txn2/kubefwd

v1.25.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 5mo Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

api-rest developer-tools devops devops-tools devtools kubernetes

+8 more

kubefwd kubernetes-clusters kubernetes-namespace mcp-server networking port-forward port-forwarding proxy

Affected surfaces

auth rbac

Summary

AI summary

Introduces a REST API, MCP server integration, and idle mode for dynamic port forwarding management.

Full changelog

This is a major release introducing a REST API for programmatic control and an MCP (Model Context Protocol) server for AI assistant integration. Developers can now manage port forwards dynamically through API calls or by chatting with AI tools like Claude Desktop, Cursor, and VS Code Copilot. This release also introduces "idle mode" for daemon-style operation, allowing kubefwd to start without any namespaces and add them on-the-fly.

Highlights

REST API: Full-featured HTTP API with 40+ endpoints for programmatic control, real-time SSE event streaming, and OpenAPI documentation
MCP Server: First-class integration with AI assistants via 23 tools, 8 resources, and 10 prompts
Idle Mode: Run kubefwd without namespaces, add/remove them dynamically via API or MCP
AI-Optimized Analysis: Endpoints designed for LLM consumption with structured errors and suggested actions
Security Hardening: CORS origin whitelist and bounded memory allocations

New Features

REST API (PR #330)

kubefwd now includes a comprehensive REST API built with Gin, enabling programmatic control over port forwarding:

# Start kubefwd with API enabled
sudo -E kubefwd svc -n default --api

# Or use idle mode (API enabled by default)
sudo -E kubefwd

# Test the API
curl http://kubefwd.internal/api/health

API Features

40+ Endpoints: Complete control over services, forwards, namespaces, and diagnostics
OpenAPI Documentation: Interactive docs at http://kubefwd.internal/docs
SSE Event Streaming: Real-time events at /api/v1/events
AI-Optimized Endpoints: /api/v1/analyze and /api/v1/status designed for LLM consumption
History Tracking: Event, error, and reconnection history with ring buffer storage

Key Endpoints

| Category | Endpoints | Description |
|----------|-----------|-------------|
| Health | GET /api/health, /api/info | Health checks and version info |
| Services | GET/POST/DELETE /api/v1/services | List, add, remove services |
| Forwards | GET /api/v1/forwards | Active port forward details |
| Namespaces | GET/POST/DELETE /api/v1/namespaces | Dynamic namespace management |
| Metrics | GET /api/v1/metrics[/services] | Traffic statistics |
| Logs | GET /api/v1/logs[/stream] | Recent and streaming logs |
| Events | GET /api/v1/events (SSE) | Real-time event stream |
| Diagnostics | GET /api/v1/diagnostics | Network and error diagnostics |
| Analysis | GET /api/v1/analyze, /api/v1/status | AI-friendly status analysis |
| History | GET /api/v1/history/* | Event and error history |
| Kubernetes | GET /api/v1/kubernetes/* | Cluster discovery |

Example: Add a Namespace Dynamically

# Add a namespace to forward
curl -X POST http://kubefwd.internal/api/v1/namespaces \
  -H "Content-Type: application/json" \
  -d '{"namespace": "staging", "context": "my-cluster"}'

# List forwarded services
curl http://kubefwd.internal/api/v1/services

# Remove when done
curl -X DELETE http://kubefwd.internal/api/v1/namespaces/staging.my-cluster

MCP Server Integration (PR #330)

kubefwd now includes a full Model Context Protocol server for seamless AI assistant integration:

# Start MCP server on stdio (for Claude Desktop, Cursor, etc.)
kubefwd mcp

# MCP over HTTP (connects to running kubefwd API)
kubefwd mcp --http

MCP Capabilities

23 Tools: Complete control from AI conversations
8 Resources: Expose state to AI assistants
10 Prompts: Guided workflows for common tasks

Available Tools

| Category | Tools | Description |
|----------|-------|-------------|
| Services | list_services, get_service, find_services | Query forwarded services |
| Management | add_namespace, remove_namespace, add_service, remove_service | Dynamic control |
| Actions | reconnect_service, reconnect_all_errors, sync_service | Recovery operations |
| Metrics | get_metrics, get_logs, get_http_traffic | Monitoring |
| Kubernetes | list_k8s_namespaces, list_k8s_services, list_contexts | Cluster discovery |
| Analysis | diagnose_errors, get_health, get_analysis, get_quick_status | AI-optimized diagnostics |
| Connection | get_connection_info, list_hostnames | Developer helpers |
| History | get_history | Event and error history |

