artifacthub helm/kubeshark-helm-charts/kubeshark 53.1.0
v53.1.0
on Artifact Hub

15 hours ago

Kubeshark release v53.1.0 (03-05-2026)

Release Highlights

Kubeshark 53.1.0 introduces comprehensive L4 (TCP/UDP) network flow visibility with real-time connectivity tracking, handshake latency percentiles, and a new cluster-wide L4 map in the UI.

The release adds a built-in MCP (Model Context Protocol) server, enabling AI-powered network analysis through standardized tool integrations including snapshot management, L4/L7 querying, and PCAP export.

Snapshot workflows have been significantly enhanced with cloud storage support, delayed dissection capabilities, and streamlined download/upload operations.

Several critical CVEs have been patched, build security has been hardened following a responsibly-disclosed token exposure incident, and memory stability improvements have been made throughout the stack.

New Features

  • Add MCP (Model Context Protocol) server for AI-powered network traffic analysis docs
  • Add MCP tools for querying L4 flows, L7 API calls, snapshot management, and PCAP export L4 tools | L7 tools | raw capture tools
  • Add MCP Registry support for official registry submission and discovery
  • Add L4 (TCP/UDP) real-time network flow visibility with connection tracking docs
  • Add cluster-wide L4 connectivity map in the dashboard docs
  • Add P50/P90/P99 TCP handshake latency percentiles for network health monitoring docs
  • Add snapshot cloud storage support (AWS S3 with cross-account IAM role assumption, Azure Blob) docs
  • Add snapshot download and upload via HTTP REST endpoints
  • Add delayed dissection mode for post-capture L7 protocol analysis docs
  • Add automatic dissection trigger after snapshot completion docs
  • Add KFL2 query language with GraphQL support for advanced traffic filtering docs
  • Add L4 flow and connection entries in the UI with PCAP content loading docs
  • Add DNS resolution name as fallback display in traffic entries
  • Add --release-helmChartPath CLI flag for deploying with a local Helm chart
  • Add captureSelf flag to enable or disable capturing Kubeshark's own traffic
  • Add configurable cloud API URL

Improvements

  • Rename flow terminology for consistency (flow for L4, conn for connections)
  • Set default TCP and UDP flow timeouts to 20 minutes
  • Adjust nginx configuration to support large snapshot uploads and downloads
  • Improve L4 to L7 entry relationship tracking and consistency
  • Apply DNS resolution as fallback when syscall-based resolution fails
  • Optimize UI Docker builds and production bundle loading
  • Improve license validation and UI stability for non-enterprise users
  • Extend community license grace capacity on node and pod limit overflow
  • Allow Pro plans to use license keys without requiring cloud login
  • Exclude worker pods from scheduling on nodes that are not ready
  • Improve dissection badge UX with updated text and color indicators
  • Auto-align selected snapshot nodes with available ones in the UI
  • Stop raw packet capture during snapshot download to ensure data consistency docs
  • Batch mode processing for delayed dissection workloads docs
  • Optimize memory usage in packet capture pipeline

Bug Fixes

  • Fix memory leak in TCP handshake health aggregation
  • Fix nil pointer dereferences in MCP L4 flow functions
  • Fix crash when storing entries with TCP and UDP connection objects
  • Fix L4 flows delayed dissection and PCAP generation
  • Fix inter-node flow aggregation in the flows API
  • Fix cleanup timings that could cause queries for already-deleted entries
  • Fix peer resolution and resolution status population
  • Fix frontend resolution display issues
  • Fix node view rendering in the workload map
  • Fix callback dependency for fetching selected entries in the UI
  • Fix handling of empty payload and empty L4 metrics in delayed-dissection entries
  • Fix data volume mount placement in Helm chart TLS configuration
  • Fix MCP Hub API tool call field naming
  • Fix ARM architecture build

Security

  • Harden container build pipeline following a responsibly-disclosed GitHub token exposure in a container image — removed embedded tokens, switched to GitHub App tokens with minimal scopes, improved build isolation
  • Fix CVE-2025-30204 by updating golang-jwt to patched versions
  • Fix CVE-2025-47914 and CVE-2025-58181 by updating golang.org/x/crypto to 0.45.0
  • Add backend license validation for cloud-connected deployments

Patches

When new patch releases are published, they will be automatically added and listed in this section.

Download Kubeshark for your platform

Mac (x86-64/Intel) 

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v53.1.0/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon) 

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v53.1.0/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64) 

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v53.1.0/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64) 

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v53.1.0/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64) 

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v53.1.0/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

Check out latest releases or
releases around helm/kubeshark-helm-charts/kubeshark 53.1.0

Don't miss a new kubeshark release

NewReleases is sending notifications on new releases.

Get notifications