Changelog

Release notes and version history for KafkaGuard. For the complete changelog with detailed release notes, see GitHub Releases.

Latest Release

KafkaGuard v2.3.0

Release Date: April 2026

Slack / Teams / Webhook Alerting

• --alert-slack-webhook — Fire a Slack Block Kit message after every scan (or when score drops below --alert-threshold)
• --alert-teams-webhook — Fire a Microsoft Teams MessageCard with score, failing controls, and dashboard link
• --alert-webhook — POST the raw AlertPayload JSON to any HTTP endpoint (PagerDuty, Discord, custom)
• --alert-threshold — Only alert when compliance score drops below N% (0 = always alert)
• --dashboard-url — Embed a clickable dashboard link in Slack/Teams alert messages
• Config file support — Persist webhook URLs in .kafkaguard.yaml under the alert: key

Multi-Cluster Trend Dashboard

• /dashboard/trends — Compliance score timeline with Recharts, period selector (7d / 30d / 90d / 1y), regression highlighting in red
• /dashboard/compare — Fleet-grid view: one card per cluster showing current score, delta badge, and inline sparkline
• API — GET /api/v1/trends/:clusterId?period= and GET /api/v1/trends/compare?period= backed by the existing scans table

PDF Report Polish

• Real version — PDF metadata now carries the actual scanner version, not hardcoded 1.0.0
• Severity bar chart — Visual green/red horizontal bars per severity tier (HIGH / MEDIUM / LOW) in the executive summary
• Sign-off page — --sign-off "Name, Title" appends a compliance sign-off page with prepared-by, date, and signature line
• kafkaguard report generate — Regenerate PDF/HTML/JSON/CSV from any stored scan JSON (--input for local file, --scan-id + --api for on-prem API fetch)
• GET /api/v1/scans/:id/raw — Stream the MinIO-stored scan JSON blob over the API (org-scoped, 404 for unknown/cross-org)

---

KafkaGuard v2.1.0

Release Date: April 2026

Kafka 3.9.x / 4.x (KRaft) + Confluent Platform Detection

• KRaft cluster support — Detects and scans Kafka 3.9.x and 4.x clusters running without ZooKeeper (KRaft mode)
• Cluster mode field — cluster_mode: kraft | zookeeper surfaced in all report formats
• ZK controls auto-skip — ZooKeeper-specific controls (KG-040–KG-049) automatically skip on KRaft clusters instead of failing
• 3 new KRaft controls — KG-052 (controller quorum health), KG-053 (ISR checks), KG-054 (quorum voter count)
• Confluent Platform detection — Detects CP deployments, reports CP version and expected Kafka version
• KG-055 — New control: Confluent Platform version consistency check
• Test cluster — Added KRaft test cluster using Confluent Platform 8.3 (Kafka 4.2.x)

---

KafkaGuard v2.0.0

Release Date: April 2026

Enterprise On-Prem Platform

• Air-Gapped Deployment - Full Docker Compose stack (API, Worker, Dashboard, PostgreSQL, MinIO, Redis)
• Next.js 14 Dashboard - Web UI with cluster management, scan results, findings, and admin pages
• Multi-Cluster Management - Monitor multiple Kafka clusters from a single dashboard
• RESTful API (Fastify) - Comprehensive API with OpenAPI/Swagger documentation
• Background Scan Worker - Redis-backed job queue for asynchronous scan processing

Licensing & Security

• Offline License Validation - RSA-signed license keys with offline verification
• Machine Fingerprint Binding - Licenses bound to specific machines
• JWT + API Key Auth - Dual authentication with role-based access control
• Row-Level Security (RLS) - PostgreSQL RLS for multi-tenant data isolation
• Audit Logging - Full compliance trail for all operations

New Policy & Compliance

• Finance ISO Policy - 50 security controls for regulated financial industries
• Policy Tier System - Tiered compliance policies (baseline, standard, finance-iso)
• Remediation Guidance - Actionable fix instructions embedded in findings

Operations & Deployment

• Air-Gapped Installer - Preflight checks, secret generation, and service seeding
• Upgrade Script - Image reload, DB migration, and rolling restart support
• Backup/Restore - Automated backup before upgrades with restore capability
• HTTPS via Nginx - Reverse proxy with TLS certificate setup
• --upload Flag - Push CLI scan results directly to the On-Prem API

---

KafkaGuard v1.0.0

Release Date: November 2025

Core Features

• Comprehensive Security Assessment - Scan entire Kafka clusters for security vulnerabilities
• Multi-Format Reporting - HTML, JSON, PDF, and CSV report formats
• Policy-Driven Analysis - 40+ security controls across multiple compliance frameworks
• Enterprise Ready - Optimized for large-scale Kafka deployments

Security & Compliance

• Cryptographic Signatures - All binaries signed with cosign
• SHA256 Checksums - Integrity verification for all downloads
• SBOM Generation - Software Bill of Materials for supply chain transparency
• Compliance Frameworks - PCI-DSS, SOC2, and ISO 27001 mappings

Technical Highlights

• Multi-Platform Support - Linux (x86_64, ARM64) and macOS (x86_64, ARM64)
• Performance Optimized - Efficient scanning for large clusters (~10 seconds for 3-node cluster)
• Lightweight - Single static binary under 50MB
• Enterprise Authentication - Full support for SASL, TLS, mTLS, and Kerberos

Policy Tiers

• baseline-dev (20 controls) - Development and testing environments
• enterprise-default (40 controls) - Production environments
• finance-iso (50 controls) - Regulated industries

View All Releases

For complete release notes, download links, and detailed changelog, visit:

GitHub Releases

GitHub Releases includes:

• Release Notes - Detailed changelog for each version
• Download Links - Binaries for all platforms
• Checksums - SHA256 checksums for verification
• Signatures - Cryptographic signatures for security
• Breaking Changes - Migration guides for major versions

Release Schedule

KafkaGuard follows semantic versioning (MAJOR.MINOR.PATCH):

• MAJOR - Breaking changes
• MINOR - New features (backward compatible)
• PATCH - Bug fixes and minor improvements

Releases are published on GitHub Releases when ready. Watch the repository to be notified of new releases.

Version History

v1.0.0 (November 2025)

Initial Release

• 40+ production-ready security controls
• 4 report formats (JSON, HTML, PDF, CSV)
• 3 policy tiers (baseline-dev, enterprise-default, finance-iso)
• Enterprise authentication support (SASL, TLS, mTLS, Kerberos)
• PCI-DSS, SOC2, and ISO 27001 compliance mappings
• Multi-platform support (Linux, macOS, Docker)
• CI/CD integration ready

Stay Updated

To stay informed about new releases:

• Check GitHub Releases regularly
• Watch the releases repository for notifications
• Visit this changelog page for release notes

Upgrade Guide

When upgrading KafkaGuard:

1. Check Release Notes - Review breaking changes and new features
2. Backup Configuration - Save your configuration files
3. Download New Version - Get the latest binary from GitHub Releases
4. Verify Installation - Run kafkaguard version to confirm
5. Test in Staging - Test new version in non-production first

For detailed upgrade instructions, see the Installation Guide.

Reporting Issues

Found a bug or have a feature request?

• Contact Support - Report bugs and request features
• Community Support - Ask questions and share ideas

---

Quick Links

• GitHub Releases - Complete changelog and downloads
• Installation Guide - Upgrade instructions
• Community - Join the community
• Support - Get help and support