-
v1.2.34
StableAll checks were successfulSecret Scan / gitleaks (push) Successful in 45sGolang Tests / test-go (push) Successful in 1m24slint / lint (push) Successful in 2m0sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m48sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m21sRust Tests / test-rust (rust/trapd, cargo) (push) Successful in 3m48sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 4m45sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 4m55sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 6m19sSource Security Scan / source-security (push) Successful in 28m9sImage Security Scan / image-security (push) Successful in 28m13sPublish Release Artifacts / publish (push) Successful in 28m51s
Ghost
released this
2026-05-08 01:36:37 +00:00 | 1872 commits to staging since this releaseServiceRadar v1.2.34
Proxmox virtualization, network-wide credential rules, console access, MTR diagnostics, and stability fixes for datasource-backed event ingestion and edge configuration sync.
Whats New
1.2.34
- Added the Proxmox WASM plugin, policy input plumbing, live smoke-test paths, mapper fingerprinting for PVE candidates, and SRQL virtualization queries so discovered Proxmox hosts can enrich inventory without per-plugin target configuration.
- Added virtualization inventory schema and ingestion for clusters, hosts, guests, datastores, storage systems, host disks, network interfaces, and Proxmox enrichment payloads, with device-detail and dashboard surfaces for virtualization state and efficiency.
- Added network-wide credential rule resources, encrypted credential secrets, SSH private-key credential support, target-scope preview, credential redaction, Proxmox presets, broker grants, assignment materialization, and settings UI coverage.
- Added Proxmox console access across web-ng, core, agent-gateway, and agent, including xterm React integration, session tickets, ERTS-routed stream brokering, agent-local credential handling, SSH PTY bridging, stream timeouts, RBAC gates, and unsupported guest-mode handling.
- Added MTR diagnostics improvements, including time-window comparisons, yesterday/full-day drilldowns, persisted profile settings, and clearer comparison baseline behavior.
- Added metric baseline alert evaluation and device-scoped log views so operators can promote sustained metric anomalies and inspect logs from device details.
- Fixed Falco alert ingestion and the supervised datasvc client so core holds a long-lived Gun-backed gRPC channel instead of repeatedly dropping and reconnecting to datasvc.
- Fixed agent config sync and Armis authentication handling, plus release artifact mirroring and release page behavior needed for managed agent releases.
- Polished dashboard navigation, theme behavior, and virtualization dashboard panels.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.33
StableAll checks were successfulSecret Scan / gitleaks (push) Successful in 26sSource Security Scan / source-security (push) Successful in 46sGolang Tests / test-go (push) Successful in 1m3slint / lint (push) Successful in 1m45sImage Security Scan / image-security (push) Successful in 2m38sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m18sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m42sRust Tests / test-rust (rust/trapd, cargo) (push) Successful in 3m45sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 4m22sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 5m12sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 6m38sPublish Release Artifacts / publish (push) Successful in 12m44s
Ghost
released this
2026-05-06 17:32:50 +00:00 | 1978 commits to staging since this releaseServiceRadar v1.2.33
Dependency security refresh for Rust, Go, and dashboard JavaScript packages, including the rperf migration needed to clear stale crate alerts.
Whats New
1.2.33
- Updated vulnerable Rust dependencies across the workspace, including OpenSSL, Diesel, rustls-webpki, rand, async-nats, and SPIFFE-related integrations.
- Patched the reqsign Google and Azure Storage crates locally to move Zen transitive authentication dependencies onto the fixed jsonwebtoken stack until upstream publishes compatible releases.
- Reworked rperf packaging so ServiceRadar builds and ships a patched local rperf binary instead of depending on the stale crates.io rperf package and its vulnerable dependency graph.
- Updated Go dependencies and moved the Go/Bazel toolchain target to Go 1.26.2, including the pgx security update.
- Updated dashboard and documentation npm lockfiles and overrides for Dependabot-reported packages such as postcss, fast-xml-parser, and uuid.
- Fixed core coordinator advisory-lock error handling so failed lock attempts stop their dedicated Postgrex pool instead of leaking idle connections until Postgres refuses new clients.
- Fixed the web-ng FieldSurvey ADBC database URI builder so pooler-backed
verify-fulldeployments keep routing through the configured CNPG pooler while still verifying the cluster CA. - Fixed Bazel crate metadata for patched reqsign crates and the updated OpenSSL source crate so release image publishing can analyze the full
//:pushgraph in CI. - Fixed Bazel provider dependencies for the patched reqsign Azure and Google crates so release image builds can compile Zen's reqsign-enabled dependency graph.
