This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+10 more
Summary
AI summaryFixed Windows SSH argument truncation and DigitalOcean/Coolify SSH lockout issues.
Full changelog
[1.10.1] - 2026-03-17
Added
- sshStream stdin support — SSH batch commands piped via stdin for reliable cross-platform execution
- Audit batch error reporting — Structured error details when audit SSH batches fail
Fixed
- Windows SSH argument escaping — Batch commands now use stdin pipe instead of spawn arguments, fixing truncation on Windows
- Audit sentinel wrappers — Added sentinel markers for 4 categories (accounts, services, boot, scheduling — 24 checks) fixing parser mismatches
- Cloud-init SSH lockout — Fixed DigitalOcean + Coolify SSH lockout caused by ssh.socket/needrestart/UFW ordering
- Interactive menu back navigation — Back option now works correctly in nested sub-menus
- DEBIAN_FRONTEND=noninteractive — Added to Coolify and Dokploy cloud-init scripts preventing apt prompts
- Provision reliability — Orphan cleanup, Vultr boot timeout (135s), SSH hardening safety guards
- Snapshot Zod schema — Added 6 P52 optional fields (vpsIrrelevant, connectionError, vpsType, vpsAdjustedCount, skippedCategories, warnings) preventing silent strip on load
Full Changelog: https://github.com/kastelldev/kastell/compare/v1.10.0...v1.10.1
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About kastelldev/kastell
Server security auditing and hardening toolkit. 413 security checks across 29 categories (SSH, Firewall, Docker, TLS, HTTP Headers), CIS/PCI-DSS/HIPAA compliance mapping, 19-step production hardening, fleet management, and forensic evidence collection. Supports Hetzner, DigitalOcean, Vultr, and Linode. 13 MCP tools.
Related context
Related tools
Beta — feedback welcome: [email protected]