Timesketch

v20260611 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 1d Forensics & Incident Response

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

analysis dfir forensics security timeline

Affected surfaces

auth breaking_upgrade deps

ReleasePort's take

Moderate signal

editorial:auto 1d

The base Docker image now uses Ubuntu 26.04 and the minimum OpenSearch version is raised to 2.19.5; both changes require migration for custom deployments.

Why it matters: Ubuntu 26.04 upgrade and OpenSearch ≥ 2.19.5 requirement trigger mandatory migration steps for any custom deployment before the next release cycle.

Summary

AI summary

Broad release touches 🐞 Bug Fixes, 📈 Improvements & Refinements, ⬆️ Dependency Updates, and Fix.

Changes in this release

Type	Severity	Summary	CVE
Breaking	High	Base Docker image upgraded to Ubuntu 26.04; migration required for custom deployments. Base Docker image upgraded to Ubuntu 26.04; migration required for custom deployments. Source: llm_adapter@2026-06-11 Confidence: high	—
Breaking	High	Minimum OpenSearch version raised to 2.19.5 for wildcard field support; migration required. Minimum OpenSearch version raised to 2.19.5 for wildcard field support; migration required. Source: llm_adapter@2026-06-11 Confidence: high	—
Feature	Medium	Adds native wildcard field search support in Timesketch. Adds native wildcard field search support in Timesketch. Source: llm_adapter@2026-06-11 Confidence: high	—
Feature	Medium	Introduces initial OpenTelemetry integration for tracing Timesketch components. Introduces initial OpenTelemetry integration for tracing Timesketch components. Source: llm_adapter@2026-06-11 Confidence: high	—
Dependency	Low	Updates cryptography pip dependency from 46.0.6 to 46.0.7. Updates cryptography pip dependency from 46.0.6 to 46.0.7. Source: llm_adapter@2026-06-11 Confidence: high	—
Bugfix
Bugfix	Medium	Fixes missing ownership validation on cross‑sketch API endpoints. Fixes missing ownership validation on cross‑sketch API endpoints. Source: llm_adapter@2026-06-11 Confidence: high	—
Bugfix	Medium	Enforces cross‑sketch ownership on analyzer sessions, conclusions, and event relabeling. Enforces cross‑sketch ownership on analyzer sessions, conclusions, and event relabeling. Source: llm_adapter@2026-06-11 Confidence: high	—
Bugfix	Medium	Scopes analyzer result and session lookups to the requested sketch, preventing data leakage. Scopes analyzer result and session lookups to the requested sketch, preventing data leakage. Source: llm_adapter@2026-06-11 Confidence: high	—
Bugfix	Medium	Resolves race condition in `StatusMixin.set_status` causing ambiguous status messages. Resolves race condition in `StatusMixin.set_status` causing ambiguous status messages. Source: llm_adapter@2026-06-11 Confidence: high	—
Bugfix	Medium	Corrects upload file permission handling to prevent access errors. Corrects upload file permission handling to prevent access errors. Source: llm_adapter@2026-06-11 Confidence: high	—

Full changelog

📢 Release Announcements

[!Note]

⚠️ Base Image Upgraded to 26.04

Starting with this release, the Timesketch base Docker image has been upgraded to Ubuntu 26.04. If you are running custom container deployments, please plan your migration accordingly.

[!Note]

🔍 Native Wildcard Field Search & OpenSearch Upgrade

Timesketch now supports mapping text fields as wildcard field types, improving the usage of substring searches on logs.

Minimum OpenSearch Version: To properly support these new native wildcard field mappings, the minimum compatible OpenSearch version is now 2.19.5.

For more details on configuring your index mappings, please refer to the Timesketch Index Mappings Guide.

[!NOTE]

📊 OpenTelemetry Integration

We have introduced initial support for OpenTelemetry! You can now instrument and collect traces from your Timesketch web backend, SQLAlchemy, and OpenSearch interactions, allowing for deeper performance monitoring and health tracking of your Timesketch instances.

