This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+8 more
Affected surfaces
Summary
AI summaryBroad release touches Target release frequency, β¨Fixes and Improvements, πNew capabilities, and Screenshots .
Full changelog
Hi all π
This release centers on refining how NetAlertX handles distributed environments and enhancing the reliability of the core scanning plugins, making the platform increasingly suitable for MSP and multi-site deployments.
A major addition is the new SYNC_BEHAVIOR setting, which gives you explicit control over whether your hub or your nodes act as the source of truth. I've also hardened the SYNC pluginβs error handling to ensure more reliable data propagation across your network.
The plugin ecosystem continues to expand thanks to the community π there is now a new Kea DHCP server plugin (thanks to @void-spark) and a AdGuard Export plugin (thanks to @natecj), which keeps your device names and identifiers mirrored in AdGuard Home.
The the system's foundation was hardened as well. This includes a UI-wide HTML-encoding overhaul to ensure device names are rendered safely, plus a major update to the ICMP scanner to improve reliability with better VLAN handling. Finally, workflows handle device deletions better to prevent background triggers from failing during data churn.
Thanks to everyone who contributed to this release. Now onto the changes.
Screenshots
π Breaking changes
Sometimes I have to introduce breaking changes
[!WARNING]
- πΊNEXT RELEASE REMOVAL: If you have implemented external applications using the OLD API endpoints, please migrate to the NEW API endpoints.
πNew capabilities
- Kea DHCP server plugin
KEALSSby @void-spark π - A
SYNC_BEHAVIORsetting to choose if the hub or nodes are the source of truth #1651 ADGUARDEXPplugin to export devices to AdGuard as persistent clients, keeping names and IP/MAC identifiers in sync by @natecj π
β¨Fixes and Improvements
- Workflow triggers could fail if device deleted before event was processed
DIGSCANcould not be disabled due to default RUN set in config.json #1631- New UI regression tests verifying
devNameXSS protection - UI-wide HTMLβencoding for device names and safer table rendering
- Sync hub (
SYNC) more robust error handling #1657 - The hub of the
SYNCsetup in pull mode didn't emitnew devicenotifications #1652 - ICMP scan: perβinterface & IPv4/IPv6 probing, deduplication, tolerant timeouts. #1642
- Device pages: smarter name cache fallback, improved titles/navigation
- Workflows/triggers handle missing objects more gracefully and action groups simplified
- The PUSH mode of the
SYNCplugin didn't work - Updated CRON schedule validation to accept a wider range of CRON schedules
- Tweaked external link icon spacing and refined settings/devices UI layout; updated footer links.
- Added device filtering troubleshooting guide and in-app help link for the devices table.
ICMPdidn't handle VLANs in the SCAN_SUBNETS setting #1662
Previous releases:
https://github.com/netalertx/netalertx/releases
Target release frequency:
- Monthly
What's Changed
- sync by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1633
- Fix typo in docker installation documentation by @Neutronlul in https://github.com/netalertx/NetAlertX/pull/1635
- First attempt at kea dhcp support by @void-spark in https://github.com/netalertx/NetAlertX/pull/1636
- sync by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1638
- Translated using Weblate (Portuguese (Portugal)) by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1643
- Fix potentially vulnerable cloned function by @npt-1707 in https://github.com/netalertx/NetAlertX/pull/1645
- Fix potentially vulnerable cloned function by @npt-1707 in https://github.com/netalertx/NetAlertX/pull/1646
- Fix potentially vulnerable cloned function by @npt-1707 in https://github.com/netalertx/NetAlertX/pull/1647
- Next release by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1634
- Refactor sync data processing to handle PUSH and PULL modes with impr⦠by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1653
- BE: SYNC API logging by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1654
- SYNC plugin improvements - skipping non-reachable nodes, SYNC_BEHAVIOR by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1655
- Next release by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1658
- Next release by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1660
- feat: add adguard_export plugin by @natecj in https://github.com/netalertx/NetAlertX/pull/1649
- Next release by @jokob-sk in https://github.com/netalertx/NetAlertX/pull/1665
New Contributors
- @Neutronlul made their first contribution in https://github.com/netalertx/NetAlertX/pull/1635
- @void-spark made their first contribution in https://github.com/netalertx/NetAlertX/pull/1636
- @npt-1707 made their first contribution in https://github.com/netalertx/NetAlertX/pull/1645
- @natecj made their first contribution in https://github.com/netalertx/NetAlertX/pull/1649
Full Changelog: https://github.com/netalertx/NetAlertX/compare/v26.5.4...v26.6.3
Breaking Changes
- Removal of OLD API endpoints β migrate to NEW API endpoints
Security Fixes
- UIβwide HTML encoding overhaul prevents XSS when rendering device names
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About NetAlertX
Centralized network visibility and continuous asset discovery. Monitor devices, detect change, and stay aware across distributed networks.
Related context
Related tools
Beta — feedback welcome: [email protected]