Skip to content

kubetail

Logging

A real-time logging dashboard for Kubernetes that tails multi‑container workloads into a single chronological view

Track releases GitHub Website
Go Latest cli/v0.17.0 · 29d ago Security brief →

Features

  • Real‑time log streaming across all containers in a workload
  • Unified timeline with filters by workload, time range, node properties, and grep
  • Private‑by‑default: logs fetched directly via the Kubernetes API
  • Cross‑platform UI (web dashboard) and terminal output modes

Recent releases

View all 11 releases →
cli/v0.17.0 Security relevant
⚠ Upgrade required
  • Remove invalid --upload flag from cosign sign in release workflow
Security fixes
  • Prevent client‑supplied X-Forwarded-Authorization from shadowing service‑account-token
  • Harden CSRF token handling
  • Stop trusting X-Forwarded-* headers in same-origin check
Notable features
  • Support forwarded host in same-origin check
  • Relax hex requirement for session key-pairs
  • Trigger publish workflows only on stable releases
Full changelog

What's Changed

  • ✨ Support forwarded host in same-origin check by @amorey in https://github.com/kubetail-org/kubetail/pull/1103
  • 🎣 Relax hex requirement for session key-pairs by @amorey in https://github.com/kubetail-org/kubetail/pull/1107
  • ✨ Trigger publish workflows only on stable releases by @amorey in https://github.com/kubetail-org/kubetail/pull/1110
  • ✨ Add CSRF token support to GraphiQL page by @amorey in https://github.com/kubetail-org/kubetail/pull/1111
  • 🎣 Fix CSRF rejection of legitimate same-origin POSTs by @amorey in https://github.com/kubetail-org/kubetail/pull/1112
  • 🎣 Prevent client-supplied X-Forwarded-Authorization from shadowing service-account-token by @amorey in https://github.com/kubetail-org/kubetail/pull/1113
  • 🎣 Harden CSRF token handling by @amorey in https://github.com/kubetail-org/kubetail/pull/1114
  • 🎣 Stop trusting X-Forwarded-* headers in same-origin check by @amorey in https://github.com/kubetail-org/kubetail/pull/1117
  • ✨ Add allowed-origins config for proxied deployments by @amorey in https://github.com/kubetail-org/kubetail/pull/1118
  • ✨ Consolidate publish-guru workflow and add pkgcheck by @amorey in https://github.com/kubetail-org/kubetail/pull/1120
  • 🎣 Fix context cancellation in mergeLogStreams by @jerome-wilson in https://github.com/kubetail-org/kubetail/pull/1121
  • ✨ Add end-to-end test suite by @amorey in https://github.com/kubetail-org/kubetail/pull/1127
  • ✨ Put cluster-api behind kube-apiserver aggregation layer by @amorey in https://github.com/kubetail-org/kubetail/pull/1125
  • ✨ Simplify e2e suite by dropping env/backend parametrization by @amorey in https://github.com/kubetail-org/kubetail/pull/1129
  • ✨ Migrate e2e cluster tool from k3d to kind by @amorey in https://github.com/kubetail-org/kubetail/pull/1130
  • ✨ Bump grpc-dispatcher-go to v0.1.6 by @amorey in https://github.com/kubetail-org/kubetail/pull/1132
  • 🐋 Add Kubetail API backend to kubetail logs by @amorey in https://github.com/kubetail-org/kubetail/pull/1133
  • 🎣 Remove invalid --upload flag from cosign sign in release workflow by @amorey in https://github.com/kubetail-org/kubetail/pull/1134
  • 🎣 Fix kubetail logs backend fallback, filters, and pagination by @amorey in https://github.com/kubetail-org/kubetail/pull/1135
  • ✨ Add background update check with notification by @amorey in https://github.com/kubetail-org/kubetail/pull/1137

Full Changelog: https://github.com/kubetail-org/kubetail/compare/cli/v0.15.0...cli/v0.17.0

View release on GitHub
cli/v0.16.0 Breaking risk
Breaking changes
  • X-Forwarded-* headers no longer trusted in same-origin validation
Security fixes
  • X-Forwarded-Authorization header no longer shadows service-account-token
  • WebSocket per-message compression disabled in GraphQL servers
  • CSRF token handling hardened with improved validation
Notable features
  • CSRF protection added to dashboard and cluster-api
  • CSRF tokens support in GraphiQL
  • Allowed-origins configuration for proxied deployments
Full changelog