For more details on configuring OpenTelemetry, please refer to the Admin Guide

What's Changed

✨ New Features & Major Enhancements

Support Ubuntu 26.04 base image & major dependency updates by @jkppr in https://github.com/google/timesketch/pull/3816
Feature: Native Wildcard Field Search Support in Timesketch by @jkppr in https://github.com/google/timesketch/pull/3825
Feat: Initial contribution for OpenTelemetry by @jaegeral in https://github.com/google/timesketch/pull/3795
Feat(otel): Add SQLALchemy basic telemetry by @jaegeral in https://github.com/google/timesketch/pull/3840
Feat(otel): Add basic OpenSearch Telemetry by @jaegeral in https://github.com/google/timesketch/pull/3839
Feature: SearchDropdown Improvements by @jkppr in https://github.com/google/timesketch/pull/3827
Fix: Support ad-hoc analyzer arguments appending analyzer_kwargs by @jkppr in https://github.com/google/timesketch/pull/3802

📈 Improvements & Refinements

CI: Restrict default GITHUB_TOKEN permissions to read-only across all workflows by @jkppr in https://github.com/google/timesketch/pull/3838
Robust API client error handling: safely handle None responses and missing attributes by @jkppr in https://github.com/google/timesketch/pull/3790
Feat(otel): e2e otel tests by @jaegeral in https://github.com/google/timesketch/pull/3826
Feat(otel): Update docker-compose.yml release by @jaegeral in https://github.com/google/timesketch/pull/3842
Feat(otel): add status to analyzer otel by @jaegeral in https://github.com/google/timesketch/pull/3806
Fix(otel): Move otel config and docker config for otel by @jaegeral in https://github.com/google/timesketch/pull/3805
Fix: Ignore e2e CI workflows for frontend code changes by @jkppr in https://github.com/google/timesketch/pull/3832
Fix(unittests): events_test.py and sigma_test.py by @jaegeral in https://github.com/google/timesketch/pull/3810

🐞 Bug Fixes

Fix: Add missing ownership validation on cross-sketch API endpoints by @mohammadmseet-hue in https://github.com/google/timesketch/pull/3777
Fix:Enforce cross-sketch ownership on analyzer sessions, conclusions, and event relabeling by @adilburaksen in https://github.com/google/timesketch/pull/3822
Fix: Scope analyzer result and session lookups to the requested sketch by @evilgensec in https://github.com/google/timesketch/pull/3823
Fix: race condition in StatusMixin.set_status -> "More than one status available" by @jaegeral in https://github.com/google/timesketch/pull/3804
Fix upload file permission by @jkppr in https://github.com/google/timesketch/pull/3789
Fix imported search template visibility by @kiwigitops in https://github.com/google/timesketch/pull/3824
Fix: Path and Redirect issues in the python API by @jkppr in https://github.com/google/timesketch/pull/3837
Fix: string vs list to prevent failing requests by @jaegeral in https://github.com/google/timesketch/pull/3796
Fix(cli-client): output_format usage in cli client by @jaegeral in https://github.com/google/timesketch/pull/3828

⬆️ Dependency Updates

Add dependency for feature extraction in domain analyzer by @jkppr in https://github.com/google/timesketch/pull/3803
Update npm dependencies for frontend-v3 by @jkppr in https://github.com/google/timesketch/pull/3835
Upgrade some frontend-ng dependencies by @jkppr in https://github.com/google/timesketch/pull/3834
Build(deps): bump the npm_and_yarn group across 1 directory with 11 updates by @dependabot[bot] in https://github.com/google/timesketch/pull/3829
Build(deps): bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/google/timesketch/pull/3791
Build(deps): bump cryptography from 46.0.6 to 46.0.7 in the pip group across 1 directory by @dependabot[bot] in https://github.com/google/timesketch/pull/3836
Build(deps): bump cryptography from 46.0.5 to 46.0.6 in the pip group across 1 directory by @dependabot[bot] in https://github.com/google/timesketch/pull/3787
Build(deps-dev): bump happy-dom from 20.8.3 to 20.8.8 in /timesketch/frontend-ng in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/google/timesketch/pull/3786

New Contributors

@kiwigitops made their first contribution in https://github.com/google/timesketch/pull/3824
@mohammadmseet-hue made their first contribution in https://github.com/google/timesketch/pull/3777
@adilburaksen made their first contribution in https://github.com/google/timesketch/pull/3822
@evilgensec made their first contribution in https://github.com/google/timesketch/pull/3823

Full Changelog: https://github.com/google/timesketch/compare/20260326...20260611

Breaking Changes

Base Docker image upgraded to Ubuntu 26.04 – custom deployments must migrate.
Minimum compatible OpenSearch version raised to 2.19.5.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Timesketch

Get notified when new releases ship.

About Timesketch

Collaborative forensic timeline analysis

All releases →