The Releases That Can Break You: 78 Breaking Changes, Deprecations and Security Advisories in Four Weeks
We analysed 839 platform releases from Jun 8 - Jul 5, 2026. Most were routine. 78 were not - retirements, breaking changes and security advisories from Azure, GitHub, GCP, Databricks and more.
Between June 8 and July 5, 2026, ReleaseBytes ingested and classified 839 releases from the platforms engineering teams rely on - AWS, Google Cloud, Azure, GitHub, OpenAI, Anthropic, Databricks, Snowflake, Terraform and Python.
Most of those releases are good news you can ignore: new features, regional expansions, previews. The ones that matter operationally are the ones that force action - a service you use is retiring, an API you call is changing shape, or a security issue needs a response.
In those four weeks, 78 releases - roughly 1 in 11 - were action-forcing: classified as a breaking change, a deprecation or a security advisory.
This post is what the data says about them: who ships them, what's being retired, and the deadlines now on the clock.
If you only take one thing away: ~9% of platform releases carry an obligation. The problem isn't reading 839 release notes - it's reliably finding these 78.
What we found
Across the four weeks (volume was steady - 218, 229, 204 and 188 releases per week):

By classification (a release can carry more than one type):
- 608 feature releases
- 321 announcements
- 191 patch releases
- 34 security advisories
- 27 deprecations / retirements
- 19 breaking changes

Two things stand out immediately.
Raw volume and risk are different league tables. AWS shipped 235 releases but only 6 were action-forcing (2.6%). GitHub shipped 94, of which 13 forced action (14%). Databricks shipped just 27 - and 9 of them (33%) were breaking or deprecating something. If you allocate review attention by release volume, you're reading the wrong platforms first.
Security advisories cluster. Of the 34 security-classified releases, 23 came from Google Cloud - largely a steady drumbeat of product security bulletins - with GitHub (6) and AWS (3) behind. GCP's cadence looks noisy until the one that applies to you doesn't get read.
The deadlines now on the clock
These retirements were announced or restated during the window, with dates:
| What | Platform | Deadline |
|---|---|---|
| GitHub Models fully retired | GitHub | July 30, 2026 |
| GitHub Actions minimum self-hosted runner versions enforced | GitHub | July / September 2026 |
| Azure VPN Client for Linux (Preview) retired | Azure | August 31, 2026 |
| Migrate off Azure Blueprints | Azure | January 31, 2027 |
| GitHub Copilot deprecates Gemini 2.5 Pro and 3 Flash | GitHub | July 31, 2026 |
| Azure Inbound NAT rule v1 for VMSS retiring | Azure | announced |
| Azure GPv1 and legacy Blob storage deprecated | Azure | announced |
| Multiple Azure VM series retirements (incl. Batch VM series) | Azure | announced |
| Azure Synapse Link for Cosmos DB (NoSQL) retiring | Azure | announced |
| GKE non-release-channel clusters deprecated (auto-enrolled to Stable after) | GCP | June 14, 2027 |
| Dependabot drops Python 3.9 support | GitHub | announced |
| npm v12 enforces stricter package-installation security defaults | GitHub | July 2026 |
Individually none of these is dramatic. Collectively, this is a month's worth of migration work quietly added to someone's backlog - and every one of these was published in an official channel that most teams don't systematically read.
Key trends
Azure is in a retirement wave
Seven of Azure's 37 releases this window were retirements or deprecations - VM series, VPN client, NAT rules, storage account types, Blueprints, Synapse Link. That's the visible surface of a platform consolidating older generations. If you run long-lived Azure estates, this month's notes were disproportionately about your existing infrastructure, not new capability.
AI models now have lifecycle events, like infrastructure
The clearest new pattern in the data: model availability is becoming an operational risk class. In four weeks: GitHub Copilot deprecated Gemini 2.5 Pro and Gemini 3 Flash (July 31, 2026) and the Opus 4.6 (fast) model (June 29, 2026); GitHub Models - the product - moved to full retirement (July 30); and Anthropic's feed recorded the suspension of two models following a US government directive. Anthropic's own platform notes carried deprecation entries in most weeks of the window.
If your systems call a specific model version, that's now a dependency with a lifecycle - the same way a VM series or a database version is. Treat model pins like version pins: know your fallback before the deprecation notice, not after.
SDK churn is the quiet breaking-change engine
Eight of the 19 breaking changes came from one place: Databricks SDK releases (Python, Go and Java - including a query-parameter serialization change in Go v0.152.0 and a removed user-name field in Python v0.120.0). SDKs ship fast, follow semver loosely at 0.x, and are exactly the dependency Dependabot happily bumps for you. If your CI auto-merges minor SDK updates, this is where it bites.
The routine 91% still hides the signal
The four-week totals: 839 releases, ~30 a day, with the busiest single day (June 30) seeing 73 releases. The 78 action-forcing items were spread thinly through that stream - a security bulletin here, a retirement notice there. No individual day looked alarming. That's precisely why this category gets missed: it never spikes; it drips.
What engineers should actually do
- Review by risk, not by volume. A monthly pass over breaking / deprecation / security items across your platforms is a fraction of the reading and most of the value. (That filtered view is what our Attention Required feed is.)
- Put the dated retirements in your planning calendar now - July 30 (GitHub Models), August 31 (Azure VPN Client for Linux), January 31, 2027 (Azure Blueprints). Migrations scheduled early are boring; discovered late they're incidents.
- Audit your SDK auto-update policy. If Databricks (or any 0.x SDK) is in your dependency tree, breaking changes arrive as routine version bumps. Pin, read the changelog, then bump.
- Treat model versions as dependencies. Inventory which model IDs your systems call, and subscribe to deprecation notices for them the way you would for a database version.
Where this data comes from
Every number above comes from the ReleaseBytes dataset: official release notes ingested continuously, classified by release type (feature, patch, security, deprecation, breaking, announcement) and tagged by platform. Nothing here was sampled or estimated - the window is Jun 8 - Jul 5, 2026, inclusive.
Explore the live data for your stack: AWS, Azure, Google Cloud, GitHub, Databricks - or the cross-platform Attention Required view. To have this category find you instead: release alerts deliver matching items by email or Slack, the weekly digest summarises the notable ones, and RSS feeds exist for everything.
Keep exploring
Stay current without the tab-hopping
One weekly email with the most notable cloud, AI and developer platform releases - summarised and linked to the source.
Read the weekly digest