What's Changed

  • ✨ Drop kubetail-bin from publish-guru and trim old ebuilds by @amorey in https://github.com/kubetail-org/kubetail/pull/1100
  • ✨ Support forwarded host in same-origin check by @amorey in https://github.com/kubetail-org/kubetail/pull/1103
  • 🎣 Honor Forwarded proto directive in same-origin scheme check by @amorey in https://github.com/kubetail-org/kubetail/pull/1104
  • 🎣 Disable WebSocket per-message compression in GraphQL servers by @amorey in https://github.com/kubetail-org/kubetail/pull/1105
  • 🐋 Add CSRF protection to dashboard and cluster-api by @amorey in https://github.com/kubetail-org/kubetail/pull/1106
  • 🎣 Relax hex requirement for session key-pairs by @amorey in https://github.com/kubetail-org/kubetail/pull/1107
  • ✨ Release/0.22.0 by @amorey in https://github.com/kubetail-org/kubetail/pull/1109
  • ✨ Trigger publish workflows only on stable releases by @amorey in https://github.com/kubetail-org/kubetail/pull/1110
  • ✨ Add CSRF token support to GraphiQL page by @amorey in https://github.com/kubetail-org/kubetail/pull/1111
  • 🎣 Fix CSRF rejection of legitimate same-origin POSTs by @amorey in https://github.com/kubetail-org/kubetail/pull/1112
  • 🎣 Prevent client-supplied X-Forwarded-Authorization from shadowing service-account-token by @amorey in https://github.com/kubetail-org/kubetail/pull/1113
  • 🎣 Harden CSRF token handling by @amorey in https://github.com/kubetail-org/kubetail/pull/1114
  • 🎣 Stop trusting X-Forwarded-* headers in same-origin check by @amorey in https://github.com/kubetail-org/kubetail/pull/1117
  • ✨ Add allowed-origins config for proxied deployments by @amorey in https://github.com/kubetail-org/kubetail/pull/1118

Full Changelog: https://github.com/kubetail-org/kubetail/compare/cli/v0.15.0...cli/v0.16.0

View release on GitHub
cli/v0.15.0 New feature
Security fixes
  • Sec-Fetch-Site CSRF check enforcement on dashboard dynamic routes
  • WebSocket security hardening with same-origin checks
  • Cluster-API authentication and transport hardening
Notable features
  • User-selectable timezone for timestamp display
  • Log download with TSV, CSV, and text export
  • Persistent user preferences with theme integration
Full changelog

What's Changed

  • 🎣 Gate WebSocket reconnection with HTTP health check by @jerome-wilson in https://github.com/kubetail-org/kubetail/pull/1094
  • 🐋 Add user-selectable timezone for timestamp display by @amorey in https://github.com/kubetail-org/kubetail/pull/1085
  • 🐋 Add persistent user preferences with theme integration by @amorey in 🐋 https://github.com/kubetail-org/kubetail/pull/1086
  • 🐋 Persist timezone preference across sessions by @amorey in https://github.com/kubetail-org/kubetail/pull/1087
  • ✨ Align timestamp copy-as menu with shared format list by @amorey in https://github.com/kubetail-org/kubetail/pull/1089
  • 🐋 Enforce Sec-Fetch-Site CSRF check on all dashboard dynamic routes by @amorey in https://github.com/kubetail-org/kubetail/pull/1092
  • 🐋 Add log download with TSV/CSV/text export by @amorey in https://github.com/kubetail-org/kubetail/pull/1090
  • 🎣 Fix log viewer column widths under-reporting and compounding by @amorey in https://github.com/kubetail-org/kubetail/pull/1095
  • ✨ Harden cluster-api authentication and transport by @amorey in https://github.com/kubetail-org/kubetail/pull/1096
  • ✨ Harden WebSocket security with same-origin checks by @amorey in https://github.com/kubetail-org/kubetail/pull/1097
  • ✨ Harden WebSocket security with same-origin checks by @amorey in https://github.com/kubetail-org/kubetail/pull/1097

Full Changelog: https://github.com/kubetail-org/kubetail/compare/cli/v0.14.1...cli/v0.15.0

View release on GitHub
cli/v0.14.1 Security relevant
Security fixes
  • CVE-2026-29063
  • Security upgrades
Notable features
  • Log viewer multi-cell selection, context menus, and date range filtering
  • Forward bearer tokens to resolve permission denied errors in authMode: token
  • Add upgrade notification banner and notifications integration
View release on GitHub
cli/v0.14.0 Security relevant
Security fixes
  • CVE-2026-29063
Notable features
  • Log viewer multi-cell selection, right-click context menu, and clipboard copy support
  • Bearer token forwarding to resolve permission denied errors in authMode
  • Upgrade notification banner and notifications integration
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
1,713
Forks
123
Languages
Go TypeScript Rust
View on GitHub Homepage Live demo Documentation

Install & Platforms

Install via
brew snap winget chocolatey scoop macports apt dnf zypper nix shell-script binary
Platforms
linux macos windows

Community & Support

Discord Slack

Similar tools

dozzle
logdy-core
chipmunk
logchef
quickwit

Beta — feedback welcome: [email protected]