Available Resources

| URI | Description |
|-----|-------------|
| kubefwd://services | All forwarded services with status |
| kubefwd://forwards | Active port forwards with IPs and ports |
| kubefwd://metrics | Traffic statistics |
| kubefwd://summary | High-level health summary |
| kubefwd://errors | Current errors with details |
| kubefwd://status | Quick health status (ok/issues/error) |
| kubefwd://http-traffic | Recent HTTP requests |
| kubefwd://contexts | Available Kubernetes contexts |

Available Prompts

| Prompt | Description |
|--------|-------------|
| setup_local_dev | Set up local development environment |
| connection_guide | Get connection info for a service |
| forward_namespace | Forward all services in a namespace |
| troubleshoot | Systematic debugging guide |
| fix_errors | Step-by-step error resolution |
| debug_service | Debug a specific service |
| quick_connect | Fastest path to connect to a service |
| analyze_issues | Comprehensive issue analysis |
| explain_status | Non-technical status explanation |
| monitor | Traffic and health monitoring guide |

Claude Desktop Integration

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS):

{
  "mcpServers": {
    "kubefwd": {
      "command": "kubefwd",
      "args": ["mcp"],
      "env": {
        "KUBECONFIG": "/Users/you/.kube/config"
      }
    }
  }
}

Then chat naturally with Claude:

"Connect me to the postgres database in the staging namespace"
"What services are currently having errors?"
"Show me connection info for the auth-service"

Cursor Integration

Add to Cursor settings:

{
  "mcp": {
    "servers": {
      "kubefwd": {
        "command": "sudo",
        "args": ["-E", "kubefwd", "mcp"],
        "type": "stdio"
      }
    }
  }
}

Idle Mode (PR #330)

kubefwd can now run without specifying namespaces upfront, enabling daemon-style operation:

# Start in idle mode (no namespaces, API enabled by default)
sudo -E kubefwd

# Add namespaces via API
curl -X POST http://kubefwd.internal/api/v1/namespaces \
  -d '{"namespace": "production"}'

# Or via MCP (from AI assistant)
# "Forward the production namespace"

This is particularly useful for:

Long-running development environments: Start once, add namespaces as needed
CI/CD pipelines: Programmatically control which services are forwarded
AI-driven workflows: Let AI assistants manage port forwarding based on context

Namespace Manager (PR #330)

New dynamic namespace management system (pkg/fwdns):

Add namespaces at runtime: No restart required
Remove namespaces cleanly: Stops all forwards, cleans up hosts file
Label selectors: Filter services within a namespace
Multi-context support: Forward from multiple clusters simultaneously

Security Improvements

CORS Origin Whitelist

The API now uses an explicit origin whitelist instead of Access-Control-Allow-Origin: *:

var allowedOrigins = map[string]bool{
    "http://kubefwd.internal":   true,
    "http://localhost":          true,
    "http://localhost:8080":     true,
    "http://127.0.0.1":          true,
    "http://127.0.0.1:8080":     true,
    "http://127.2.27.1":         true,
    "http://127.2.27.1:8080":    true,
}

Bounded Memory Allocations (CWE-770)

All ring buffer allocations now have explicit bounds to prevent memory exhaustion:

Event history: max 10,000 entries
Error history: max 5,000 entries
Reconnection history: max 2,000 entries per service
Log buffer: max 10,000 entries

Improvements

AI-Friendly Error Handling

Errors now include machine-readable codes and suggested actions:

{
  "error": {
    "code": "CONNECTION_REFUSED",
    "message": "Failed to connect to pod",
    "suggestion": "The pod may not be ready. Try 'reconnect_service' after the pod is running.",
    "affectedService": "postgres.default.minikube"
  }
}

Event History

New ring buffer-based history system tracks:

Service lifecycle events (added, removed, connected, errored)
Errors with timestamps and context
Reconnection attempts with success/failure status

