2025.4 - Required
| Version |  Release Date |
|---|---|
| 2025.4.0 | April 25, 2025 |
| 2025.4.1 | April 30, 2025 |
| 2025.4.2 | August 8, 2025 |
System Requirements Update
Ensure your infrastructure meets the latest requirements for optimal performance and security:
| Component | Minimum Version | Recommended Version |
|---|---|---|
| KOTS | 1.117.3 | Latest |
| Kubernetes | 1.25 | 1.31 |
| PostgreSQL | 15 | 16 |
| Redis | 6 | 7 |
| helm | 3.13 | Latest |
| ggscout | 0.16.4 | 0.16.4 is the only supported version |
Helm & Upgrade Considerations
To ensure compatibility, please review Helm values updates from the previous version.
⚠️ Important: This is a required release and cannot be skipped.
Upgrading to 2025.4
Please install the PostgreSQL pgvector extension to enable vector similarity search. This is essential for upcoming features leveraging our internal machine learning engine. Follow the installation instructions to ensure compatibility.
Air gap deployment? We've added new images in this release. Find all image and tag names on the Air Gap Install page.
Feature highlights
- NHI Governance — manage and secure Non-Human Identities with comprehensive observability and lifecycle management. Learn more
- Secrets Analyzer — enrich detected secrets with scope, permission, and ownership details for faster risk assessment. Learn more
- Custom tags — categorize and filter incidents with customized labels for improved remediation workflows. Learn more
- Log collector for Self-Hosted — seamless log collection system with Loki, MinIO, and Fluent Bit for faster troubleshooting. Learn more
Secrets Detection Engine
- v2.134 — 1 new detector (Azure Logic App), 2 improved (LINE Messaging, OpenAI), 1 analyzer enhancement.
- v2.135 — 4 new detectors (Artifactory Reference Token, Artifactory Master Key, Artifactory Basic Auth), 4 improved (Snowflake, IBM Cloud, PlanetScale, Artifactory).
Enhancements
- Jira DC incident filter, custom tags from search, custom webhook payload. See SaaS release: Apr 14.
- Jira configuration layout, navigation improvements, invitations API. See SaaS release: Apr 23.
- Self-Hosted:
- Improved error messages for email configuration setup.
- Enhanced debug capabilities with network diagnostic tools (netcat, openssl) in debug image. Learn more.
- Extended readiness probe timeout on public-api for enhanced stability.
- Added OpenShift restricted-v2 SCC support via
global.compatibility.openshift.adaptSecurityContext. Learn more. - Added default
support-bundleRole and optional ClusterRole creation. - PostgreSQL
pgvectorextension now required by default for upcoming ML features. Learn more. - Improved response times for issue occurrence queries through optimized request routing.
- Standardized health check endpoint routing under main API hostname.
Fixes
- Jira Cloud project key synchronization. See SaaS release: Mar 19.
- GitLab multiple group hook emails, read-only token webhook detection, system hook 403 errors, unnecessary webhook scans, incidents list refresh. See SaaS release: Apr 14.
- GitLab system hook 403 errors. See SaaS release: Apr 23.
- Self-Hosted:
- Updated license expiration notification message for clearer guidance.
- Added Content Security Policy (CSP) headers to HTTP responses for enhanced browser security.
Hotfixes
2025.4.1
Release Date: April 30, 2025
Fixes
- Self-Hosted:
- Support Bundle Role creation disabled by default to accommodate customers with high security requirements (Helm).
2025.4.2
Release Date: August 8, 2025
Fixes
- Self-Hosted:
- Embedded Cluster with Embedded Redis configuration to use
bitnamilegacy/redisregistry following Bitnami's registry changes.
- Embedded Cluster with Embedded Redis configuration to use
