BlazeUp-AI/Observal](https:

v1.4.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 4d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agents antigravity claude-code cli-tool cursor cursor-ai

+13 more

evaluation insights kiro large-language-models litellm llm llm-evaluation llm-observability llmops monitoring observability playground self-hosted

Affected surfaces

auth

Summary

AI summary

Updates Performance, 1.4.0] - 2026-05-31, and Other across a mixed release.

Full changelog

[1.4.0] - 2026-05-31

Added

make sensitive settings write-once and retractable (security) (b6b4fc1)

Fixed

correct tool count and strip ANSI from thinking blocks (ui+parser) (cb97420)
fix off-by-one in byte offset tracking (pi-extension) (39e2135)
prevent partial line reads during concurrent agent writes (cli) (c9f9b32)
fix TS type errors in incremental session fetch (frontend) (794f98b)
add tmpfs mounts and remove enterprise image logic (infra) (02886aa)

Other

remove obsolete release-enterprise workflow (cdf0078)

Performance

add partition key to session_stats_agg (clickhouse) (013aae1)
tune for 512M container with 500+ concurrent users (postgres) (bc161e0)
convert 3 BaseHTTPMiddleware to pure ASGI (middleware) (0b7096a)
add slim query variants without blob columns (clickhouse) (1415fb1)
skip dedup query on first push with Redis flag guard (ingest) (575842d)
incremental session detail fetch with after_offset (frontend) (b64a8a2)
add after_offset param for incremental detail fetch (sessions) (6e2676b)
raise merge tree part thresholds for high ingest (clickhouse) (cce4b91)
cache agent_id name→UUID resolution in Redis (5min TTL) (ingest) (90e19fd)
combine 15 regex patterns into single alternation (redactor) (847ecde)
enable async_insert with sync override for audit (clickhouse) (b890023)
set maxmemory 200mb with volatile-lru eviction (redis) (22a4f2b)
add rate limit of 300/minute per client IP (ingest) (cd66b15)
skip ContentType depth check on ingest/telemetry (middleware) (22acc2b)
remove GZipMiddleware, nginx handles compression (middleware) (0d68724)
remove _invalidate_cache from hot-path inserts (cache) (8314cca)
reduce session detail polling to 5s fallback (frontend) (cd0a61c)
increase max_jobs from 5 to 15 (worker) (9504a75)
add uvicorn workers for multi-core throughput (docker) (8c7181d)
increase connection pool sizes for 500+ concurrent users (scale) (c28d325)
set keepalive connections equal to max connections (clickhouse) (8ffb7ee)
add upstream keepalive and WebSocket timeout (nginx) (6465c6e)
fire-and-forget Redis publish on session ingest (ingest) (cf502c4)
use session-specific channels for targeted fan-out (pubsub) (bc615fe)
use OrderedDict for O(1) LRU eviction in registry cache (cache) (c1fa3fd)
add partition-independent FINAL optimization (dashboard) (c8f09ad)
parallelize ClickHouse queries with asyncio.gather (dashboard) (dcb03fd)
pipeline 3 Redis checks into 1 round-trip (auth) (9a777fd)
publish sessions:updated on successful session ingest (ingest) (f6e8450)

Breaking Changes

Sensitive settings are now write‑once and retractable

Security Fixes

Make sensitive settings write‑once and retractable (enhances security)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track BlazeUp-AI/Observal](https:

Get notified when new releases ship.

About BlazeUp-AI/Observal](https:

All releases →

Related context

Related tools

Earlier breaking changes

v1.2.0 Removes legacy pre-JSONL modules in insights.
v1.2.0 Removes agent visibility and team access features.
v1.1.0 Replace deployment_mode API field with licensed boolean.
v0.8.0 Removes goal template, replaces with required prompt field in agent configuration.