2025.6
| Version |  Release Date |
|---|---|
| 2025.6.0 | June 20, 2025 |
System Requirements Update
Ensure your infrastructure meets the latest requirements for optimal performance and security:
| Component | Minimum Version | Recommended Version |
|---|---|---|
| KOTS | 1.117.3 | Latest |
| Kubernetes | 1.28 ⚠️ | 1.32 |
| PostgreSQL | 15 | 16 |
| Redis | 6 | 7 |
| ggscout | 0.16.6 | Latest |
Helm & Upgrade Considerations
To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.
Upgrading to 2025.6 Kubernetes Support
GitGuardian 2025.6 now requires Kubernetes 1.28 as the minimum supported version. However, Kubernetes 1.28 is no longer receiving active or maintenance support from the Kubernetes project (see end-of-life schedule).
We strongly recommend upgrading to Kubernetes 1.32 for optimal security and stability. See our system requirements for more details.
Feature highlights
- Secure API access to secret values — retrieve secret values via API endpoint for automation workflows. Learn more
- Microsoft Teams secret detection — scan Teams messages for hardcoded secrets with real-time and historical scanning. Learn more
- Jira and Confluence Cloud historical scanning — detect secrets leaked in the past across Jira and Confluence Cloud. Learn more
- Container Registries secret detection — detect hardcoded secrets in Azure, Google, JFrog, and DockerHub registries. Learn more
- Self-Hosted: Export GitGuardian logs to Splunk, Loki, Elasticsearch, Kafka, and Datadog for centralized monitoring. Learn more
Secrets Detection Engine
- v2.139 — 1 new detector (GitLab Feature Flags Client Token), 6 improved (AMQP, Confluent, Generic High Entropy, Artifactory, Azure Storage), 1 engine enhancement.
- v2.140 — 12 new detectors (Laravel, GitLab tokens, Kubernetes JWT, Brave Search, Dify, Firecrawl, Ubidots, Vapi, Llama Cloud), 4 improved, 7 new checkers, 2 engine enhancements.
Enhancements
- Teams API endpoint optimization. See SaaS release: Jun 19.
- Self-Hosted:
- Improved ML Secret Engine Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
- Improved Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
- Improved handling of failed index creation migrations to allow safe re-execution of database updates.
- Added capability to specify constraint of only one worker per node in Kubernetes deployments to optimize resource allocation. Learn more about scaling.
Fixes
- Email alerts to inactive members, custom tags pagination, GitLab parent group permissions, secret analyzer validity checking. See SaaS release: Jun 19.
- Self-Hosted:
- Corrected an issue preventing Self-Hosted customers from adding or editing custom severity rule sets.
- Fixed an issue with ACL limitations on GCP and Azure cloud platforms where Redis deployments disable the ACL command, causing pre-deployment checks for the FLUSHDB command to fail. The system now gracefully handles scenarios where ACL commands are unavailable.
