2025.12
| Version |  Release Date |
|---|---|
| 2025.12.0 | December 15, 2025 |
System Requirements Update
Ensure your infrastructure meets the latest requirements for optimal performance and security:
| Component | Minimum Version | Recommended Version |
|---|---|---|
| KOTS | 1.117.3 | Latest |
| Kubernetes | 1.28 | 1.33 |
| PostgreSQL | 15 | 17 |
| Redis | 6 | 7 |
| ggscout | 0.19.0 | Latest |
Helm & Upgrade Considerations
To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.
Feature highlights
- Advanced Analytics for Internal Monitoring — track the detection, remediation and prevention of secret leaks with actionable dashboards. Learn more.
This feature is disabled by default and requires additional resources (12 GB memory). Analytics are computed once a day, so data may take up to 24 hours to appear after activation. To enable: set
inAppAnalytics.enabled: truein Helm values, or enable "In-App Analytics" in the KOTS Admin Console. - SCIM team provisioning — automate team creation and sync from Okta and Microsoft Entra ID. Learn more
- Enhanced Slack notifications — complete incident lifecycle coverage for internal monitoring and honeytoken alerting. Learn more.
- CyberArk Secrets Manager Self Hosted integration — discover and enumerate non-human identities stored in your self-hosted CyberArk (Conjur) vault. Learn more.
Secrets Detection Engine
- v2.151 — 13 new detectors (Hume AI, Azure AI Face, Neon, E2B, MailerSend, Scraper API, AIProxy, Cloudsmith, AWS Bedrock, Harness, Grafbase, AssemblyAI), 8 improved (Generic Password, Pinecone, Keycloak, Discord, Kubernetes JWT, Tableau, Sendinblue), 3 analyzer upgrades.
- v2.152 — 1 new detector (Google Cloud Access Token), 3 improved (Hashicorp Vault Token, PagerDuty, Google Cloud Access Token), 2 analyzer upgrades.
Enhancements
- New "Valid" saved view for incidents, API filtering by triggered date, GitLab validation and health checks, Docker Hub organization namespaces, Custom Monitored Perimeter improvements, GitLab empty namespaces hidden by default. Learn more.
- Self-Hosted:
- Added multiple hostname support via
extra_hostnamesparameter, enabling access through additional domain names. Learn more. - Added global
podDisruptionBudget.enabledparameter to disable automatic PDB creation for restricted Kubernetes environments that prohibit PodDisruptionBudget resources. Learn more. - Added official support for Helm v4.
- Added IPv6 support via
network.ipFamilyparameter for Service resources. Learn more.
- Added multiple hostname support via
Fixes
- Jira Data Center historical scans for large projects, incident details "First detected" date display, Slack notifications user association, Health Check error differentiation. Learn more.
- Bulk action filters, Jira ticketing issues, Perimeter scan behavior, GitLab namespace display and search, Container Registry URLs and caching. Learn more.
- Self-Hosted: Resolved NHI Governance access for manager roles.
