LogTide

Changelog & Roadmap

What we've shipped and what's coming next.

24
Releases
v0.7.0
Latest
4
Planned
Released
In Progress
Planned
Roadmap
v0.8.x
In Progress
Feature
Q1 2026

MongoDB Adapter, Browser SDKs & Metrics Dashboards

MongoDB storage adapter for @logtide/reservoir, browser and frontend SDKs with source maps and Core Web Vitals, and OTLP metrics dashboards with cross-signal correlation.

  • MongoDB storage adapter for @logtide/reservoir
  • Browser/Frontend SDKs with source maps
  • Core Web Vitals and network breadcrumbs
  • OTLP Metrics Dashboards
  • Correlation across logs, traces, and metrics

In Progress

  • MongoDB Adapter — New storage backend for @logtide/reservoir, bringing MongoDB as a third option alongside TimescaleDB and ClickHouse
  • Browser/Frontend SDKs — Client-side monitoring with source maps, Core Web Vitals collection, and network breadcrumbs for debugging frontend issues
  • OTLP Metrics Dashboards — Visualization layer for OpenTelemetry metrics with correlation across logs, traces, and metrics in a single view
v0.9.x
Planned
Feature
Q2 2026

Service Health, Custom Dashboards & Log Pipelines

Service health monitoring with status pages, custom configurable dashboard panels, and log parsing pipelines for data enrichment and transformation.

  • Service health monitoring and status pages
  • Custom configurable dashboard panels
  • Log parsing pipelines for enrichment

Planned

  • Service Health Monitoring — Built-in status pages and health tracking for your services
  • Custom Dashboards — Configurable panel layouts to build your own monitoring views
  • Log Parsing Pipelines — Transform and enrich logs at ingestion with field extraction, parsing rules, and data normalization
v1.0
Planned
Feature
H2 2026

Beta Release Target

Scheduled digest reports, webhook event receivers, full documentation coverage, migration guides from ELK/Datadog/Loki, and production-ready Helm chart.

  • Scheduled digest reports via email
  • Webhook event receivers
  • Full documentation coverage
  • Migration guides for ELK, Datadog, Loki
  • Production-ready Helm chart

Planned for v1.0 Beta

  • Scheduled Digest Reports — Email-based summaries on a configurable schedule
  • Webhook Event Receivers — Accept events from external services and integrations
  • Full Documentation — Complete documentation coverage for all features
  • Migration Guides — Step-by-step guides for migrating from ELK, Datadog, and Grafana Loki
  • Helm Chart Stable — Production-ready Kubernetes deployment via Helm
v1.x
Planned
Feature
H2 2026

Stable Release & Enterprise Features

Performance hardening, enterprise SSO/SAML, advanced RBAC, managed cloud GA, and tiered storage with hot/warm/cold data lifecycle.

  • Performance hardening for production scale
  • Enterprise SSO/SAML
  • Advanced RBAC
  • Managed cloud GA
  • Tiered storage (hot/warm/cold)

Planned

  • Performance Hardening — Production-scale optimization and stress testing
  • Enterprise SSO/SAML — SAML 2.0 integration for enterprise identity providers
  • Advanced RBAC — Fine-grained role-based access control
  • Managed Cloud GA — General availability of the hosted LogTide cloud service
  • Tiered Storage — Hot/warm/cold data lifecycle management for cost optimization
2026
v0.7.0
Released
Feature

OTLP Metrics, Service Graph & Audit Log

OpenTelemetry metrics ingestion, service dependency graph visualization, audit logging, and major UX restructuring.

  • OTLP Metrics with protobuf/JSON support
  • Service Dependency Graph with force-directed layout
  • Audit Log for compliance tracking
  • UX sidebar restructured into Observe/Detect/Manage
  • 46 TypeScript/Svelte warnings eliminated

Added

  • OTLP Metrics Ingestion — Full OpenTelemetry metrics support with protobuf/JSON, all 5 metric types, exemplar support, TimescaleDB hypertables, ClickHouse support, query API with 7 aggregation intervals and 6 functions, group-by label support, 118+ tests
  • Service Dependency Graph — Force-directed graph visualization with health color-coding, click-to-inspect panels, and PNG export
  • Audit Log — Tracks 4 event categories (login, config changes, user management, data modifications) with high-performance buffer and CSV export

Changed

  • Batch ingestion endpoint accepts flexible payload formats (standard, direct array, wrapped array) with auto-normalization
  • UX Restructuring — Sidebar grouped into Observe/Detect/Manage sections, Service Map merged into Traces, Sigma Rules moved to Security, Settings restructured, Command palette updated