HTTP Traffic Inspection

Monitor HTTP requests flowing through port forwards:

# Via API
curl http://kubefwd.internal/api/v1/services/myapi.default.ctx/http

# Returns recent requests with method, path, status, duration

OpenAPI Documentation

Interactive API documentation available at /docs:

Try endpoints directly from the browser
Full request/response schemas
Authentication and error documentation

Testing

New Test Coverage

Comprehensive tests added for all new packages:

pkg/fwdapi: API handlers, middleware, adapters
pkg/fwdmcp: MCP server, tools, resources, prompts
pkg/fwdns: Namespace manager
pkg/fwdapi/history: Ring buffer storage
pkg/fwdapi/handlers: All HTTP handlers

Test Infrastructure

Mock implementations for all interfaces
Table-driven tests for edge cases
Race condition testing with -race flag

Build and Infrastructure

New Packages

| Package | Description |
|---------|-------------|
| pkg/fwdapi | REST API server with Gin framework |
| pkg/fwdapi/handlers | HTTP request handlers |
| pkg/fwdapi/middleware | CORS, logging, recovery middleware |
| pkg/fwdapi/types | API types and interfaces |
| pkg/fwdapi/history | Event and error history storage |
| pkg/fwdmcp | MCP server implementation |
| pkg/fwdns | Dynamic namespace manager |

Dependencies

New dependencies for this release:

github.com/gin-gonic/gin - HTTP framework
github.com/modelcontextprotocol/go-sdk/mcp - MCP protocol

Documentation

New Documentation

REST API Reference: Complete endpoint documentation
MCP Integration Guide: AI assistant setup instructions
OpenAPI Specification: Machine-readable API spec at /openapi.yaml

Updated Documentation

README.md: Added API and MCP quick start examples
CLAUDE.md: Updated architecture documentation

Bug Fixes

Fixed lint issues across multiple packages (errcheck, staticcheck, unused)
Fixed CORS configuration (was too permissive with *)
Fixed unbounded slice allocations (CodeQL CWE-770)
Fixed embedded mutex field access patterns
Fixed time.Now().Sub() to use time.Since() idiom

Breaking Changes

None. This release is fully backward compatible with v1.24.x.

The new features are opt-in:

API disabled by default (use --api flag or idle mode)
MCP server is a separate subcommand (kubefwd mcp)

Installation

Homebrew (macOS/Linux)

brew install txn2/tap/kubefwd

Docker

docker pull txn2/kubefwd:v1.25.0

Binary Downloads

Download pre-built binaries from the GitHub Releases page.

Available for:

Linux (amd64, arm64, arm, 386)
macOS (amd64, arm64)
Windows (amd64, 386)

Package Managers

APK (Alpine): kubefwd_arm64.apk, kubefwd_amd64.apk
DEB (Debian/Ubuntu): kubefwd_arm64.deb, kubefwd_amd64.deb
RPM (RHEL/CentOS/Fedora): kubefwd_arm64.rpm, kubefwd_amd64.rpm

Verifying Downloads

Verify Checksum Signature

# Download checksum file and signature bundle
curl -LO https://github.com/txn2/kubefwd/releases/download/v1.25.0/kubefwd_checksums.txt
curl -LO https://github.com/txn2/kubefwd/releases/download/v1.25.0/kubefwd_checksums.txt.sigstore.json

# Verify signature
cosign verify-blob \
  --bundle kubefwd_checksums.txt.sigstore.json \
  --certificate-identity-regexp="https://github.com/txn2/kubefwd/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  kubefwd_checksums.txt

Verify Docker Image

cosign verify txn2/kubefwd:v1.25.0 \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  --certificate-identity-regexp="https://github.com/txn2/kubefwd/.*"

Upgrade Notes

Upgrading from v1.24.x should be seamless. New features are opt-in.

Try the REST API

# Forward with API enabled
sudo -E kubefwd svc -n default --api

# Access interactive docs
open http://kubefwd.internal/docs

Try MCP with Claude Desktop

Install kubefwd v1.25.0
Add MCP configuration (see above)
Restart Claude Desktop
Chat: "Forward the default namespace and show me what services are available"

Try Idle Mode

# Start without namespaces
sudo -E kubefwd

# Add namespaces via API as needed
curl -X POST http://kubefwd.internal/api/v1/namespaces \
  -d '{"namespace": "default"}'

Full Changelog

See the commit history for the complete list of changes.

