-
v1.2.35
StableAll checks were successfulSecret Scan / gitleaks (push) Successful in 45slint / lint (push) Successful in 1m14sGolang Tests / test-go (push) Successful in 1m12sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m29sRust Tests / test-rust (rust/trapd, cargo) (push) Successful in 3m50sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m33sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 5m28sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 5m27sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m37sImage Security Scan / image-security (push) Successful in 28m59sSource Security Scan / source-security (push) Successful in 29m1sPublish Release Artifacts / publish (push) Successful in 29m30s
Ghost
released this
2026-05-08 17:40:38 +00:00 | 1182 commits to staging since this releaseServiceRadar v1.2.35
Agent control-plane stabilization and demo cleanup release for managed agent rollouts and Proxmox validation.
Whats New
1.2.35
- Fixed agent enrollment through the agent-gateway by auto-registering the gateway record before linking incoming agent hellos, avoiding
gateway_idforeign-key failures that surfaced ascore unavailable. - Tightened active-agent selection so settings, credential-rule scope selectors, plugin assignment views, and connected-agent reads only show recently healthy connected agents instead of stale historical rows.
- Added automatic stale-agent pruning coverage so old connected, degraded, disconnected, connecting, and unavailable agents are retired from active operations while preserving historical audit and rollout references.
- Hardened agent reassignment during gateway sync so mapper jobs and sweep groups are moved with normal Ash updates instead of brittle bulk updates.
- Verified the demo namespace on the new agent cleanup path and reduced active connected agents from stale test inventory back to the three live agents.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- Fixed agent enrollment through the agent-gateway by auto-registering the gateway record before linking incoming agent hellos, avoiding
-
v1.2.34
StableAll checks were successfulSecret Scan / gitleaks (push) Successful in 45sGolang Tests / test-go (push) Successful in 1m24slint / lint (push) Successful in 2m0sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m48sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m21sRust Tests / test-rust (rust/trapd, cargo) (push) Successful in 3m48sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 4m45sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 4m55sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 6m19sSource Security Scan / source-security (push) Successful in 28m9sImage Security Scan / image-security (push) Successful in 28m13sPublish Release Artifacts / publish (push) Successful in 28m51s
Ghost
released this
2026-05-08 01:36:37 +00:00 | 1190 commits to staging since this releaseServiceRadar v1.2.34
Proxmox virtualization, network-wide credential rules, console access, MTR diagnostics, and stability fixes for datasource-backed event ingestion and edge configuration sync.
Whats New
1.2.34
- Added the Proxmox WASM plugin, policy input plumbing, live smoke-test paths, mapper fingerprinting for PVE candidates, and SRQL virtualization queries so discovered Proxmox hosts can enrich inventory without per-plugin target configuration.
- Added virtualization inventory schema and ingestion for clusters, hosts, guests, datastores, storage systems, host disks, network interfaces, and Proxmox enrichment payloads, with device-detail and dashboard surfaces for virtualization state and efficiency.
- Added network-wide credential rule resources, encrypted credential secrets, SSH private-key credential support, target-scope preview, credential redaction, Proxmox presets, broker grants, assignment materialization, and settings UI coverage.
- Added Proxmox console access across web-ng, core, agent-gateway, and agent, including xterm React integration, session tickets, ERTS-routed stream brokering, agent-local credential handling, SSH PTY bridging, stream timeouts, RBAC gates, and unsupported guest-mode handling.
- Added MTR diagnostics improvements, including time-window comparisons, yesterday/full-day drilldowns, persisted profile settings, and clearer comparison baseline behavior.
- Added metric baseline alert evaluation and device-scoped log views so operators can promote sustained metric anomalies and inspect logs from device details.
- Fixed Falco alert ingestion and the supervised datasvc client so core holds a long-lived Gun-backed gRPC channel instead of repeatedly dropping and reconnecting to datasvc.
- Fixed agent config sync and Armis authentication handling, plus release artifact mirroring and release page behavior needed for managed agent releases.
- Polished dashboard navigation, theme behavior, and virtualization dashboard panels.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.33
StableAll checks were successfulSecret Scan / gitleaks (push) Successful in 26sSource Security Scan / source-security (push) Successful in 46sGolang Tests / test-go (push) Successful in 1m3slint / lint (push) Successful in 1m45sImage Security Scan / image-security (push) Successful in 2m38sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m18sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m42sRust Tests / test-rust (rust/trapd, cargo) (push) Successful in 3m45sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 4m22sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 5m12sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 6m38sPublish Release Artifacts / publish (push) Successful in 12m44s
Ghost
released this
2026-05-06 17:32:50 +00:00 | 1296 commits to staging since this releaseServiceRadar v1.2.33
Dependency security refresh for Rust, Go, and dashboard JavaScript packages, including the rperf migration needed to clear stale crate alerts.