Fixed

  • OTLP Traces typo using resource_logs instead of resource_spans
  • OTLP Authentication for /v1/otlp routes
  • JavaScript SDKs updated to v0.6.1 for OTLP compatibility
  • Frontend environment loading via $env/dynamic/public
  • SDK code examples across dashboard
  • Pagination total count with fast approximate estimates
  • Admin dashboard timeline gaps (ClickHouse bucket key format)
  • Chart locale now respects system language
  • Silent API errors now show toasts
  • Empty states for services/errors
  • Docker auto-database creation
v0.6.3
Released
Fix

Fix: Unauthenticated SMTP Support

SMTP no longer requires user/password credentials. Only the host is needed, and the from address uses the SMTP_FROM parameter.

  • SMTP works without USER/PASS credentials
  • From address uses SMTP_FROM parameter

Fixed SMTP configuration to support unauthenticated mail servers. Only SMTP_HOST is now required — SMTP_USER and SMTP_PASS are optional. The sender address is configured via SMTP_FROM.

v0.6.2
Released
Breaking

Write-Only API Keys & Domain Allowlists

New write-only API key type safe for browsers and mobile, plus domain/IP allowlists with wildcard subdomain support for origin validation.

  • Write-only API keys safe for client-side use
  • Domain/IP allowlist with wildcard subdomains
  • Dogfooding SDK migration to official plugins
  • fast-xml-parser security fix

Added

  • Write-Only API Keys — New type field (write/full), safe for browsers and mobile, defaults to write
  • Domain/IP Allowlist — Up to 50 allowed origins per key with wildcard subdomain support and Origin header validation

Security

  • fast-xml-parser bumped to >=5.3.6 for entity expansion DoS fix
  • Read endpoints reject write-only API keys with 403
  • Origin allowlist validation with wildcard subdomain parsing

Breaking Changes

  • API key default type changed to write — existing keys migrated automatically, server-side queries need full type
  • Database migration 024_api_key_scopes.sql required
v0.6.1
Released
Feature

ClickHouse Storage Engine

ClickHouse as a full alternative to TimescaleDB via the @logtide/reservoir abstraction layer, with factory pattern engine selection and full query migration.

  • ClickHouse via @logtide/reservoir abstraction
  • Factory pattern engine selection
  • 26 integration tests against both engines
  • Full log query migration to Reservoir

Added

  • ClickHouse Storage Engine — Full support as TimescaleDB alternative via @logtide/reservoir abstraction layer with PREWHERE, async_insert, and ngrambf_v1 indexes
  • Full Log Query Migration — All query operations (alerts, dashboard, admin, retention, ingestion, correlation) migrated to the Reservoir abstraction

Performance

  • Removed COUNT(*) full scans in admin queries, switched to continuous aggregates
  • ClickHouse DateTime64(3) millisecond precision with hasToken() fallback
  • TimescaleDB removed redundant indexes, added UNNEST batch inserts
v0.6.0
Released
Feature

Security Packs, PII Masking & Keyboard Shortcuts

Host security detection packs with MITRE ATT&CK mapping, PII masking at ingestion, rate-of-change alerts, keyboard shortcuts, and admin dashboard revision.

  • 3 security packs with 15 MITRE-mapped rules
  • PII masking with mask/redact/hash strategies
  • Rate-of-change alerts with baseline detection
  • Command palette and keyboard shortcuts
  • Revised admin dashboard with health monitoring

Added

  • Host Security Detection Packs — 3 packs (Antivirus & Malware, Rootkit Detection, File Integrity Monitoring) with 15 rules total, MITRE ATT&CK mapped
  • PII Masking at Ingestion — Content patterns (email, credit card, phone, SSN, IPv4, API keys), field name masking, custom rules, three strategies (mask, redact, hash with per-org salt), Settings UI with live test panel
  • Keyboard Shortcuts — Command Palette (Ctrl/Cmd+K), Help Modal (?), sequence navigation (G+D/S/A/P/T/E/R/X), search shortcuts, first-time toast
  • Admin Dashboard Revision — Health status cards, 24h activity timeline, 8 stat cards, System Health page with database/pool/Redis diagnostics
  • Rate-of-Change Alerts — 4 baseline methods (same_time_yesterday, same_day_last_week, rolling_7d_avg, percentile_p95), anti-spam, frontend baseline picker
  • Timeline Event Markers — Alerts and security detections shown on log timeline chart
  • Version Update Notifications — GitHub release checking with 6-hour cache and release channel setting

Fixed

  • Sigma API missing tags and MITRE fields
  • Badge components stretching in containers
  • Client errors (4xx) returning 500 instead of correct status
  • Log Context metadata expanding dialog infinitely
  • Email logo not rendering in Outlook/Gmail
  • Continuous Aggregates showing “Refresh: unknown”
  • Charts not resizing on sidebar toggle (switched to ResizeObserver)
v0.5.4
Released
Fix

Detection Pack Routing & Exception Fixes

Detection pack category routing directs results to correct UI sections. Multiple fixes for exception handling and onboarding.