Changelog

8c5bc5c1c879ef534313285a98da7e9abfd8bf70 Add AI-focused analysis and status handlers
00bc8ad8677bc95816f2d68f221bfd5bdbdd1f5c Add API adapters and handlers for fwdapi package
69bc443e0399408afccc49808efd9af7473f97c5 Add API documentation handlers and unit tests
80835ac8bb97468029f1a35cbe353964390d4208 Add API response and metadata types for fwdapi package
c9638ae29bb91353b50c5edf55c7203ad75b801f Add HTTP client methods and controllers for MCP API integration
00085906f8b66a4c0f44ed7e0fcf2463ae789346 Add HTTP traffic inspection handlers for forwards and services
f502482c2e4c1c6d2e40b748713e88cb0893a65a Add HTTP-based MCP server integration and related API adapters
feced12ff5f3bd9a5f03aceb5a7def38c9921306 Add HTTP-based providers for Analysis, Traffic, and History APIs
234ad962642b3f64969ab6cb18d6c0fafb5a6125 Add KubernetesHandler for resource discovery and API integration
f6eedd71097e05f6620b19040dc0bd8eff8719b8 Add MCP command integration to kubefwd CLI
98d820a8ad035b45bc8746d3be4a66854f498a90 Add MCP mode and server integration with support for diagnostics, metrics, and service control
de810f257384e017c79322d61a06a74d13243e08 Add MCP prompt registration for troubleshooting, status explanation, error fixing, and monitoring
9aff5b6aba6810d7b6c6149c99c044a9c32f1b31 Add MCP resource registration for services, forwards, metrics, summary, and errors
4836b9c5b6441580a673cf76a299b18be0842e6f Add MCP server implementation for Kubernetes port forwarding support
3352cc7ec3dd8df3da215ae729738785f55b3b23 Add MCP tools registration for diagnostics, metrics, services, and logs
1f43b7ace6b77916a143a8af6dd607038d56dc42 Add NamespacesHandler for CRUD operations on watched namespaces
6e8380967336704c1d58b22c8ffd83c78a7a297b Add OpenAPI spec for System and ClearSystem endpoints
77d69fe132d49aa64c0f583ed8c3623f14f2359e Add OpenAPI specification for kubefwd API
5f82f76a3aa0ac7d4119f2f37c34f9d0e6445ac6 Add REST API and MCP documentation to mkdocs navigation
c5a2ed31c6a649b0365bdd9fccbc9833aceb3b62 Add REST API documentation and MCP integration guide
fb3f253c472dc39412a572989719197d8f5d7154 Add ServeStdio method to MCP server for stdio transport support
db83463ff844796bdbc0b55ae5575d3c302d5c8d Add ServicesCRUDHandler for managing services add/remove operations
167530663677ebab4fee794e40b17766c0bacc8d Add DiagnosticsProvider interface for system and service diagnostics
45076044fc44e60b0125088829c49b4ae7517ecb Add EventsEnabled method to check event infrastructure availability
7e1cd005abf28b9ecc7b64eab62190f815697bd0 Add GetCurrentContext method to retrieve the current Kubernetes context from kubeconfig
b023520411c1d0d7e5cc58eee4220ae02bb847de Add KubernetesDiscoveryAdapter for dynamic resource discovery
62908c5e17d597f08db55843cf1c26fa76ec8e21 Add LogBuffer and LogBufferHook for in-memory log management in fwdapi
81a9f196e30de00accee7039d1b7382aadec564c Add ServiceCRUDAdapter for managing individual service forwarding
07d369787582e8655b38fa07f82b142f8faa773c Add SetDiagnosticsProvider method to Manager
c8d65e53eac93763f174ea2db5475cee8f74d7de Add System and ClearSystem endpoints for system log management in fwdapi
6263225fd1c6085179fbfe55debc0f6f72e23df7 Add apiMode flag and API server initialization
f8a508c3bc71a5d931245875e59fa3299217b612 Add setupRouter for initializing API routes in fwdapi package
0d10c2a34b4218198762d0ef830030bf72f64526 Add ad-hoc IP lock management and service forwarding support without namespace watchers
cd3dc59c070afc79176f5fe7c8259bf6cc236fb3 Add comprehensive tests for handlers and controllers
