v0.8.5

Security

• Cross-org isolation fix in SIEM: linkDetectionEventsToIncident now scopes detection events to the requesting organization, preventing cross-tenant data corruption via crafted API calls
• Cross-org auth bypass in pattern routes: PUT and DELETE handlers for correlation patterns now verify organization membership before mutating data (same check GET/POST already had)
• SSRF protection for legacy webhook path: the alert-notification job's direct fetch() call now validates URLs against private/internal IP ranges, matching the WebhookProvider safeguard
• Disabled user login blocked: POST /login now checks the disabled flag before creating a session, preventing disabled accounts from obtaining tokens
• Expired invitation info leak: getInvitationByToken now filters on expires_at > NOW(), preventing enumeration of expired invitation details

Fixed

• SIEM dashboard timeline crash: time_bucket() call was missing ::interval cast on the parameterized bucket width, causing a PostgreSQL type error that broke the timeline widget for all users
• SSE real-time events broken: SIEM store and incident detail page read auth token from localStorage('session_token') (wrong key), so the SSE connection never authenticated; now uses getAuthToken() from the shared auth utility
• SSE log stream duplicate emission: when multiple logs shared the same timestamp, the inclusive from bound caused them to be re-sent on every poll tick; stream now tracks sent log IDs to deduplicate
• Incident severity auto-grouping wrong: MAX(severity) used PostgreSQL alphabetical ordering (medium > critical), producing incorrect severity on auto-grouped incidents; now uses ordinal ranking
• Sigma notification failures silent: notification job payload was missing organization_id and project_id, and markAsNotified was called with null historyId; both now handled correctly
• Incidents pagination total always zero: loadIncidents in the SIEM store never wrote response.total to incidentsTotal
• Memory leaks on navigation: 20+ Svelte components called authStore.subscribe() without cleanup; all now store the unsubscribe function and call it in onDestroy
• offset=0 silently dropped: API client functions used if (filters.offset) which is falsy for zero, so page-1 requests never sent the offset parameter; changed to if (filters.offset != null)
• Search debounce timer leak: searchDebounceTimer was not cleared in onDestroy, causing post-unmount API calls when navigating away mid-search
• verifyProjectAccess double call: when projectId is an array, the first element was verified twice (once before the loop, once inside it); consolidated into a single loop
• updateIncident silent field skip: title, severity, and status used truthy checks (&&) instead of !== undefined, inconsistent with description and assigneeId
• Webhook error messages empty: response.statusText is empty for HTTP/2; error now reads the response body for useful detail
• Retention job crash on empty orgs: Math.max(...[]) returns -Infinity, cascading to an Invalid Date in the drop_chunks call; early return added when no organizations exist
• escapeHtml DOM leak: PDF export's escapeHtml created orphaned DOM nodes in the parent document; replaced with pure string replacement
• Webhook headers validation missing: CreateChannelDialog silently swallowed invalid JSON in the custom headers field; now validates on submit
• getIncidentDetections no org scope: query now accepts optional organizationId for defense-in-depth filtering
• Stale shared package types: dist contained outdated Project and Incident interfaces with phantom fields (slug, statusPageVisibility, source, monitorId); rebuilt from source

Changed

• Docker config sync: docker-compose.build.yml now matches docker-compose.yml with all environment variables (MongoDB, TRUST_PROXY, FRONTEND_URL, INTERNAL_DSN, DOCKER_CONTAINER), MongoDB service, and fluent-bit-metrics service
• NODE_ENV for backend: production docker-compose.yml now sets NODE_ENV: production on the backend service (worker and frontend already had it)
• docker/.env.example: added STORAGE_ENGINE, ClickHouse, and MongoDB configuration sections

Dependencies

• picomatch 4.0.3 → 4.0.4 (fix ReDoS via extglob quantifiers + POSIX character class method injection)
• brace-expansion 5.0.2 → 5.0.5 (fix zero-step sequence DoS)
• fast-xml-parser 5.5.6 → 5.5.9 (fix entity expansion limits bypass)
• fastify bumped via dependabot
• kysely bumped via dependabot

