This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+13 more
Affected surfaces
ReleasePort's take
Moderate signalv1.2.0 removes agent visibility and team access features, as well as legacy pre‑JSONL modules in insights.
Why it matters: Breaking changes affect core platform functionality; operators must update integrations before upgrade to avoid loss of visibility and module support.
Summary
AI summaryRemove agent visibility, team access features and legacy pre‑JSONL modules (breaking changes).
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
Prevents rate-limit bypass via X-Forwarded-For spoofing. Prevents rate-limit bypass via X-Forwarded-For spoofing. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Breaking | High |
Removes agent visibility and team access features. Removes agent visibility and team access features. Source: llm_adapter@2026-05-26 Confidence: low |
— |
| Breaking | High |
Removes legacy pre-JSONL modules in insights. Removes legacy pre-JSONL modules in insights. Source: llm_adapter@2026-05-26 Confidence: low |
— |
| Feature | Low |
Adds registry_direct delivery mode for inline skill submission (skills). Adds registry_direct delivery mode for inline skill submission (skills). Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Feature | Low |
Adds co‑authoring for agents and components. Adds co‑authoring for agents and components. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Feature | Low |
Adds attribute pi sessions to the pulled agent (pi). Adds attribute pi sessions to the pulled agent (pi). Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Feature | Low |
Adds insights report page with facets, charts, and personal sections (web). Adds insights report page with facets, charts, and personal sections (web). Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Feature | Low |
Adds V5 pipeline with deterministic extraction and personal narratives (insights). Adds V5 pipeline with deterministic extraction and personal narratives (insights). Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Dependency | Medium |
Bumps redis-py to >=5.0 for aclose() support. Bumps redis-py to >=5.0 for aclose() support. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Bugfix | Medium |
Adds CIDR support and default trusted proxies for Docker stack. Adds CIDR support and default trusted proxies for Docker stack. Source: llm_adapter@2026-05-26 Confidence: high |
— |
Full changelog
[1.2.0] - 2026-05-26
Added
- add co-authoring for agents and components (8c79024)
- add registry_direct delivery mode for inline skill submission (skills) (42716a8)
- attribute pi sessions to the pulled agent (pi) (ff09004)
- insights report page with facets charts and personal sections (web) (ef18933)
- V5 pipeline with deterministic extraction and personal narratives (insights) (8ad53d4)
Changed
- remove agent visibility and team access features [BREAKING] (a35c629)
Documentation
- add prompt CLI documentation (#1051) (6f99e7d)
- rewrite README with updated screenshots and current feature set (6f156d8)
Fixed
- bump redis-py to >=5.0 for aclose() support (server) (d48b6ff)
- regenerate observal-server/uv.lock in release script (build) (9d44f3b)
- add CIDR support and default trusted proxies for Docker stack (7003cdf)
- prevent rate-limit bypass via X-Forwarded-For spoofing (security) (4dd8288)
Other
- remove legacy pre-JSONL modules (insights) [BREAKING] (3c65d21)
Breaking Changes
- Removed agent visibility and team access features
- Removed legacy pre-JSONL modules
Security Fixes
- Prevent rate-limit bypass via X-Forwarded-For spoofing
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About BlazeUp-AI/Observal](https:
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]