- Updated the pinned TinyGo toolchain to 0.41.1 so first-party Wasm plugin publishing remains compatible with the Go 1.26 release toolchain.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.32
StableSome checks failedSecret Scan / gitleaks (push) Successful in 22sImage Security Scan / image-security (push) Failing after 1m5sGolang Tests / test-go (push) Successful in 2m23slint / lint (push) Successful in 2m30sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 4m17sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m38sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 4m21sRust Tests / test-rust (rust/trapd, cargo) (push) Successful in 3m42sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 5m14sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 6m30sSource Security Scan / source-security (push) Successful in 13m26sPublish Release Artifacts / publish (push) Successful in 14m10s
Ghost
released this
2026-05-05 18:42:09 +00:00 | 2016 commits to staging since this releaseServiceRadar v1.2.32
Release pipeline hotfix for v1.2.31 that keeps the Helm HA release payload intact while fixing CI-only publication and fixture reachability failures.
Whats New
1.2.32
- Fixed the release workflow ORAS installation path and Wasm plugin import-index generator so published Wasm plugin artifacts can be indexed and attached to Forgejo releases.
- Hardened Rust CI so SRQL fixture-backed tests fall back to non-fixture coverage when configured fixture secrets point at a service that is unreachable from the runner.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.28
StableSome checks failedImage Security Scan / image-security (push) Successful in 38sSource Security Scan / source-security (push) Failing after 49sGolang Tests / test-go (push) Successful in 1m15slint / lint (push) Failing after 1m32sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Failing after 7m19sRust Tests / test-rust (rust/trapd, cargo) (push) Failing after 7m6sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 8m19sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 7m55sRust Tests / test-rust (rust/srql, cargo) (push) Failing after 8m22sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Failing after 9m59sPublish Release Artifacts / publish (push) Successful in 17m58s
Ghost
released this
2026-05-04 20:08:43 +00:00 | 2060 commits to staging since this releaseServiceRadar v1.2.28
CNPG PostgreSQL 18.3 image refresh for the pgcrypto CVE fix, with pinned image inputs and Debian bookworm extension packages to keep Kubernetes rollouts ABI-compatible.
Whats New
1.2.28
- Upgraded the custom ServiceRadar CNPG image to PostgreSQL 18.3 and pinned the CloudNativePG upstream base by digest so rebuilds cannot silently resolve to older PostgreSQL 18 prerelease images.
- Switched the CNPG TimescaleDB and AGE layers to pinned Debian bookworm PostgreSQL 18 packages, avoiding remote-executor glibc leakage in extension shared libraries.
- Updated Helm, demo, srql-fixtures, Docker Compose migration, and RBE references to the signed
serviceradar-cnpg:18.3.0-sr5digest.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.26
StableSome checks failedSecret Scan / gitleaks (push) Successful in 48sGolang Tests / test-go (push) Successful in 55sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 3m9sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m47sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m29sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m19sPublish Release Artifacts / publish (push) Successful in 36m16sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Has been cancelledImage Security Scan / image-security (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledlint / lint (push) Has been cancelled
Ghost
released this
2026-04-30 00:52:43 +00:00 | 2122 commits to staging since this releaseServiceRadar v1.2.26
FieldSurvey Sidekick, AlienVault OTX threat intelligence, WAF signal ingestion, and observability UI updates that make field surveys, NetFlow review, and security log enrichment usable in demo and staging environments.
Whats New
1.2.26
- Added the FieldSurvey Sidekick pipeline across iOS, web-ng, and core ingest, including WebSocket auth, Arrow IPC ingestion, RoomPlan/floorplan/point-cloud artifact storage, spatial review views, persisted coverage rasters, AP placement confidence, adaptive RF scanning, playlist diagnostics, and dashboard floorplan heatmap rendering.
- Added AlienVault OTX threat intelligence support with encrypted settings UI, edge WASM collector integration, provider sync health, imported indicator inventory, source object metadata, manual sync, cursor persistence, OTX export ingestion hardening, NetFlow IOC matching, and retrohunt worker coverage.
