--- title: "Edge Network Improvements, RBAC Is Coming, Railway Metal Update" date: 2024-09-06 number: 0202 url: https://railway.com/changelog/2024-09-06-edge-improvements --- # Edge Network Improvements, RBAC Is Coming, Railway Metal Update Welcome, Passengers, to another edition of the Railway changelog! This week we’ll be taking you through some improvements to the edge network and letting you know about a couple of big upcoming projects, including the beginnings of RBAC on Railway and our progress towards Railway Metal (our own datacenters). We also squashed a large number of bugs and polish items which you can find at the end of the doc. If you’d like to see more nits squashed, it’s not too late to get involved in [The Great Nit Squash of 2024](https://help.railway.app/feedback/request-tell-us-about-your-nits-on-the-a3c5878e) — we’re tracking progress [here](https://railway.app/changelog/2024-08-30-polish-week#nits-thread). Also — as another programming note, we wanted to let you know that if you applied previously to [Railway’s community writing program](https://railway.app/changelog/2024-07-26-soc2-typeI#request-for-writers), we should have responses out to you soon. (Thanks again for your interest!) Now let’s get into the good stuff! ## Edge Network Improvements The [new Edge Proxy](https://railway.app/changelog/2024-08-02-trust-center#edge-proxy-cutover-progress-) is getting better all the time. This week we made a few improvements to the proxy: - We now enforce a minimum of TLS 1.2 to mitigate downgrade attacks from less secure versions of TLS. - You can now use any encoding you’d like as long as your application supports it. Whatever the downstream client passes in the `Accept-Encoding` header is exactly what your application will see and it's then up to your app to handle this. (Although we previously handled this for you, we felt it was more flexible to have your apps handle this negotiation so you can support any encoding you want.) - We also created the `x-railway-request-id` header to track diagnostic information to requests on the new edge network. (Note this was previously known as `x-request-id` but we changed the header name since it conflicted with other HTTP API services.) ## RBAC Is Coming We’re excited early next week to start rolling out *Sealed Variables*. These will be variables that you can obscure for security reasons — extremely useful and necessary depending on your team collaboration needs. For a little bit of perspective, this marks the beginning of Railway’s RBAC (role-based access control) story. While we’re starting with variables, this will be expanding over time to satisfy tiers of access control needed for many production teams. We couldn’t be more excited to ship the features your team needs. If there’s a feature blocking your company from succeeding on Railway today, please [let us know](https://help.railway.app/feedback). Meanwhile, please stay tuned next week for this feature dropping. ## Railway Metal Update [Image: Railway Metal is coming soon and we couldn’t be more excited] It’s been a while since we last updated you on our plans to light-up physical Railway servers, but we now have our first workloads running on metal and hope to roll these out for users in the coming weeks. As a reminder, Railway Metal means: - Deleting our most problematic upstream dependencies - More performant compute options for you - Tighter control of hardware configuration to deliver you a better Railway experience As always, if you’d like to help us build this out, [we have a number of positions open](https://railway.app/careers) and we’d love to hear from you. Have a great weekend! ✌️ ## Fixes and Improvements - We upgraded Nixpacks to [v1.28.1](https://github.com/railwayapp/nixpacks/releases) and along the way added default support for PNPM 9. We also now correctly stream PHP-FPM output to logs and auto-detect cairo libraries - We improved Help Center notification emails to provide useful context and pull quotes when someone responds to a thread - We improved the volume migration workflow by patching a bug that was causing a memory leak during the migration process - We added the ability to edit the *image source* for a service after the service is deployed - We fixed a bug where we were showing undefined instead of the URL in the database connect tab - We fixed a bug where users were able to deploy templates without fully configuring them - We fixed a bug where markdown wouldn’t render properly in the variable description when deploying a template within an existing project