648841926437192b81de1542bad7f845ee5bfb4d Add comprehensive unit tests for HTTP client methods and controllers:
8413f7632e958ffb5cca58db926a313f1160e5de Add comprehensive unit tests for NamespaceWatcher and Manager components
6dab966bae8b01771ce424fb6d8de3cabd60ba9c Add comprehensive unit tests for diagnostics, analysis, traffic inspection, and history handlers
4c337c3aad66b8ffdc2a9ec26d9001f125def79a Add context-aware support for kubefwd and update user guidance
6c40eee39f973d20c7425c26dcecb9dc9b4626c8 Add custom 404 page and configure theme overrides in mkdocs.yml
144e885d5896504fe1c781ecf85f17d3dcffd727 Add debugging and quick access prompts for service analysis and issue resolution
70ea1295eef1277c6d1ebb4e6e2061b34d9804e2 Add developer-focused improvements to MCP server
da8c1fcfd9b2f808a1ac0dc3ed54936761b1fedc Add developer-focused tools and handlers for MCP
e516c2bc805742cd21625a6eb1588a3293215c16 Add diagnostic types for system, service, and network health analysis
8cda162df0770e3bfcd0c167654a979ba5d3c439 Add diagnostics API with endpoints for system, service, network, and error insights
0ec0409ee7c82ae77190805cee64ce26c4ea88b3 Add diagnostics provider for enhanced API health and error insights
e251c997f33c61046ca9a88c4037a4c4fd0fa122 Add enhanced providers for AI-optimized analysis, HTTP traffic, and event history in MCP server
819e9939f22ea34118fca7a8681ccc3adf09bcd7 Add extensive unit tests for API adapters, diagnostics, history, and middleware
fd9600979633a4645651692055938735cd9caef3 Add extensive unit tests for HTTP client, prompts, and resource handlers
0344b560200c55517fafb3ed0bf610a424e0bbb6 Add foundational API handlers, middleware, and manager for fwdapi
95b87d268eddfba7141e171b4f27e5bc200690a8 Add gin dependency for fwdapi package
16fd0b23f28c2d675992aacfa4955da75ea66c38 Add history API endpoints for events, errors, reconnections, and stats
61780dd3c78c2ffdd2034519e0b178599704c3f8 Add interfaces for namespace management, service CRUD, Kubernetes discovery, and connection info providers
423d04a9bdb049295c5456d01d95683133c2e9f2 Add methods to retrieve all services and services by namespace from the registry
acb3d3c3d65c7ff917974eeabf68f2ee2d754d62 Add namespace manager for dynamic namespace watcher lifecycle management
91fa04d91e869c05e9242cb13b5a038ba4206ec3 Add namespace manager integration with dynamic namespace operations
c4483a8cc673de080f390d1da9cf6add8f3427a1 Add new API endpoints for diagnostics, HTTP traffic, AI analysis, and history
2a025442c641cf5f5dc34ac0cda99269c66d6c75 Add new API endpoints for namespaces, services, and Kubernetes discovery
aae94d0d9904e6abcffa905002d6aa2fcf490ecc Add new module dependencies: MCP SDK, JSON Schema, JWT, and URI Template
f8f7543fb47eda8dfc4daa3ace15f4f1ef8d1c1e Add new tools for AI-driven analysis, HTTP traffic inspection, and event history management
613b87b08bdbeca99d2d1d27f36a98a3372b45d9 Add query parameter support for List in ForwardsHandler
e65dbce1d6f319a5e62a4e0bc1becff82a1ed91e Add query parameter support for List in ServicesHandler
10d4c7e990cc3d80bc5f3a25c75ad1e768650147 Add query parameters and new types for HTTP traffic and pagination
bddf32f905c2b0c24002a4289923fd3c6eacd889 Add quick access resources for health status, HTTP traffic, and Kubernetes contexts in MCP server
e930868f03f3b6ea28934877e8f5ef8f1aa3f138 Add service handlers in fwdapi package to manage services and forwards
a23d6a2845884e3ad3cf30aad30ac0915c37de9d Add setters and getters for Analysis, Traffic, and History providers in MCP server