Whats New
1.2.33
- Updated vulnerable Rust dependencies across the workspace, including OpenSSL, Diesel, rustls-webpki, rand, async-nats, and SPIFFE-related integrations.
- Patched the reqsign Google and Azure Storage crates locally to move Zen transitive authentication dependencies onto the fixed jsonwebtoken stack until upstream publishes compatible releases.
- Reworked rperf packaging so ServiceRadar builds and ships a patched local rperf binary instead of depending on the stale crates.io rperf package and its vulnerable dependency graph.
- Updated Go dependencies and moved the Go/Bazel toolchain target to Go 1.26.2, including the pgx security update.
- Updated dashboard and documentation npm lockfiles and overrides for Dependabot-reported packages such as postcss, fast-xml-parser, and uuid.
- Fixed core coordinator advisory-lock error handling so failed lock attempts stop their dedicated Postgrex pool instead of leaking idle connections until Postgres refuses new clients.
- Fixed the web-ng FieldSurvey ADBC database URI builder so pooler-backed
verify-fulldeployments keep routing through the configured CNPG pooler while still verifying the cluster CA. - Fixed Bazel crate metadata for patched reqsign crates and the updated OpenSSL source crate so release image publishing can analyze the full
//:pushgraph in CI. - Fixed Bazel provider dependencies for the patched reqsign Azure and Google crates so release image builds can compile Zen's reqsign-enabled dependency graph.
- Updated the pinned TinyGo toolchain to 0.41.1 so first-party Wasm plugin publishing remains compatible with the Go 1.26 release toolchain.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.32
StableSome checks failedSecret Scan / gitleaks (push) Successful in 22sImage Security Scan / image-security (push) Failing after 1m5sGolang Tests / test-go (push) Successful in 2m23slint / lint (push) Successful in 2m30sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 4m17sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m38sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 4m21sRust Tests / test-rust (rust/trapd, cargo) (push) Successful in 3m42sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 5m14sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 6m30sSource Security Scan / source-security (push) Successful in 13m26sPublish Release Artifacts / publish (push) Successful in 14m10s
Ghost
released this
2026-05-05 18:42:09 +00:00 | 1334 commits to staging since this releaseServiceRadar v1.2.32
Release pipeline hotfix for v1.2.31 that keeps the Helm HA release payload intact while fixing CI-only publication and fixture reachability failures.
Whats New
1.2.32
- Fixed the release workflow ORAS installation path and Wasm plugin import-index generator so published Wasm plugin artifacts can be indexed and attached to Forgejo releases.
- Hardened Rust CI so SRQL fixture-backed tests fall back to non-fixture coverage when configured fixture secrets point at a service that is unreachable from the runner.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.28
StableSome checks failedImage Security Scan / image-security (push) Successful in 38sSource Security Scan / source-security (push) Failing after 49sGolang Tests / test-go (push) Successful in 1m15slint / lint (push) Failing after 1m32sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Failing after 7m19sRust Tests / test-rust (rust/trapd, cargo) (push) Failing after 7m6sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 8m19sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 7m55sRust Tests / test-rust (rust/srql, cargo) (push) Failing after 8m22sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Failing after 9m59sPublish Release Artifacts / publish (push) Successful in 17m58s
Ghost
released this
2026-05-04 20:08:43 +00:00 | 1378 commits to staging since this releaseServiceRadar v1.2.28
CNPG PostgreSQL 18.3 image refresh for the pgcrypto CVE fix, with pinned image inputs and Debian bookworm extension packages to keep Kubernetes rollouts ABI-compatible.
Whats New
1.2.28
- Upgraded the custom ServiceRadar CNPG image to PostgreSQL 18.3 and pinned the CloudNativePG upstream base by digest so rebuilds cannot silently resolve to older PostgreSQL 18 prerelease images.
- Switched the CNPG TimescaleDB and AGE layers to pinned Debian bookworm PostgreSQL 18 packages, avoiding remote-executor glibc leakage in extension shared libraries.