Full Changelog: v0.8.4...v0.8.5

v0.9.0-beta.1

⚠️ UNSTABLE RELEASE

What's Changed

• chore(deps): bump kysely from 0.28.11 to 0.28.12 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #175
• chore(deps): bump kysely from 0.28.12 to 0.28.14 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #176
• Add log pipelines feature with CRUD, API, and frontend support by @Polliog in #177
• Implement service health monitoring and public status pages by @Polliog in #179

Full Changelog: v0.8.4...v0.9.0-beta.1

v0.8.4

Added

• Skeleton loaders and loading overlays: all dashboard pages now show content-shaped loading states instead of blank spinners
  • New Skeleton, SkeletonTable, and TableLoadingOverlay components (src/lib/components/ui/skeleton/)
  • Directional shimmer animation via @keyframes shimmer using design tokens — works in light and dark mode, disabled for prefers-reduced-motion
  • Initial load (no data yet): animated skeleton rows mirroring the page layout — stat cards on /dashboard, project cards on /dashboard/projects, table rows on search, traces, errors, admin tables, incidents, alerts history, and members
  • Re-fetch (filter change, pagination): existing content dims with a translucent overlay and centered spinner, preventing layout shift and context loss
  • Pages updated: /dashboard, /dashboard/search, /dashboard/projects, /dashboard/alerts, /dashboard/errors, /dashboard/traces, /dashboard/security, /dashboard/security/incidents, /dashboard/admin/organizations, /dashboard/admin/users, /dashboard/admin/projects, /dashboard/settings/members
  • Automated Helm chart releases: every stable Docker image release now triggers a repository_dispatch to logtide-dev/logtide-helm-chart, which auto-bumps appVersion and chart version (patch), commits, and publishes a new chart release to the Helm repo on GitHub Pages

Fixed

• API 400 responses now include a details array with field-level validation errors instead of just a generic message. Covers both Fastify/AJV schema validation and Zod validation errors (including uncaught ZodError that previously returned 500)
• Admin pages returned 502 Bad Gateway on direct load/reload: the admin layout (+layout@.svelte) breaks out of the dashboard layout chain, so ssr = false was not inherited; added a dedicated +layout.ts to the admin section
• /dashboard/admin/projects/[id] crashed with "Something went wrong" due to formatDate being called but not defined (function was named formatTimestamp)
• POST /api/v1/logs/identifiers/batch slow: the route was calling reservoir.getByIds (hitting ClickHouse/TimescaleDB/MongoDB) only to verify project access, then querying log_identifiers (PostgreSQL) separately. Since log_identifiers already stores log_id → project_id + identifier data, the storage engine call is now bypassed entirely — one PostgreSQL query replaces the N×storage-engine-roundtrips loop. Added bloom filter skip index on id in ClickHouse and a standalone id index in TimescaleDB (migration 032) for getByIds used by findCorrelatedLogs
• GET /api/v1/logs/hostnames taking 8+ seconds: the 6h window cap was only applied when from was absent — explicit from params (e.g. 24h range from the search page) bypassed it and triggered a full-range metadata scan; cap now clamps any window to 6h max. Added limit: 500 to the distinct call. Per-engine optimizations: ClickHouse adds a hostname materialized column (computed at ingest, eliminates JSONExtractString at query time) and uses it directly in distinct queries; TimescaleDB adds a composite expression index (project_id, (metadata->>'hostname'), time) (migration 032); MongoDB adds a sparse compound index on metadata.hostname. All three engines also now extract the metadata field in a subquery (once per row vs 3×)

