🚀 Features
Section titled “🚀 Features”Sort events by time in the Stream view
Section titled “Sort events by time in the Stream view”May 7, 2026 · @gitryder
You can now sort events by time in the Stream view. The control cycles between newest first, oldest first, and off, and is disabled when no timestamp field is detected in the data. Your sorting preference is remembered between sessions.
🔧 Changes
Section titled “🔧 Changes”Return a dedicated error when a user key expires
Section titled “Return a dedicated error when a user key expires”May 21, 2026 · @lava
When a X-Tenzir-UserKey has expired, the platform now returns a dedicated 403 response with the detail User key expired, instead of the generic 403 Invalid API Key: X-Tenzir-UserKey expired error. This lets clients reliably detect the expired-key case and trigger a re-authentication flow.
🐞 Bug Fixes
Section titled “🐞 Bug Fixes”Fix duration round-trip in TQL queries
Section titled “Fix duration round-trip in TQL queries”May 21, 2026 · @gitryder
Negative multi-part durations no longer drift when copied or embedded into a TQL query. Previously a duration like -(19min + 12.636s) was rendered as -19min + 12.636s, which the parser read as -1127.364s instead of the original -1152.636s — off by twice the seconds component. The sign now distributes across every term (-19min - 12.636s) so the value round-trips cleanly.
Duration rendering also picks up a clearer split between display and query forms. The table cells, chart tooltips, and chart axis labels show durations in a human-readable form like 1h 30min 5.000s. The inspector and any context that needs to round-trip the value back into a query show the TQL-valid arithmetic form like 1h + 30min + 5.000000000s.
Fix Insights tab freezing on large pipelines
Section titled “Fix Insights tab freezing on large pipelines”May 19, 2026 · @gitryder
We fixed an issue where the Insights tab became unresponsive and flickered on pipelines with many operators. The table now renders smoothly and stays interactive while showing live metrics.
Upgrade dependencies to fix known vulnerabilities
Section titled “Upgrade dependencies to fix known vulnerabilities”Apr 21, 2026 · @lava
We upgraded frontend, backend, and CLI dependencies and bumped the tenzir-seaweed base image to address known vulnerabilities reported by our container scanner.
Notable dependency bumps:
drizzle-ormto 0.45.2 (CVE-2026-39356)tarto 7.5.8 (CVE-2021-32803, CVE-2026-26960, CVE-2021-37712, CVE-2021-37713)tar-fsto 3.0.7 (CVE-2024-12905)wsto 8.17.1 (CVE-2024-37890)ellipticto 6.5.7 (CVE-2024-42461, CVE-2020-13822, CVE-2024-48949)cryptographyto 46.0.7 (CVE-2026-39892)rollupto 4.59.0 (CVE-2026-27606)viteto 7.3.2 (CVE-2026-39363)ajvto 8.18.0 (CVE-2025-69873)defuto 6.1.5 (CVE-2026-35209)picomatchto 4.0.4 (CVE-2026-33671)http-cache-semanticsto 4.1.1 (CVE-2022-25881)globto 11.1.0 (CVE-2025-64756)glob-parentto 5.1.2 (CVE-2020-28469)cipher-baseto 1.0.5 (CVE-2025-9287)trim-newlinesto 4.0.1 (CVE-2021-33623)y18nto 5.0.5 (CVE-2020-7774)kind-ofto 6.0.3 (CVE-2019-20149)decode-uri-componentto 0.2.1 (CVE-2022-38900)minimistto 1.2.6 (CVE-2021-44906)lodashto 4.18.1 (CVE-2020-8203, CVE-2026-4800)minimatchto 3.0.5 (CVE-2022-3517)ansi-regexto 6.0.1 (CVE-2021-3807)semverto 7.7.1 (CVE-2022-25883)normalize-urlto 6.0.1 (CVE-2021-33502)inito 1.3.6 (CVE-2020-7788)
The tenzir-seaweed base image was bumped to 4.20 and Dockerfiles now run OS package upgrades, addressing CVE-2026-2673, CVE-2026-28388, CVE-2026-31790, CVE-2026-28390, CVE-2026-28389 (openssl), CVE-2026-40200 (musl), and CVE-2026-5201 (gdk-pixbuf).