2025.10 - Required
| Version |  Release Date |
|---|---|
| 2025.10.0 | October 27, 2025 |
System Requirements Update
Ensure your infrastructure meets the latest requirements for optimal performance and security:
| Component | Minimum Version | Recommended Version |
|---|---|---|
| KOTS | 1.117.3 | Latest |
| Kubernetes | 1.28 | 1.32 |
| PostgreSQL | 15 | 16 |
| Redis | 6 | 7 |
| ggscout | 0.19.0 | Latest |
Helm & Upgrade Considerations
To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.
⚠️ Important: This is a required release and cannot be skipped.
Upgrading to 2025.10
Helm installations: This release changes the MinIO image used in the log collector and requires updates to your Helm values file. See Upgrade Helm > Upgrading to 2025.10.
Feature highlights
- Secret Revocation — revoke supported secrets directly from incidents. Learn more
- Context preview for non‑VCS incidents — see surrounding content for leaks in SharePoint, OneDrive, Slack, Confluence. Learn more
- Microsoft Teams attachment scanning — detect secrets in files shared in Teams. Learn more
- ggshield: vault name and path — show secret manager details for vaulted secrets. Learn more
- Unified graph with public leak intelligence — correlate internal and public exposures in one view. Learn more
Secrets Detection Engine
- v2.147 — 2 new detectors, 4 improved, 4 new checkers.
- v2.148 — 21 new detectors, 3 improved, multiple new checkers.
- v2.149 — 4 new detectors, 1 improved, 4 new checkers, 2 analyzer upgrades.
Enhancements
- Pattern exclusion performance. See SaaS release: Sep 23.
- Base64 token decoding, new ignore reasons. See SaaS release: Sep 26.
- Generic Secret Enricher v2, Jira auto-assignment. See SaaS release: Oct 9.
- Incident developer identity. See SaaS release: Oct 17.
- GitLab integration performance, Public API perimeter editing. See SaaS release: Oct 25.
- Playbooks: Updated the Playbooks settings page with a refreshed, modern interface design.
- Self-Hosted:
- All GitGuardian images are now multi-arch. Helm deployments now support ARM64 clusters in addition to AMD64. KOTS and Embedded Cluster installations remain AMD64-only. See system requirements.
- Added support for read-only root filesystem constraint to meet security compliance requirements and enhance container runtime protection.
Fixes
- Google Artifact Registry auth. See SaaS release: Sep 23.
- Weekly summary email dates, Jira DC admin detection, historical scan duplicates. See SaaS release: Oct 9.
- Incident search filters, secret view links. See SaaS release: Oct 17.
- Occurrence commit info, perimeter scan button visibility. See SaaS release: Oct 25.
- Self-Hosted:
- Updated KOTS embedded cluster installation requirements to match documented system requirements.
- Added missing toleration configuration for secretEngine deployment.
- Fixed license verification when using a proxy by adding the
NO_PROXYtoreplicated.extraEnvdefault values.
