KafkaGuard
Get started
FeaturesDocsEnterprisePricingBlogToolsGet started

Changelog

Release notes and version history for KafkaGuard. For the complete changelog with detailed release notes, see GitHub Releases.

Latest Release

KafkaGuard v2.3.0

Release Date: April 2026

Slack / Teams / Webhook Alerting

  • --alert-slack-webhook — Fire a Slack Block Kit message after every scan (or when score drops below --alert-threshold)
  • --alert-teams-webhook — Fire a Microsoft Teams MessageCard with score, failing controls, and dashboard link
  • --alert-webhook — POST the raw AlertPayload JSON to any HTTP endpoint (PagerDuty, Discord, custom)
  • --alert-threshold — Only alert when compliance score drops below N% (0 = always alert)
  • --dashboard-url — Embed a clickable dashboard link in Slack/Teams alert messages
  • Config file support — Persist webhook URLs in .kafkaguard.yaml under the alert: key

Multi-Cluster Trend Dashboard

  • /dashboard/trends — Compliance score timeline with Recharts, period selector (7d / 30d / 90d / 1y), regression highlighting in red
  • /dashboard/compare — Fleet-grid view: one card per cluster showing current score, delta badge, and inline sparkline
  • APIGET /api/v1/trends/:clusterId?period= and GET /api/v1/trends/compare?period= backed by the existing scans table

PDF Report Polish

  • Real version — PDF metadata now carries the actual scanner version, not hardcoded 1.0.0
  • Severity bar chart — Visual green/red horizontal bars per severity tier (HIGH / MEDIUM / LOW) in the executive summary
  • Sign-off page--sign-off "Name, Title" appends a compliance sign-off page with prepared-by, date, and signature line
  • kafkaguard report generate — Regenerate PDF/HTML/JSON/CSV from any stored scan JSON (--input for local file, --scan-id + --api for on-prem API fetch)
  • GET /api/v1/scans/:id/raw — Stream the MinIO-stored scan JSON blob over the API (org-scoped, 404 for unknown/cross-org)

KafkaGuard v2.1.0

Release Date: April 2026

Kafka 3.9.x / 4.x (KRaft) + Confluent Platform Detection

  • KRaft cluster support — Detects and scans Kafka 3.9.x and 4.x clusters running without ZooKeeper (KRaft mode)
  • Cluster mode fieldcluster_mode: kraft | zookeeper surfaced in all report formats
  • ZK controls auto-skip — ZooKeeper-specific controls (KG-040–KG-049) automatically skip on KRaft clusters instead of failing
  • 3 new KRaft controls — KG-052 (controller quorum health), KG-053 (ISR checks), KG-054 (quorum voter count)
  • Confluent Platform detection — Detects CP deployments, reports CP version and expected Kafka version
  • KG-055 — New control: Confluent Platform version consistency check
  • Test cluster — Added KRaft test cluster using Confluent Platform 8.3 (Kafka 4.2.x)

KafkaGuard v2.0.0

Release Date: April 2026

Enterprise On-Prem Platform

  • Air-Gapped Deployment - Full Docker Compose stack (API, Worker, Dashboard, PostgreSQL, MinIO, Redis)
  • Next.js 14 Dashboard - Web UI with cluster management, scan results, findings, and admin pages
  • Multi-Cluster Management - Monitor multiple Kafka clusters from a single dashboard
  • RESTful API (Fastify) - Comprehensive API with OpenAPI/Swagger documentation
  • Background Scan Worker - Redis-backed job queue for asynchronous scan processing

Licensing & Security

  • Offline License Validation - RSA-signed license keys with offline verification
  • Machine Fingerprint Binding - Licenses bound to specific machines
  • JWT + API Key Auth - Dual authentication with role-based access control
  • Row-Level Security (RLS) - PostgreSQL RLS for multi-tenant data isolation
  • Audit Logging - Full compliance trail for all operations

New Policy & Compliance

  • Finance ISO Policy - 50 security controls for regulated financial industries
  • Policy Tier System - Tiered compliance policies (baseline, standard, finance-iso)
  • Remediation Guidance - Actionable fix instructions embedded in findings

Operations & Deployment

  • Air-Gapped Installer - Preflight checks, secret generation, and service seeding
  • Upgrade Script - Image reload, DB migration, and rolling restart support
  • Backup/Restore - Automated backup before upgrades with restore capability
  • HTTPS via Nginx - Reverse proxy with TLS certificate setup
  • --upload Flag - Push CLI scan results directly to the On-Prem API

KafkaGuard v1.0.0

Release Date: November 2025

Core Features

  • Comprehensive Security Assessment - Scan entire Kafka clusters for security vulnerabilities
  • Multi-Format Reporting - HTML, JSON, PDF, and CSV report formats
  • Policy-Driven Analysis - 40+ security controls across multiple compliance frameworks
  • Enterprise Ready - Optimized for large-scale Kafka deployments

Security & Compliance

  • Cryptographic Signatures - All binaries signed with cosign
  • SHA256 Checksums - Integrity verification for all downloads
  • SBOM Generation - Software Bill of Materials for supply chain transparency
  • Compliance Frameworks - PCI-DSS, SOC2, and ISO 27001 mappings

Technical Highlights

  • Multi-Platform Support - Linux (x86_64, ARM64) and macOS (x86_64, ARM64)
  • Performance Optimized - Efficient scanning for large clusters (~10 seconds for 3-node cluster)
  • Lightweight - Single static binary under 50MB
  • Enterprise Authentication - Full support for SASL, TLS, mTLS, and Kerberos

Policy Tiers

  • baseline-dev (20 controls) - Development and testing environments
  • enterprise-default (40 controls) - Production environments
  • finance-iso (50 controls) - Regulated industries

View All Releases

For complete release notes, download links, and detailed changelog, visit:

GitHub Releases

GitHub Releases includes:

  • Release Notes - Detailed changelog for each version
  • Download Links - Binaries for all platforms
  • Checksums - SHA256 checksums for verification
  • Signatures - Cryptographic signatures for security
  • Breaking Changes - Migration guides for major versions

Release Schedule

KafkaGuard follows semantic versioning (MAJOR.MINOR.PATCH):

  • MAJOR - Breaking changes
  • MINOR - New features (backward compatible)
  • PATCH - Bug fixes and minor improvements

Releases are published on GitHub Releases when ready. Watch the repository to be notified of new releases.

Version History

v1.0.0 (November 2025)

Initial Release

  • 40+ production-ready security controls
  • 4 report formats (JSON, HTML, PDF, CSV)
  • 3 policy tiers (baseline-dev, enterprise-default, finance-iso)
  • Enterprise authentication support (SASL, TLS, mTLS, Kerberos)
  • PCI-DSS, SOC2, and ISO 27001 compliance mappings
  • Multi-platform support (Linux, macOS, Docker)
  • CI/CD integration ready

Stay Updated

To stay informed about new releases:

  • Check GitHub Releases regularly
  • Watch the releases repository for notifications
  • Visit this changelog page for release notes

Upgrade Guide

When upgrading KafkaGuard:

  1. Check Release Notes - Review breaking changes and new features
  2. Backup Configuration - Save your configuration files
  3. Download New Version - Get the latest binary from GitHub Releases
  4. Verify Installation - Run kafkaguard version to confirm
  5. Test in Staging - Test new version in non-production first

For detailed upgrade instructions, see the Installation Guide.

Reporting Issues

Found a bug or have a feature request?