Full Changelog: v0.8.3...v0.8.4

v0.8.3

Added

• Comprehensive Audit Logging: major expansion of the audit trail system to cover all critical platform actions for improved compliance (GDPR/SOC2) and security monitoring.
  • Log Access Auditing: every log search, trace view, context lookup, single log detail view, and live stream connection is now recorded with user identity, IP address, and query parameters.
  • External Authentication Auditing: successful logins via OIDC and LDAP providers are now tracked, including new user registration events.
  • Identity Management Auditing: linking and unlinking of external identities (Google, GitHub, LDAP, etc.) to user accounts is now recorded.
  • Authentication Provider Auditing: all administrative actions on auth providers (create, update, delete, reorder) are now fully audited with configuration change summaries.
  • System Settings Auditing: any changes to global platform settings (auth mode, signup status, default users) are now tracked with before/after metadata.
  • Session Auditing: viewing of active session lists and individual session event timelines is now recorded.
  • Audit metadata now includes detailed context like search queries (q), filter parameters, and updated keys for configuration changes.
• OIDC login page now shows brand icons for well-known providers (Google, Microsoft/Azure, GitHub, GitLab, Okta, Auth0, Keycloak, Authentik); unknown providers fall back to the generic icon
• Backend auto-detects the provider icon from the issuer URL when creating or updating an OIDC provider, with name/slug matching as fallback for self-hosted setups

Fixed

• Date and number formatting localization: removed hardcoded locales (it-IT, en-US) from the frontend (SIEM, Search, Admin, etc.) to ensure the application automatically respects the user's browser/system language settings.
• GET /api/v1/projects/data-availability returned logs: [] (and incorrect traces/metrics) when STORAGE_ENGINE=clickhouse or mongodb; the endpoint now routes all three checks through the reservoir so they hit the correct backend

v0.8.2

Fixed

• Admin pagination: limit is now capped at 200, preventing oversized result set allocation
• NDJSON ingestion: lines exceeding 1MB are now rejected with HTTP 400
• Log metadata: api_key_id no longer stored in log metadata (information disclosure)

Added

• SigmaHQ rules now auto-sync daily at 2:30 AM for organizations with existing community rules
• Log detail panel: "View Trace →" link navigates directly to the trace timeline when a trace_id is present
• Audit log entries for alert rule create, update, and delete operations

Full Changelog: v0.8.1...v0.8.2

v0.8.1

⚠️ All existing API Keys have been invalidated - regenerate your keys

Added

• Project visibility in Exceptions: The /dashboard/errors list and the individual error group detail pages now explicitly display the name of the project that generated the error.
• API Key visibility in Exception logs: The recent logs tab within an error group detail page now displays the specific API Key name used to ingest the log. Ingestion now injects the api_key_id into log metadata.

Fixed

• Project data-availability ignoring storage engine: GET /api/v1/projects/data-availability was always querying the PostgreSQL logs table via Kysely, returning logs: [] when STORAGE_ENGINE was set to clickhouse or mongodb. The logs check now uses reservoir.distinct() which routes to the correct storage backend.
• Search page showing no projects when logs is empty array: the project filter guard logsProjectIds ? was truthy for [], filtering out all projects. Changed to logsProjectIds?.length so an empty array correctly falls back to showing all projects.

v0.8.0

🚀 LogTide v0.8.0: Frontend Observability & MongoDB Support

This release is a massive milestone for LogTide, frontend observability, a brand new MongoDB storage engine, and a completely overhauled metrics experience with lightning-fast rollups.

🌐 Browser & Frontend Observability

Monitor your frontend applications with the same precision as your backend.

• New @logtide/browser SDK: Dedicated SDK with session tracking, Core Web Vitals (LCP, INP, CLS), and offline resilience.
• Rich Breadcrumbs: Automatic tracking of clicks (with data-testid support) and network requests (Fetch/XHR) with built-in PII stripping.
• Source Maps Support: Use the new logtide sourcemaps upload command in the CLI to see original source code in stack frames instead of minified junk.
• Framework First: Specialized support for Next.js (RSC errors), Nuxt (Pinia), SvelteKit, and Angular.

📊 Metrics Dashboard & Smart Rollups

The metrics experience has been redesigned for speed and depth.

• New Metrics Dashboard: Features an Overview tab with ECharts sparklines and an Explorer tab for granular analysis.
• Pre-aggregated Rollups: TimescaleDB and ClickHouse now use continuous aggregates and materialized views to make dashboard queries instant even on billions of data points.
• Golden Signals: Monitor P50/P95/P99 latency, error rates, and throughput percentiles across all storage engines.

🍃 MongoDB Storage Engine

LogTide is now even more flexible. The @logtide/reservoir package officially supports MongoDB 7.0+ as a storage backend.

• Full implementation for logs, spans, traces, and metrics.
• Support for MongoDB time-series collections and native aggregation pipelines.
• Ideal for teams preferring a document-based stack over SQL or ClickHouse.

