signoz

v0.126.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 6d Error & Performance Tracking

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

apm application-monitoring distributed-tracing go log logs

+9 more

prometheus monitoring nextjs observability opentelemetry react reactjs self-hosted typescript

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 6d

Upgrade the idna dependency to version 3.16 to remediate CVE‑2026‑45409.

Why it matters: CVE‑2026‑45409 (CVSS 9.8) affects all deployments using the current idna library; upgrading to 3.16 eliminates the vulnerability immediately.

Summary

AI summary

Broad release touches 🧰 Maintenance, 🚀 Features, 🐛 Bug Fixes, and chore.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Upgrade idna dependency to 3.16, fixing CVE-2026-45409. Upgrade idna dependency to 3.16, fixing CVE-2026-45409. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature
Feature	Low	Introduce v2 create and get dashboard API endpoints. Introduce v2 create and get dashboard API endpoints. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Upgrade OpenFGA authorization library from version 1.11.2 to 1.14.1. Upgrade OpenFGA authorization library from version 1.11.2 to 1.14.1. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Add clear filter button and restructure UI in trace details header. Add clear filter button and restructure UI in trace details header. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Introduce base route, auth‑retry streaming, and rate‑limit UX for AI assistant. Introduce base route, auth‑retry streaming, and rate‑limit UX for AI assistant. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Apply new soft colour palette to waterfall and flamegraph visualizations. Apply new soft colour palette to waterfall and flamegraph visualizations. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Replace Radio components with ToggleGroup in various components. Replace Radio components with ToggleGroup in various components. Source: granite4.1:30b@2026-05-28-audit Confidence: low	—
Bugfix	Medium	Ensure timestamp is always emitted in milliseconds. Ensure timestamp is always emitted in milliseconds. Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix	Medium	Resolve ClickHouse 25.12.5 Trace Operator query analyzer failure caused by dangling CTE. Resolve ClickHouse 25.12.5 Trace Operator query analyzer failure caused by dangling CTE. Source: llm_adapter@2026-05-28 Confidence: high	—
Refactor
Refactor	Low	Replace antd Checkbox with @signozhq/ui Checkbox component. Replace antd Checkbox with @signozhq/ui Checkbox component. Source: llm_adapter@2026-05-28 Confidence: high	—
Refactor	Low	Migrate antd Tag component to signozhq/ui Badge. Migrate antd Tag component to signozhq/ui Badge. Source: llm_adapter@2026-05-28 Confidence: high	—
Refactor	Low	Migrate Avatar from antd to signozhq/ui Avatar. Migrate Avatar from antd to signozhq/ui Avatar. Source: granite4.1:30b@2026-05-28-audit Confidence: low	—
Refactor	Low	Refactor: migrate plain antd dropdown to @signozhq/ui/dropdown. Refactor: migrate plain antd dropdown to @signozhq/ui/dropdown. Source: granite4.1:30b@2026-05-28-audit Confidence: low	—

Full changelog

What's Changed

🚀 Features

refactor: replace antd Checkbox with @signozhq/ui Checkbox (#11396) @YounixM
feat: replace Radio components with ToggleGroup in various components (#11391) @YounixM
feat: new soft colour palette for waterfall + flamegraph (#11468) @aks07
feat: v2 create and get dashboard API (#11125) @namanv3
feat(authz): upgrade OpenFGA from v1.11.2 to v1.14.1 (#11475) @vikrantgupta25
feat(ai-assistant): base route, auth-retry streaming, and rate-limit UX (#11457) @YounixM
feat(trace-details): added clear filter button in trace details header + UI restructure (#11345) @aks07

🐛 Bug Fixes

fix: ensure timestamp is always in ms (#11483) @nityanandagohain
fix: ClickHouse 25.12.5 Trace Operator query analyzer fail due to dangling CTE (#11268) @piyushsingariya
fix: added utility functions to calculate minimum step intervals and … (#11447) @YounixM
fix(rules): use alertmanager external URL for related logs/traces and generator URL (#11413) @jatinderjit
fix(deps): upgrade idna to 3.16 to fix CVE-2026-45409 (#11479) @vikrantgupta25

🧰 Maintenance

chore(release): bump SigNoz to v0.126.1 (#11487) @primus-bot
chore: migrate antd Tag to badge (#11421) @manika-signoz
chore(meterreporter): document jitter config in example.yaml (#11482) @karanbalani
chore: migrate antd divider to signozhq/ui divider (#11474) @manika-signoz
chore: preserve order of pipelines between memory_limiter and batch (#11461) @piyushsingariya
chore(agents): add more instructions for code quality (#11466) @H4ad
chore: migrate Avatar from antd to signozhq/ui Avatar (#11478) @manika-signoz
chore: breakdown query range function (#11211) @tushar-signoz
refactor(frontend): migrate plain antd dropdown to @signozhq/ui/dropdown (#11400) @tewarig

Security Fixes

dep: idna upgraded to 3.16 to fix CVE-2026-45409

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track signoz

Get notified when new releases ship.

About signoz

SigNoz is an open-source observability platform native to OpenTelemetry with logs, traces and metrics in a single application. An open-source alternative to DataDog, NewRelic, etc. . Open source Application Performance Monitoring (APM) & Observability tool