- Updated Helm, demo, srql-fixtures, Docker Compose migration, and RBE references to the signed
serviceradar-cnpg:18.3.0-sr5digest.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.26
StableSome checks failedSecret Scan / gitleaks (push) Successful in 48sGolang Tests / test-go (push) Successful in 55sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 3m9sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m47sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m29sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m19sPublish Release Artifacts / publish (push) Successful in 36m16sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Has been cancelledImage Security Scan / image-security (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledlint / lint (push) Has been cancelled
Ghost
released this
2026-04-30 00:52:43 +00:00 | 1440 commits to staging since this releaseServiceRadar v1.2.26
FieldSurvey Sidekick, AlienVault OTX threat intelligence, WAF signal ingestion, and observability UI updates that make field surveys, NetFlow review, and security log enrichment usable in demo and staging environments.
Whats New
1.2.26
- Added the FieldSurvey Sidekick pipeline across iOS, web-ng, and core ingest, including WebSocket auth, Arrow IPC ingestion, RoomPlan/floorplan/point-cloud artifact storage, spatial review views, persisted coverage rasters, AP placement confidence, adaptive RF scanning, playlist diagnostics, and dashboard floorplan heatmap rendering.
- Added AlienVault OTX threat intelligence support with encrypted settings UI, edge WASM collector integration, provider sync health, imported indicator inventory, source object metadata, manual sync, cursor persistence, OTX export ingestion hardening, NetFlow IOC matching, and retrohunt worker coverage.
- Consolidated NetFlow observability paths so the newer observability tab carries legacy flow-view capabilities forward while reducing duplicate code, keeping device drilldowns aligned, and surfacing threat-intel context in flow review paths.
- Added Coraza/Envoy WAF signal ingestion and normalization through external Zen rules, including WAF finding parsing, OCSF-style security signal promotion, Phoenix longpoll tuning, and safer Envoy access-log handling to reduce token exposure.
- Hardened Zen rule synchronization by discovering rules from NATS KV indexes, avoiding bundled-rule overrides when KV discovery is enabled, retrying reconnect paths, and preserving transformed log context instead of replacing messages with rule names.
- Fixed processed syslog rendering so transformed syslog logs keep useful bodies, service names, host resource attributes, and log detail pages no longer crash when optional resource metadata is empty.
- Improved dashboard and spatial performance by bounding FieldSurvey dashboard work, keeping heavy survey queries off initial dashboard load, and tightening dashboard map/camera interactions.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.25
StableSome checks failedPublish Release Artifacts / publish (push) Waiting to runSecret Scan / gitleaks (push) Successful in 20slint / lint (push) Successful in 1m1sGolang Tests / test-go (push) Successful in 1m9sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 3m23sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m41sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m46sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m33sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m7sImage Security Scan / image-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-23 14:03:59 +00:00 | 1647 commits to staging since this releaseServiceRadar v1.2.25
Agent reenrollment cleanup, automated MTR/IP enrichment hardening, and flow observability fixes needed to keep stale agents from blocking rollouts while making diagnostics and device-level flow drilldowns behave predictably.
Whats New
1.2.25
- Hardened package-managed agent release activation to accept valid runtime-local absolute symlink targets, fixing rollout failures on hosts that had been manually repaired or installed with absolute
currentrelease links. - Marked superseded reenrolled agents unavailable and canceled their non-terminal rollout targets so renamed or replaced agents stop lingering as pending/offline rollout noise in the UI and control plane.
- Fixed automated MTR target selection to prefer device IPs over hostnames when an IP is known, preventing baseline and manual bulk runs from failing solely because an agent host cannot resolve inventory hostnames locally.
- Fixed the IP enrichment stale-job reap path in
coreso the scheduler no longer logs a warning every minute due to an invalidRepo.update_all/3call shape. - Improved flow observability UX by fixing device flow protocol drilldowns, reducing Sankey noise, and tightening flow-detail query handoff so device pages and observability views stay aligned.
- Updated the demo flow collector service defaults to keep external NetFlow/IPFIX traffic pinned to a single collector replica with client IP affinity until shared template state or proper collector sharding is implemented.
- Added AGE graph retry coverage and related graph/query resiliency fixes to reduce transient graph-backed failures in observability paths.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- Hardened package-managed agent release activation to accept valid runtime-local absolute symlink targets, fixing rollout failures on hosts that had been manually repaired or installed with absolute
-
v1.2.24
StableSome checks failedPublish Release Artifacts / publish (push) Waiting to runSecret Scan / gitleaks (push) Successful in 20slint / lint (push) Successful in 1m4sGolang Tests / test-go (push) Successful in 1m3sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m53sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m33sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m28sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 4m0sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m5sImage Security Scan / image-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-23 03:00:56 +00:00 | 1650 commits to staging since this releaseServiceRadar v1.2.24
Managed agent release verification and rollout recovery fixes needed to restore package-managed upgrades for agents that missed the embedded release verification key.