  • Detection results routed to correct UI sections
  • Exception detection for metadata.error structure
  • Onboarding race condition fixed

Added

  • Detection Pack Category Routing directing results to correct UI sections

Fixed

  • Exception Detection for metadata.error structure
  • Exception Details Dialog showing [object Object]
  • Onboarding race condition with concurrent requests
  • Internal org missing members assignment
  • Unwanted email/webhook notifications dispatch
  • Email logo not rendering with hosted SVG URLs
  • Ingestion JSON parse errors returning proper 400 status
v0.5.5
Released
Fix

Detection Filter Fix & Admin Performance

Fixed detection category filter validation and optimized admin dashboard from 31s to ~1s with continuous aggregates.

  • Detection category filter validation fix
  • Admin stats optimized from 31s to ~1s
  • Error Group Logs timeout fixed

Fixed

  • Detection Category Filter Validation Error with schema correction
  • Admin Dashboard timeout fixed with continuous aggregates

Performance

  • Admin stats endpoints optimized from 31s to ~1s
  • Error Group Logs timeout fixed with time bounds
v0.5.3
Released
Improvement

Hostname Filter & Hypertable Optimization

Hostname filter for syslog sources, log retention fixes for compressed chunks, and major performance improvements with TimescaleDB hypertables.

  • Hostname filter for syslog sources
  • log_identifiers as TimescaleDB hypertable
  • Continuous aggregates for spans and detections
  • Hybrid query architecture for historical data

Added

  • Hostname Filter for Syslog Sources with automatic extraction and filtering

Fixed

  • Log Retention on Compressed Chunks with proper decompression handling
  • Fluent Bit Kubernetes metadata extraction improvements

Performance

  • log_identifiers table optimized as TimescaleDB hypertable
  • Continuous aggregates for spans and detection events
  • Hybrid query architecture using aggregates for historical data
  • Admin monitoring endpoints for compression and aggregate stats
v0.5.2
Released
Security

Security Fixes & Batch Splitting

Fastify security vulnerabilities patched, automatic batch request splitting, and Unicode escape sanitization.

  • Fastify upgraded to 5.7.3+ for security fixes
  • Automatic batch request splitting
  • Unicode escape sequence sanitization

Security

  • Fastify security vulnerabilities fixed in upgrade to 5.7.3+

Fixed

  • API batch request limit with automatic batch splitting
  • Unicode escape sequences sanitization
  • POST requests without body compatibility
  • Log retention cleanup for compressed chunks
  • Fluent Bit Kubernetes metadata extraction
v0.5.1
Released
Feature

Notification Channels

Configurable email and webhook notification destinations with channel testing before saving and UI space optimization.

  • Email and webhook notification channels
  • Test channel before saving
  • UI space optimization

Added

  • Notification Channels — Configurable email and webhook destinations with channel testing before saving

Changed

  • UI space optimization reducing margins and padding across the dashboard

Fixed

  • Invitation email resend functionality
  • Unwanted notifications when channels unconfigured
v0.5.0
Released
Feature

Terminal View, Detection Packs & Event Correlation

Terminal log view with ANSI color coding, pre-configured detection packs, event correlation by identifier, alert preview testing, and optional Redis dependency.

  • Terminal Log View with ANSI color coding
  • Pre-configured Sigma detection packs
  • Event correlation by request/trace/user ID
  • Alert preview with 'Would Have Fired' simulation
  • Redis dependency now optional

Added

  • Terminal Log View — ANSI-style color coding for a familiar terminal experience
  • Detection Packs — Pre-configured Sigma rule bundles for common scenarios (startup, auth, database health)
  • Event Correlation — Click any request ID, trace ID, or user ID to see all related logs
  • Alert Preview — “Would Have Fired” simulation to test rules before enabling
  • Optional Redis — PostgreSQL-based alternatives with adapter pattern queue system

Fixed

  • Log Context modal reopening after close
  • Exception details from metadata display
  • WebSocket memory leak in live tail handler
  • SQL injection prevention in notification publisher
v0.4.2
Released
Fix

Clipboard Utility & Config Validation

Centralized clipboard copy function, config validation test coverage, and documentation corrections.

