nodes handled automatically in the background.

To participate in the Early Access program, please contact delphix-early-adopters@perforce.com.

Synthetic Data (Preview)

The Synthetic Data preview feature set has been made available in this official release. See this Synthetic Data (preview) for more information. If you would like to try it out, please contact delphix-early-adopters@perforce.com to get started.

MCP Server (Preview)

The Delphix MCP Server has been extended with full CRUD operations for Continuous Data and platform administration. Users can now perform a wide range of data workflows, including provisioning VDBs, refreshing datasets, creating and managing bookmarks, taking snapshots, updating tags, and executing bulk operations, directly through any MCP-compatible AI client.

This opens new opportunities for AI-driven workflows, such as understanding storage relationships and data lineage, or combining VDB provisioning with infrastructure automation (e.g., Terraform deployments), significantly simplifying Delphix onboarding and day-to-day operations for both administrators and self-service users.

Operations are organized into persona-based toolsets to limit token consumption and improve AI quality. A manual confirmation mechanism is included for destructive actions that could result in permanent data loss. The ability to perform these operations is governed by each user's existing DCT access controls and RBAC permissions. For additional information, see the MCP Server GitHub repository.

Dark Mode (Preview)

DCT now supports a dark display mode. Users can toggle between light and dark modes by selecting the moon or sun icon in the top-right corner of the interface. This is a per-user preference that persists across sessions.

Documentation AI Help versioning and product selection update

Documentation Help now automatically searches the documentation that matches the currently installed DCT version, ensuring that responses are accurate for your specific release. Searches are scoped to Data Control Tower and Ecosystem documentation (Data Connectors and DevOps Integrations) only — for additional documentation or to search across versions, visit the public documentation site.

External database PostgreSQL 15.x support

External Database installation now supports any PostgreSQL v15 minor release. Note: External Databases are only supported on Kubernetes and OpenShift deployments.

Removed features

DCT no longer supports using HashiCorp Vault to supply credentials when registering Continuous Data or Continuous Compliance engines. The /v3/management/vaults/hashicorp endpoints and associated vault credential fields on engine registration have been removed from the API.

If you were using this feature, update your engine registration calls to pass username and password directly. Engines will immediately start syncing on re-configuration.

Stay tuned for a new engine credential mechanism coming in a future release.

Fixed issues

Issue ID Description
APIGW-16442 Fixed an issue where a failed provisioning operation was displayed with a success status color instead of an error indicator.
APIGW-16804 Fixed an issue where successfully completed jobs were incorrectly displayed as "Error" on the Operations Detail page.
APIGW-17391 Fixed an issue where clicking Advanced Search within the provisioning wizard caused a JavaScript error and failed to load, preventing users from filtering the source selection list.
APIGW-17592 Fixed an issue where search did not return results on any listing page because the filter expression was incorrectly sent as null in the API request.
APIGW-17747 Fixed an issue where LDAP authentication failed when configured with an IP address and SSL enabled, because the "Unsafe SSL Hostname" setting did not bypass certificate SAN validation as intended. Workaround: use the FQDN hostname instead of an IP address.
APIGW-18034 Fixed an issue where Swagger UI POST and PATCH requests returned 403 Forbidden when the user was simultaneously logged into the DCT UI in the same browser session. Workaround: log out of the DCT UI before using Swagger.
APIGW-18134 Fixed an issue where the "Register DCT" button was disabled in the Telemetry page, preventing users from completing DCT registration for license reporting.
APIGW-18263 Fixed an issue where compliance job type information was missing for executions synced from connected Compliance Engines, due to a regression introduced in a prior release.
APIGW-18447 Fixed an issue where internal communication between DCT services failed when mTLS was enabled via Envoy sidecar proxies, which could render DCT non-functional in mTLS-secured environments.
APIGW-18517 Fixed an issue where bookmark replication jobs were silently not created when the hostname in a replication profile did not exactly match the registered engine's hostname (for example, when one uses an IP address and the other uses an FQDN).

Known issues

Issue ID Description
APIGW-13599 No warning or alert occurs when a data admin login fails for registered Continuous Data or Continuous Compliance Engines; the engine continues to appear as Online, which can result in stale utilization data and misleading engine status.
APIGW-13711 Policy Create or Update API calls and DCT Toolkit commands do not validate CRON expressions, which can leave policy apply jobs stuck in a STARTED state with no user feedback. The DCT UI enforces CRON validation and is not affected. Workaround: use the DCT UI to create or update policies, or validate CRON expressions before submitting via API or Toolkit.
APIGW-14229 Actions started by engine-side policy workers (such as scheduled policy runs) are not visible in the DCT Operations screen. Only operations explicitly initiated by DCT are shown, so VDBs refreshed on a policy schedule appear to have no corresponding operations in DCT.
APIGW-14407

When a Virtualization operation fails server-side validation, the DCT UI displays only a generic error message without exposing the specific validation details.

Workaround: use the DCT API directly to retrieve the detailed error response.
APIGW-14421 When an operation fails, the Operations Detail page shows only a truncated error message, which is often insufficient to diagnose the root cause. The full error is available directly on the connected engine. Workaround: check the engine's job and action logs directly for the complete error message.
APIGW-14517 DCT makes frequent API calls against connected Continuous Data and Compliance Engines, which can cause sustained high CPU usage and GUI responsiveness issues on those engines.
APIGW-14545

Replication profiles deleted directly from the engine are not automatically removed from DCT and continue to appear.

Workaround: restart DCT to force a sync, which will remove stale replication profiles.
APIGW-14600

After upgrading, users with VDB permissions managed via Tags (SCOPED access) can no longer see VDB operations.

Workaround: assign a Full_read role with READ permission on VDBs in SIMPLE mode; note that this will show operations for all VDBs rather than only tag-filtered ones.
APIGW-14899

When hooks are imported into DCT from a connected Continuous Data engine, the execution order of hooks is not preserved. Operations that depend on a specific hook execution order may behave incorrectly after import.

Workaround: manually reorder hooks in DCT after import using the Reorder function.
APIGW-15297

Filter expressions applied on a listing page persist when navigating to a different object of the same type on the same page, causing the new page to appear empty.

Workaround: refresh the page when switching between objects.
APIGW-16124 When refreshing a VDB from a bookmark that contains both a snapshot reference and a timeflow bookmark reference, DCT always uses the snapshot reference and ignores the timeflow bookmark, which may refresh the VDB to an unintended point in time.
APIGW-16461 When a field value is unset on a compliance job (for example, Row Limit), the backend sets the field to the application default value rather than leaving it unset. Users who intentionally clear a field may see an unexpected value after saving.
APIGW-16481 Bookmarks created for past points in time may not appear on the VDB timeline view, even though they are successfully created and show the correct data timestamp.
APIGW-16557 Calling the DCT API to start execution of a Masking job may fail with a 409 Conflict error.