Skip to content

BlazeUp-AI/Observal](https:

v0.7.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 15d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

agents antigravity claude-code cli-tool cursor cursor-ai
+13 more
evaluation insights kiro large-language-models litellm llm llm-evaluation llm-observability llmops monitoring observability playground self-hosted

Affected surfaces

auth deps

Summary

AI summary

Updates 0.7.0] - 2026-05-19, Other, and Testing across a mixed release.

Full changelog

[0.7.0] - 2026-05-19

Added

  • enterprise license gate for insights (ee) (1a2f3c0)
  • add Gitleaks workflow to scan PRs for secret leaks (ci) (8ba0c76)
  • auto-label PRs with merge conflicts (ci) (abc12a5)
  • auto-label PRs touching tests or enterprise code (ci) (cd7f50d)
  • add workflow to label PRs from first-time contributors (ci) (0e27e9f)

Changed

  • migrate e2e tests to tests/e2e with pnpm workspace (8d3394e)

Documentation

  • clarify agent install and pull (596f210)
  • update agent pull command (17372aa)
  • rewrite landing page for clarity and completeness (6c02a60)
  • update migrate workflow with org-id and structured steps (6fa6c78)

Fixed

  • redact nested structured secrets (security) (3ab8e70)
  • bump gitpython to 3.1.50 and urllib3 to 2.7.0 (deps) (b62f861)
  • use search API, bump to @v9, fix error handling in new-contributor workflow (ci) (2eb853b)
  • fix SPDX header corruption and improve e2e-frontend health check (ci) (1f3d05d)
  • add repository guard to deploy, release, and SBOM workflows (ci) (f6724e5)
  • fix SAML SSO (ee) (2af7611)
  • update web frontend (minor/patch) (deps) (da825f8)
  • restrict migrate commands to super admin (#1048) (eda06e0)
  • add missing pyarrow dep to make test targets (#1044) (1bfb94c)

Other

  • move SPDX identifiers for LICENSE and ee/LICENSE to REUSE.toml (bfd6145)
  • clean up CI pipeline (ci) (4575a26)
  • fold PR label workflows into one file (ci) (77e8538)
  • update codecov/codecov-action action to v6 (deps) (3bb1b1c)
  • update dependency ruff to v0.15.13 (deps) (a1192e4)
  • update fsfe/reuse-action action to v6 (deps) (11cdcff)
  • update dependency node to v24 (deps) (31f8cb6)
  • update actions/upload-artifact action to v7 (deps) (f684f52)
  • update ghcr.io/astral-sh/uv docker tag to v0.11.15 (deps) (2c789e4)
  • update pnpm/action-setup action to v6 (deps) (e70c6a9)
  • prep CLI for Homebrew (packaging) (d2bf23b)

Testing

  • cover redactor fallbacks (security) (a6c4d40)

Security Fixes

  • Redact nested structured secrets — closes security issue
  • Cover redactor fallbacks in testing — improves security coverage
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track BlazeUp-AI/Observal](https:

Get notified when new releases ship.

Sign up free

About BlazeUp-AI/Observal](https:

All releases →

Related context

Earlier breaking changes

  • v1.2.0 Removes legacy pre-JSONL modules in insights.
  • v1.2.0 Removes agent visibility and team access features.
  • v1.1.0 Replace deployment_mode API field with licensed boolean.
  • v0.8.0 Removes goal template, replaces with required prompt field in agent configuration.

Beta — feedback welcome: [email protected]