587f5972ba97821c224b29a6ba6c5489b87792d7 Add setters for namespace, service, and Kubernetes discovery controllers in Manager
79d01d2d4808fe3006a3ab9300e31bc103d172d1 Add standalone event infrastructure for API-only mode
c4f71f0bbb89c240902a779bcaae36de8ee5149c Add structured error handling for MCP tools
f2092136bc4b1fbcca67d188560f6dafd62a43e7 Add system log handling and improve context management in handlers
299e54a5f664c70e4f6d6b4aa2555123be35ae01 Add types for Kubernetes resources and CRUD request/response models
249a3373e11507b901727382dc8d5f42896ee14b Add unit tests for MCP error handling and classification
191e5698e68d449bb3bbd91b5a042101481c8c8d Add unit tests for Manager methods, context/namespace indexing, ad-hoc IP locks, port mapping, and service forwarding
fe0d0227438713af672a788ba14e2a8e7497a9b0 Add unit tests for ServiceCRUDAdapter and KubernetesDiscoveryAdapter
687c599170b7aa5092bbc2b26d7f58579f647fbe Add unit tests for fwdapi handlers and manager
0b74e23fcc8a58546128a4cb79b6b7dcbd0f8ad2 Add unit tests for new tools and handlers in MCP server
fecfba51ced307a0fc4e631885e6eb3b7c24026d Default to current Kubernetes context if none is specified in StartWatcher and StopWatcher methods
bc09dd290c3ef872be5990f0d77926ca45a898be Default to current Kubernetes context if none is specified in ListNamespaces and ListServices methods
a553160f2e4759d93a3da1e039517ed99be0e442 Expand MCP integration documentation with detailed platform-specific setup instructions and examples.
1ce61310c5c06719c83b1d70875e6e1a00221a17 Fix 35 lint issues across API and MCP packages
3ab1bf2825e27d4f8cf0e77e426fef7bfd68959f Fix race condition in NamespaceWatcher and extend NamespaceInfoResponse
f30eb0f7ebbccca8bbdd4c577b751e1ba930ee48 Fix race condition in NamespaceWatcher by setting running before goroutine start
17a335ed9c82815cb36a587017af8c34ab728951 Handle unavailable event bus in SSE handler and improve connection setup
50a6f26fd374013bc31134ab8ba3fb5d276760c4 Introduce history package for event, error, and reconnect tracking
4cf723ad35f7120766007d6c6d4e1ed121bbd164 Refactor LogsHandler to use injected LogBufferProvider and initialize log buffer in fwdapi
a50b88b08b08b1f7fc76d0530c6d765fa62440c1 Refactor mapPortForwardMetrics to use strongly-typed PortForwardSnapshot input
f1ffcc1d30384fdda15280c6777b951c7d5e2333 Refactor event handling for API and MCP modes
eaa1dd57b7edd088cd882b7f53b351206f7bdf50 Refactor router setup with clear grouping for API, docs, and versioned endpoints
b2c702cfe8c6b530b77dc06aa78c27b4d61e8e37 Refactor services.go to utilize dynamic namespace management with NamespaceManager
18a18c517d75517ce80ff0bde06831bfac7f566f Refine language and formatting in docs/comparison.md for clarity and consistency
123fa59cd6ead2f80e609dbf47875fd17e944a36 Remove MCP mode and related code, update idle mode behavior and API integration
502e3aabcfdae940780e27fde48a4bc5a8933711 Remove outdated and unused test cases related to legacy NamespaceOpts and service handlers.
892cff1d4ae2c1256f16cc21ac1635057d6e1699 Replace fwdtui.IsEnabled with fwdtui.EventsEnabled for clearer semantics in event handling
a3079c2a38398c314f5184293a7c2cd01844d863 Replace fwdtui.IsEnabled with fwdtui.EventsEnabled in shutdown logic for clearer event handling
87f8cf07c2466ec2d4276eddecbebf1bb651b819 Security: Add explicit slice allocation bounds (CodeQL CWE-770)
3587c03ecffbd34cd5927886b7dc6e624ed6dec3 Security: Restrict CORS to trusted local origins only
ee1d419d8b22bd83a4439faeb42b56a925adcbb8 Set up ServiceCRUDAdapter in apiManager for managing add/remove operations