  • Centralized clipboard utility
  • Config validation test coverage

Added

  • Clipboard utility with centralized copy function
  • Config validation test coverage

Fixed

  • Documentation corrections for API configuration
  • Docker Compose configuration information
v0.4.1
Released
Improvement

Multi-Language Exception Parsers

Stack trace parsing support for multiple programming languages and dependency updates including @sveltejs/kit.

  • Multi-language stack trace parsing
  • SvelteKit and dependency updates

Added

  • Exception parsers for multi-language stack trace parsing

Changed

  • Dependencies updated including @sveltejs/kit

Fixed

  • OTLP endpoint URLs in documentation
v0.4.0
Released
Breaking

LogWard to LogTide Rebrand & Search

Project rebranding from LogWard to LogTide, substring search with trigram indexes, clickable dashboard elements, exception visualization, and customizable retention.

  • Project rebranded from LogWard to LogTide
  • Substring search with PostgreSQL trigram index
  • Clickable dashboard elements
  • Enhanced exception & stack trace visualization
  • Customizable log retention policy

Added

  • Substring Search — Full-text search with PostgreSQL trigram index
  • Clickable Dashboard Elements — Interactive navigation from charts and widgets
  • Enhanced Exception Visualization — Improved stack trace display
  • Customizable Log Retention — Configurable retention policies per project
  • Full-Page Export — Export all matching logs across pages
  • Custom Time Range Picker — Improved date/time selection UI

Breaking Changes

  • Environment variables renamed (LOGWARDLOGTIDE)
  • Fluent Bit configuration variables renamed
  • Database defaults changed
  • Docker container and service names changed
  • SMTP default sender changed

Fixed

  • Mobile navigation menu hamburger functionality
  • Services dropdown showing all services
  • Journald log format detection
  • Syslog level mapping improvements
  • OTLP protobuf parsing with proper binary support
2025
v0.3.2
Released
Fix

SvelteKit 2 Compatibility Fixes

Fixed SvelteKit 2 compatibility with new store patterns, traces page navigation 404s, and registration error handling.

  • SvelteKit 2 store pattern compatibility
  • Traces page 404 navigation fix

Fixed

  • SvelteKit 2 compatibility with new store patterns
  • Traces page navigation fixing 404 links
  • Registration error network handling
v0.3.3
Released
Feature

LDAP, OIDC & Auth-Free Mode

Enterprise authentication with LDAP and OpenID Connect, auth-free mode for home labs, initial admin via environment variables, and ARM64 Docker builds.

  • LDAP authentication for enterprise directories
  • OpenID Connect (OIDC) SSO
  • Auth-free mode for home labs
  • ARM64 / Raspberry Pi Docker builds
  • Disable sign-ups capability

Added

  • LDAP Authentication — Enterprise directory integration
  • OpenID Connect (OIDC) — SSO with any OIDC-compliant provider
  • Initial Admin via Environment Variables — Bootstrap admin user at first startup
  • Disable Sign-ups — Control user registration for private instances
  • Auth-free Mode — No authentication required, ideal for home labs and local development
  • ARM64 / Raspberry Pi Support — Docker images for ARM architecture

Changed

  • Fluent Bit default version pinned to 4.2.2
v0.3.1
Released
Fix

Security Policy Update

Updated security policy with current supported versions for responsible disclosure.

  • Supported versions updated for security policy

Updated security policy with current supported versions.

v0.3.0
Released
Feature

SIEM Dashboard, C# SDK & GeoIP Enrichment

Real-time SIEM dashboard with security widgets, C# / .NET SDK, IP reputation and GeoIP enrichment, and organization invitations.

  • Real-time SIEM dashboard with security widgets
  • C# / .NET SDK
  • IP reputation & GeoIP enrichment
  • Organization invitations
  • Horizontal scaling docs with Traefik

Added

  • SIEM Dashboard — Real-time security dashboard with dedicated widgets
  • C# / .NET SDK — Full .NET application support
  • IP Reputation & GeoIP Enrichment — Automatic IP context enrichment for security analysis
  • Organization Invitations — Invite users to join your organization
  • Horizontal Scaling Documentation — Traefik-based setup guide

Fixed

  • PDF export functionality in incident detail
v0.2.4
Released
Improvement

Syslog Integration & Go SDK Docs

Syslog integration documentation with device-specific guides, Go SDK documentation, and documentation restructure with new Integrations section.

