Skip to content

kastelldev/kastell

v1.11.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo Server & OS Management
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

automation cli coolify devops digitalocean docker
+10 more
dokploy hetzner linode mcp security-audit self-hosted server-management typescript vps vultr

Summary

AI summary

Added audit filtering, lock step expansion, and SSH host key remediation improvements.

Full changelog

What's New in v1.11.0

Added

  • MCP tool descriptions — Updated all 13 MCP tools with 27-category routing hints and accurate check counts
  • Audit display filteraudit --filter for display-only category/severity filtering without re-running SSH
  • Audit fix score delta — Post-fix score re-audit shows before/after comparison
  • Lock 16-step expansionserver lock expanded from 5 to 16 hardening steps with grouped CLI output and dry-run preview
  • Lock step helpersrunLockStep + 11 command builders for modular hardening (auditd, sysctl, pwquality, AIDE, etc.)
  • SSH host key remediation — Proactive removeStaleHostKey before SSH polling + error output with remediation hints

Fixed

  • Interactive menu audit filters — Audit sub-menu now correctly passes filter and fix options
  • FW-05 passed field — Fixed incorrect variable in firewall IPv6 check
  • MCP check count — Corrected inflated 488+ count back to accurate 409
  • Audit filter+fix hardening — Shell metacharacter guard, severity validation, structured error logging
  • SSH retry error handling — Added .catch() to SSH retry preventing unhandled rejections

Changed

  • getErrorMessage reuse — Consolidated error message extraction across modules

Full Changelog: https://github.com/kastelldev/kastell/compare/v1.10.1...v1.11.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track kastelldev/kastell

Get notified when new releases ship.

Sign up free

About kastelldev/kastell

Server security auditing and hardening toolkit. 413 security checks across 29 categories (SSH, Firewall, Docker, TLS, HTTP Headers), CIS/PCI-DSS/HIPAA compliance mapping, 19-step production hardening, fleet management, and forensic evidence collection. Supports Hetzner, DigitalOcean, Vultr, and Linode. 13 MCP tools.

All releases →

Related context

Beta — feedback welcome: [email protected]