- Consolidated NetFlow observability paths so the newer observability tab carries legacy flow-view capabilities forward while reducing duplicate code, keeping device drilldowns aligned, and surfacing threat-intel context in flow review paths.
- Added Coraza/Envoy WAF signal ingestion and normalization through external Zen rules, including WAF finding parsing, OCSF-style security signal promotion, Phoenix longpoll tuning, and safer Envoy access-log handling to reduce token exposure.
- Hardened Zen rule synchronization by discovering rules from NATS KV indexes, avoiding bundled-rule overrides when KV discovery is enabled, retrying reconnect paths, and preserving transformed log context instead of replacing messages with rule names.
- Fixed processed syslog rendering so transformed syslog logs keep useful bodies, service names, host resource attributes, and log detail pages no longer crash when optional resource metadata is empty.
- Improved dashboard and spatial performance by bounding FieldSurvey dashboard work, keeping heavy survey queries off initial dashboard load, and tightening dashboard map/camera interactions.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.25
StableSome checks failedPublish Release Artifacts / publish (push) Waiting to runSecret Scan / gitleaks (push) Successful in 20slint / lint (push) Successful in 1m1sGolang Tests / test-go (push) Successful in 1m9sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 3m23sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m41sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m46sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m33sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m7sImage Security Scan / image-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-23 14:03:59 +00:00 | 2329 commits to staging since this releaseServiceRadar v1.2.25
Agent reenrollment cleanup, automated MTR/IP enrichment hardening, and flow observability fixes needed to keep stale agents from blocking rollouts while making diagnostics and device-level flow drilldowns behave predictably.
Whats New
1.2.25
- Hardened package-managed agent release activation to accept valid runtime-local absolute symlink targets, fixing rollout failures on hosts that had been manually repaired or installed with absolute
currentrelease links. - Marked superseded reenrolled agents unavailable and canceled their non-terminal rollout targets so renamed or replaced agents stop lingering as pending/offline rollout noise in the UI and control plane.
- Fixed automated MTR target selection to prefer device IPs over hostnames when an IP is known, preventing baseline and manual bulk runs from failing solely because an agent host cannot resolve inventory hostnames locally.
- Fixed the IP enrichment stale-job reap path in
coreso the scheduler no longer logs a warning every minute due to an invalidRepo.update_all/3call shape. - Improved flow observability UX by fixing device flow protocol drilldowns, reducing Sankey noise, and tightening flow-detail query handoff so device pages and observability views stay aligned.
- Updated the demo flow collector service defaults to keep external NetFlow/IPFIX traffic pinned to a single collector replica with client IP affinity until shared template state or proper collector sharding is implemented.
- Added AGE graph retry coverage and related graph/query resiliency fixes to reduce transient graph-backed failures in observability paths.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- Hardened package-managed agent release activation to accept valid runtime-local absolute symlink targets, fixing rollout failures on hosts that had been manually repaired or installed with absolute
-
v1.2.24
StableSome checks failedPublish Release Artifacts / publish (push) Waiting to runSecret Scan / gitleaks (push) Successful in 20slint / lint (push) Successful in 1m4sGolang Tests / test-go (push) Successful in 1m3sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m53sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m33sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m28sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 4m0sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m5sImage Security Scan / image-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-23 03:00:56 +00:00 | 2332 commits to staging since this releaseServiceRadar v1.2.24
Managed agent release verification and rollout recovery fixes needed to restore package-managed upgrades for agents that missed the embedded release verification key.
Whats New
1.2.24
- Added an agent-side fallback to read
SERVICERADAR_AGENT_RELEASE_PUBLIC_KEYwhen an older or locally installed binary has no embedded release verification key, allowing package-managed agents with the environment override to verify signed managed releases. - Hardened release and OCI image workflows so the managed agent release public key is derived from the signing secret, stamped into Bazel workspace status, verified in the release-style agent binary, and fails CI instead of silently publishing unstamped artifacts.
- Improved managed rollout recovery when an agent has no active control stream by keeping the target pending with an actionable waiting status and reconciling pending releases when agents reconnect or report status.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- Added an agent-side fallback to read
-
v1.2.23
StableSome checks failedPublish Release Artifacts / publish (push) Waiting to runSecret Scan / gitleaks (push) Successful in 22slint / lint (push) Successful in 46sGolang Tests / test-go (push) Successful in 1m6sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m5sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m9sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m51sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m50sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m4sImage Security Scan / image-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-22 22:41:42 +00:00 | 2335 commits to staging since this releaseServiceRadar v1.2.23
Camera relay stability fixes for Envoy/Gateway API deployments and agent control stream reconnect hardening needed to keep browser streams available after gateway rollouts and edge connection churn.