Whats New
1.2.24
- Added an agent-side fallback to read
SERVICERADAR_AGENT_RELEASE_PUBLIC_KEYwhen an older or locally installed binary has no embedded release verification key, allowing package-managed agents with the environment override to verify signed managed releases. - Hardened release and OCI image workflows so the managed agent release public key is derived from the signing secret, stamped into Bazel workspace status, verified in the release-style agent binary, and fails CI instead of silently publishing unstamped artifacts.
- Improved managed rollout recovery when an agent has no active control stream by keeping the target pending with an actionable waiting status and reconciling pending releases when agents reconnect or report status.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- Added an agent-side fallback to read
-
v1.2.23
StableSome checks failedPublish Release Artifacts / publish (push) Waiting to runSecret Scan / gitleaks (push) Successful in 22slint / lint (push) Successful in 46sGolang Tests / test-go (push) Successful in 1m6sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m5sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m9sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m51sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m50sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m4sImage Security Scan / image-security (push) Has been cancelledRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-22 22:41:42 +00:00 | 1653 commits to staging since this releaseServiceRadar v1.2.23
Camera relay stability fixes for Envoy/Gateway API deployments and agent control stream reconnect hardening needed to keep browser streams available after gateway rollouts and edge connection churn.
Whats New
1.2.23
- Kept the active camera relay viewer mounted across device-detail refreshes so periodic camera metadata updates no longer reset WebCodecs playback every minute.
- Added Gateway API streaming timeout policy for camera/WebSocket routes so Envoy does not apply buffered request semantics to long-lived relay streams.
- Hardened agent control streams with gRPC keepalives and supervised reconnects so online agents remain command-capable for camera relay and diagnostics work after transient disconnects.
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.22
StableSome checks failedSecret Scan / gitleaks (push) Successful in 22slint / lint (push) Successful in 45sGolang Tests / test-go (push) Successful in 1m2sRust Tests / test-rust (//rust/rperf-server:rperf, rust/rperf-server, bazel) (push) Successful in 4m9sRust Tests / test-rust (rust/consumers/zen, cargo) (push) Successful in 3m47sRust Tests / test-rust (rust/rperf-client, cargo) (push) Successful in 3m28sRust Tests / test-rust (rust/log-collector, cargo) (push) Successful in 3m50sRust Tests / test-rust (rust/srql, cargo) (push) Successful in 5m51sPublish Release Artifacts / publish (push) Successful in 24m21sRust Tests / test-rust (rust/trapd, cargo) (push) Has been cancelledImage Security Scan / image-security (push) Has been cancelledSource Security Scan / source-security (push) Has been cancelled
Ghost
released this
2026-04-22 03:40:52 +00:00 | 1674 commits to staging since this releaseServiceRadar v1.2.22
Docker Compose diagnostics and telemetry hardening, database workload isolation, and MTR automation fixes needed to keep fresh stacks responsive while running the full default control plane.
Whats New
1.2.22
- Fixed Docker Compose agent enrollment, MTR command dispatch/progress handling, and ICMP capability wiring so fresh compose installs can run diagnostics without empty agent selectors or stuck acknowledged jobs.
- Isolated control-plane database workloads and added runtime pool controls for
core-elx,web-ng, and agent gateway paths so long-running analytics, topology, NetFlow, trace summary, and maintenance work do not starve user-facing requests. - Reduced avoidable database pressure by skipping unchanged NetFlow reference refreshes, lowering heavy maintenance concurrency, adding query timeouts, and making NetFlow enrichment workloads feature-gated for compose environments.
- Made SNMP trap, flow, and BMP collectors opt-in compose profiles instead of default services, while preserving the Kubernetes/demo defaults and documenting how Docker users enable those collectors when needed.
- Hardened OTLP log/trace export and structured log handling so exporter failures and non-binary log messages do not flood compose logs or crash telemetry paths.
- Fixed MTR baseline cadence for bulk jobs by storing JSONB payload/context objects correctly and reading legacy double-encoded rows, preventing profiles configured for 300 seconds from dispatching every scheduler tick.
- Improved device details and analytics runtime behavior by deferring expensive fan-out work and clarifying migration/DB readiness messaging when pools are degraded for reasons other than schema migrations.
Downloads
-
Source code (ZIP)
1 download
-
Source code (TAR.GZ)
1 download