✨ Other Enhancements

• Smart Project Selectors: Dropdowns now intelligently filter to show only projects that have data for the specific category (Logs, Traces, or Metrics).
• DSN Copy: Quickly copy the DSN connection string directly from the API Key creation dialog.
• Custom Time Ranges: Improved support for custom ranges synced with URL parameters for easy sharing.

---

🛠️ Detailed Changelog

🚀 Added

• Browser SDK Enhancements (#156): Session tracking, Web Vitals, Click/Network breadcrumbs, and Offline buffering.
• Metrics Dashboard & Rollups (#150): Overview panel with sparklines and intelligent query routing to pre-aggregated rollups.
• MongoDB Storage Adapter (#157): Full MongoDB backend support for the reservoir storage abstraction.
• Golden Signals: P50/P95/P99 percentile aggregation across all storage engines.
• Source Maps: Backend un-minification service and CLI upload support.
• Reservoir Benchmark Suite: k6-based framework to compare performance between TimescaleDB, ClickHouse, and MongoDB.

⚡ Optimized

• TimescaleDB Skip-Scan: Implemented Recursive CTEs for DISTINCT queries, making service/level filters instant on high-cardinality datasets.
• Intelligent Volume Estimation: Dashboard now uses countEstimate for ultra-fast load times on massive projects.
• Batch Ingestion: Optimized write throughput using insertMany with unordered batches.
• Project Capabilities Detection: Instant dashboard loading via optimized 24h scanning for Web Vitals and Sessions.

🐛 Fixed

• Internal Logging: Fixed a bug where INTERNAL_DSN was not correctly passed to the self-monitoring plugin.
• Docker Configs: Corrected environment variables and healthchecks for worker and frontend services.
• Admin Charts: Fixed timeline gaps in the Platform Activity chart caused by bucket key mismatches.
• Live Tail: Improved client-side search filtering for incoming logs via WebSocket.

---

🔒 Security

• Validated redirect URLs and sanitized release paths.
• Security patches for Fastify and core dependencies.

---

👉 Upgrade Note: This release requires database migrations 029 through 031. If using self-monitoring, ensure your INTERNAL_DSN environment variables are updated.

Full Changelog: v0.7.0...v0.8.0

v0.8.0-rc7

• Project Capabilities Optimization: reduced log scanning range and optimized queries, making project dashboard tabs load instantly even with millions of logs.
• Backend Self-Monitoring Fixes:
  • Automatically resolves internal API address to http://backend:8080 when running in Docker.
  • Added startup verbose logging to confirm self-monitoring connection status.
  • Faster log delivery for system logs (reduced batching/flush intervals).
• Docker Integration: passed DOCKER_CONTAINER=true environment variable to all backend services.
• Dashboard Performance: consistent sub-100ms dashboard loads across all projects.

v0.8.0-rc6

• Dashboard Performance: implemented a multi-engine intelligent optimization strategy that makes project dashboards instant even with millions of logs.
• TimescaleDB Skip-Scan: implemented Recursive CTEs for distinct queries, reducing execution time from minutes to milliseconds on high-cardinality fields like service.
• Intelligent Volume Estimation: all engines now support countEstimate, allowing the dashboard to bypass heavy operations on high-volume projects.
• MongoDB Protection: added safe timeouts and fallback logic for count operations on massive collections.
• Internal Logging Plugin: fixed bug where INTERNAL_DSN was not passed to the @logtide/fastify plugin.
• Docker Compose: added missing environment variables for self-monitoring and email links.

v0.8.0-rc5

• Internal Logging Plugin: fixed bug where INTERNAL_DSN was not passed to the @logtide/fastify plugin, preventing self-monitoring logs.
• Docker Compose Configuration:
  • Added missing LOGTIDE_DSN and PUBLIC_LOGTIDE_DSN to the frontend service.
  • Added INTERNAL_DSN and FRONTEND_URL to backend and worker services.
  • Corrected worker service configuration (moved environment variables from healthcheck block and fixed SERVICE_NAME).
• Protocol Mismatch: clarified requirement for http protocol in DSN when targeting local instances without SSL.