  • Syslog integration with device guides
  • Go SDK documentation
  • Documentation restructure
  • Runtime PUBLIC_API_URL configuration

Added

  • Syslog integration documentation with device-specific guides
  • Go SDK documentation at /docs/sdks/go
  • Documentation restructure with new Integrations section

Changed

  • Docker Compose improved container orchestration
  • Onboarding flow skip behavior refinement
  • Runtime configuration for PUBLIC_API_URL

Fixed

  • Sign Up Free link pointing to correct route
  • Skip tutorial redirect loop
  • API URL in code examples
v0.2.3
Released
Improvement

Docker Image Publishing & Self-Hosting Docs

Automated Docker image publishing via GitHub Actions CI/CD and comprehensive self-hosting deployment documentation.

  • Docker images via GitHub Actions CI/CD
  • Self-hosting deployment documentation
  • Pre-built images in docker-compose.yml

Added

  • Docker image publishing with GitHub Actions CI/CD pipeline
  • Self-hosting documentation with deployment guides

Changed

  • docker-compose.yml now uses pre-built images by default
v0.2.2
Released
Feature

Onboarding Tutorial & Empty States

Multi-step onboarding wizard with progress tracking, empty state components for guidance, and expanded testing infrastructure.

  • Multi-step onboarding wizard
  • User onboarding checklist with progress
  • Empty state guidance components
  • Expanded testing infrastructure

Added

  • Onboarding Tutorial — Multi-step wizard guiding new users through setup
  • Empty State Components — Helpful guidance when dashboards have no data yet
  • User Onboarding Checklist — Progress tracking for initial setup steps
  • UI enhancements with help components

Fixed

  • Organization context handling improvements
  • Error states and loading indicators
v0.2.1
Released
Improvement

Redis Caching & 50x Performance Boost

Type-safe Redis caching layer with session validation 30x faster, API key verification 20x faster, query results 10x faster, and aggregations 50x faster.

  • Session validation 30x faster
  • API key verification 20x faster
  • Query results 10x faster
  • Aggregations 50x faster

Added

  • Redis Caching Layer — Type-safe cache keys with automatic invalidation
  • Landing page public index

Changed

  • Database optimization with composite indexes

Performance

  • Session validation 30x faster with caching
  • API key verification 20x faster
  • Query results 10x faster
  • Aggregations 50x faster

Fixed

  • Admin panel double sidebar issue
  • Admin routes navigation path corrections
v0.2.0
Released
Feature

OpenTelemetry & Distributed Tracing

Full OpenTelemetry support with OTLP endpoints, distributed tracing with complete CRUD operations, and 563+ tests.

  • OpenTelemetry OTLP endpoints
  • Distributed tracing with full CRUD
  • 563+ tests
  • Keyboard navigation for span selection

Added

  • OpenTelemetry Support — OTLP ingestion endpoints for traces and logs
  • Distributed Tracing — Full CRUD operations with waterfall visualization
  • Testing Infrastructure — 563+ tests covering all major features

Changed

  • OTLP ingestion performance optimization
  • Span selection UX with keyboard navigation

Fixed

  • Frontend UX issues in OTLP data display
  • trace_id handling flexibility for various formats
v0.1.0
Released
Feature

Initial Release

First public release of LogTide with multi-organization architecture, batch log ingestion, real-time streaming, TimescaleDB storage, Sigma detection engine, and official SDKs.

  • Multi-organization architecture
  • High-performance batch log ingestion
  • Real-time log streaming via SSE
  • Sigma detection engine
  • Node.js, Python, PHP & Kotlin SDKs
  • Docker Compose deployment

Added

  • Multi-organization architecture — Isolated workspaces for teams and projects
  • High-performance batch log ingestion — Optimized for high throughput
  • Real-time log streaming — Server-Sent Events for live tail
  • Advanced search and filtering — Query logs with complex filters
  • TimescaleDB storage — Automatic compression and retention policies
  • Dashboard with statistics — Overview of log volume, errors, and trends
  • Alert system — Rules with email and webhook notifications
  • Sigma detection engine — Industry-standard threat detection rules
  • Official SDKs — Node.js, Python, PHP, and Kotlin
  • Docker Compose deployment — Single-command setup

Have a feature request?

Open a discussion on GitHub or vote on existing proposals to help shape the roadmap.

Open a Discussion