6ab25f190c5587a7f86ae758467d454eab7bf1aa Simplify error messaging for unavailable event bus in SSE handler
7fab7bb5734a56fe6d80439b5900ddb35a1ab4f6 Streamline MCP integration docs with simplified commands and clear configuration examples
06e68756139d4de90f2690c485eca514c9534d04 Update API hostname and initialize standalone event infrastructure for API mode
0bb979fa87e70ecd1b1762ab79837640e2ab4f7c Update URLs to point to https://kubefwd.com in version and log outputs
6d121c54e0c364a9746f60295276afe9f8095f32 Update APIHostname to Hostname and adjust related logging/host entries
ed6688b2c8c41303d604fcfcb79e722dff2dfe87 Update NewLogsHandler tests to include additional dependency parameter
bcb3323069ad8319f4cc72f4749749058c9d3dc6 Update README.md for improved clarity, updated links, and feature descriptions
3309e1e46ad2dd511d27e2ef4998d09e78f36b74 Update kubefwd CLI help and usage details, add idle mode support, and streamline subcommand handling
aacc5f3291f4360ad8e6029ecc6cf7f0ebaa906b Update default API URL for kubefwd mcp to http://kubefwd.internal and improve CLI help and usage documentation
1617d13b50994c08aac2c2b369d9c9fa624cff42 Update default API URL to include /api path and adjust CLI examples accordingly
05ef911aa7f88804d5ed9b78d5ec24b6792d7d0a Update dependencies in go.mod and go.sum files
153dc0ebf6314e2545e754ef8758f7fc17cae244 Update documentation URL in issue template to point to https://kubefwd.com
472958fdcba8163805be35739951ab67f87353e9 Update header link to point to https://kubefwd.com
4dc879dbb2233ee3f22524d8cd96de327fd2025b Update homepage URL in .goreleaser.yml to https://kubefwd.com
63bc193b45e929d5ed208da3b42c91e7f89b7ac8 Update hostname and logging for API and web interface
7c46bef692fe0ebb3f286fbb2734ac603e29b594 add: documentation links to README for easier navigation
592c117200f92c395cdf0e8a1a984dc92315f48c feat: add custom CSS and assets for kubefwd docs redesign
152b651f485c817360e64baf7dbae7669ad17243 fix: add bounds check for size formatting functions
86682539040007632371e50df16362a018ef363d fix: add panic recovery to MetricsStream Read/Write methods
63aa169075bae7e1314325c3e82e2eb77ee63d62 fix: add panic recovery to TUI Update method
5c9ac9f2b526b747cdcf2df271d1803379fd16fd fix: clean up stale pod forwards using corrected key comparison logic
6de4e6cc2044c097c5cb79cb196c12fc9ead1f06 fix: handle timeout in stopPing to avoid goroutine blockage
64ee12c42f6178ecbadb9c5c7fc0e75004a00a51 refactor: adjust port forwarding logic to use pod-specific keys
451d087c0f93d224b1c75a9f6c5e6b29013719fb refactor: enhance docs with updated structure, theme, and features
2bb18320370a33508775b6bbe94cfef74a24381e refactor: simplify key generation in handleKubefwdEvent
d8882395b8871101590c957422c0cfe897e6fb68 refactor: support multiple port forwards per pod UID in GlobalPodInformer
a03987f58e7eb980cd488dd746cd712d02f35304 refactor: support multiple services per pod in GlobalPodInformer
1019cf0da3466a8a30a66bd6adb810d2a277ff6e update: revise Windows installation instructions in README for kubefwd

Security Fixes

CORS origin whitelist restricting Access-Control-Allow-Origin to trusted local origins only
Bounded memory allocations (ring buffers limited: event history ≤10,000 entries, error history ≤5,000 entries, reconnection history ≤2,000 per service, log buffer ≤10,000 entries) addressing CWE-770

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track txn2/kubefwd

Get notified when new releases ship.

About txn2/kubefwd

Kubernetes bulk port forwarding with service discovery, /etc/hosts management, traffic monitoring, and pod log streaming

All releases →