Whats New
1.2.23
- Kept the active camera relay viewer mounted across device-detail refreshes so periodic camera metadata updates no longer reset WebCodecs playback every minute.
- Added Gateway API streaming timeout policy for camera/WebSocket routes so Envoy does not apply buffered request semantics to long-lived relay streams.
- Hardened agent control streams with gRPC keepalives and supervised reconnects so online agents remain command-capable for camera relay and diagnostics work after transient disconnects.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.22
StableSome checks failedSecret Scan / gitleaks (push) Successful in 22slint / lint (push) Successful in 45sGolang Tests / test-go (push) Successful in 1m2sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m9sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m47sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m28sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m50sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m51sPublish Release Artifacts / publish (push) Successful in 24m21sRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledImage Security Scan / image-security (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-22 03:40:52 +00:00 | 2356 commits to staging since this releaseServiceRadar v1.2.22
Docker Compose diagnostics and telemetry hardening, database workload isolation, and MTR automation fixes needed to keep fresh stacks responsive while running the full default control plane.
Whats New
1.2.22
- Fixed Docker Compose agent enrollment, MTR command dispatch/progress handling, and ICMP capability wiring so fresh compose installs can run diagnostics without empty agent selectors or stuck acknowledged jobs.
- Isolated control-plane database workloads and added runtime pool controls for
core-elx,web-ng, and agent gateway paths so long-running analytics, topology, NetFlow, trace summary, and maintenance work do not starve user-facing requests. - Reduced avoidable database pressure by skipping unchanged NetFlow reference refreshes, lowering heavy maintenance concurrency, adding query timeouts, and making NetFlow enrichment workloads feature-gated for compose environments.
- Made SNMP trap, flow, and BMP collectors opt-in compose profiles instead of default services, while preserving the Kubernetes/demo defaults and documenting how Docker users enable those collectors when needed.
- Hardened OTLP log/trace export and structured log handling so exporter failures and non-binary log messages do not flood compose logs or crash telemetry paths.
- Fixed MTR baseline cadence for bulk jobs by storing JSONB payload/context objects correctly and reading legacy double-encoded rows, preventing profiles configured for 300 seconds from dispatching every scheduler tick.
- Improved device details and analytics runtime behavior by deferring expensive fan-out work and clarifying migration/DB readiness messaging when pools are degraded for reasons other than schema migrations.
Downloads
-
Source code (ZIP)
1 download
-
Source code (TAR.GZ)
1 download
-
v1.2.21
StableSome checks failedSecret Scan / gitleaks (push) Successful in 21sGolang Tests / test-go (push) Successful in 1m4sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m13sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m36sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m24sPublish Release Artifacts / publish (push) Successful in 23m1sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 4m59sImage Security Scan / image-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledRust Tests / test-rust (rust/consumers/zen, cargo) (push) Has been cancelledlint / lint (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-20 15:46:58 +00:00 | 2373 commits to staging since this releaseServiceRadar v1.2.21
Demo high-availability hardening, Armis northbound operator controls, device-details performance work, and the bulk MTR status fix needed to keep diagnostics jobs moving cleanly in production.
Whats New
1.2.21
- Completed the validated demo control-plane HA profile across
core,web-ng,agent-gateway,datasvc,zen, and ingest workers, including JetStream sizing cleanup, durable-consumer turnover fixes, onboarding/runtime certificate fixes, and updated Helm/docs coverage for the published chart overlays. - Added Armis northbound settings and run-status visibility in the integrations UI so operators can configure the target custom property/tag, cadence, enablement, and review recent northbound update runs directly from product settings.
- Optimized the device-details critical path by deferring nonessential work off initial load, reducing serial fan-out, and tightening page startup so heavy device detail views render faster.
- Fixed bulk MTR command status persistence in
coreso progress/result updates from agents reporting string UUID command IDs no longer crash the status handler or leave jobs stuck inACKNOWLEDGED.
Downloads
-
Source code (ZIP)
1 download
-
Source code (TAR.GZ)
1 download
- Completed the validated demo control-plane HA profile across