Skip to content
← Back to release notes
v0.67.0 stable major release

Release v0.67.0

May 23, 2026

Major release: agent self-healing watchdog, on-demand inventory refresh, throttled notifications, DNS-security alerts, an expanded SNMP template library, and a long reliability and audit-log polish.

Devices & Visibility

  • On-demand inventory refresh. A new button on the device detail page asks the agent to re-collect its full inventory immediately instead of waiting for the next scheduled run, so you can verify a change you just made (a new disk, a fresh install, a renamed hostname) without waiting up to an hour.
  • Watchdog-aware status detection on the server. When the main agent process goes silent but the watchdog service is still checking in, the platform now recognizes that the device isn't fully dead (it's a partial outage) and surfaces it as a distinct state separate from a full offline. The dashboard badge for this state was completed in v0.67.1; in v0.67.0 the detection and data are in place.
  • Smart wake feedback. After triggering Wake-on-LAN, the dashboard now polls the device's status for a short window and tells you when it actually comes online instead of asking you to wait the full five-minute timeout.
  • Keyset cursor pagination on the devices API and list view. Large fleets page through the device list faster and without the inconsistency that offset-based pagination can produce when rows are being added or removed.
  • The device row action menu now flips upward when there's no room below the trigger, so the menu stays fully visible near the bottom of the viewport.

Reliability & Watchdog

  • Watchdog auto-restart. If the main agent process stops checking in, the watchdog service now restarts it on an escalating schedule (5 seconds, then 10, then 30) instead of leaving the device half-running until a human notices. Pairs with the Windows service auto-restart in v0.67.1 for a full self-healing loop.
  • In-place agent upgrade now deploys the desktop helper binary too, with hardened file replacement and additional installer tests, so upgrades reliably refresh every component instead of leaving an old helper behind.
  • Heartbeats now accept longer MAC addresses for devices with pseudo-interfaces (virtualization adapters, container bridges, certain Hyper-V configurations), instead of rejecting the whole heartbeat upload.

Network & Monitoring

  • Exhaustive SNMP template library. Out-of-the-box templates for Ubiquiti UniFi and 20+ additional networking vendors, so SNMP-enabled switches, access points, and gateways report into Breeze without per-device template authoring.
  • Wake-on-LAN now iterates all of the device's known subnet candidates and skips link-local (APIPA) ranges, so wakes find the real LAN even when the most recent IP recorded was a temporary one.
  • Linux firewall detection no longer fails when ufw's lockfile is present or when ufw returns a non-zero exit while still emitting valid status, so the firewall card reads correctly on more Linux distributions.

Alerts & Notifications

  • Per-channel notification throttle. Each notification channel can now cap the number of alerts it sends in a sliding window, so a misbehaving device or a network event flood can't drown out the important alerts or rack up SMS / Pushover bills.
  • Severity-by-exit-code mapping for scripts. Custom scripts can now communicate severity through their exit code, so a single script can raise an info, warning, or critical alert depending on what it found, without needing separate scripts per severity. The in-dashboard editor for these mappings is planned for a follow-up release.
  • DNS-security alerts. When a device's DNS layer blocks a threat (malware, phishing, command-and-control), Breeze can now raise an alert with a per-device, per-category cooldown so you get notified about a new threat category without being spammed by every repeated lookup.
  • AdGuard Home is now a supported DNS-filtering provider, alongside the existing options. Configure it once per organization and per-device threat events flow into Breeze.
  • DNS Security web UI scaffold. New sidebar entry, dedicated DNS Security page, and an Integrations tab; the page is in place ahead of the full DNS provider UI shipping in subsequent releases.

Roles & Permissions

  • Permission catalog endpoint. The dashboard's role editor now reads the canonical list of permissions from the server instead of a hard-coded copy, so the matrix never drifts behind newly-added permissions.
  • Role editor: the role-detail view now surfaces server errors when it can't load a role (instead of showing a blank permission matrix), and the Clone Role and Save flows now correctly preserve checked permissions and validate the role shape before saving.

Audit & Compliance

  • Audit-log viewer performance pass. The audit list and the dashboard widget no longer count the full table on every render, the cross-organization query is rewritten to scan per-organization, action codes now render as human-readable labels, and the modal handles long entries without overflowing. Agent-actor entries now resolve to the correct hostname.

Reports & Operations

  • Bulk-change scripting limit raised. The cap on bulk-change submissions was raised from 1,000 to a configurable default of 50,000, so legitimate large fleet operations no longer hit an artificial ceiling.
  • New cross-organization device move endpoint, plus a new admin endpoint for pre-creating device rows ahead of agent enrollment. Both ship the dual-axis audit trail expected by partner admins.
  • Sidebar version-staleness indicator. The version pill in the sidebar turns red when your dashboard is behind the latest published release and green when it's current, so self-hosters can see at a glance when an upgrade is available.

Fixes

  • Multi-org partner admins: sensitive-data scans, software-policy creation, and patch approvals now honor the organization you've selected from the query, instead of falling back to an ambient default.
  • Several internal date-serialization fixes in routes that emit Date values directly into SQL bindings.
  • Event-bus publishes no longer block a transaction or get swallowed silently: handler errors are logged with structured context so a failure in one subscriber is visible instead of disappearing into the void.
  • Browser security headers tightened to allow the embedded docs iframe without weakening the rest of the page.
  • Security dependency bumps for the Go networking library and the js-cookie package.

v0.67.0 is the broadest release since v0.65.16. The two themes that thread through it are self-healing reliability on the agent side, and clearer visibility on the dashboard side.

On the agent, the watchdog service now actively restarts a wedged main agent on an escalating schedule instead of passively reporting that it’s stuck, and the in-place upgrade flow ensures the desktop helper binary is replaced alongside the main agent so upgrades don’t leave partial installations. On the dashboard, you can ask any device to refresh its inventory immediately, large fleets page through the device list faster with cursor pagination, and the audit log viewer no longer counts the entire table on every render.

The release also extends Breeze’s monitoring reach. The SNMP template library now ships out-of-the-box coverage for UniFi and 20+ additional vendors, DNS-security events from supported providers (now including AdGuard Home) raise alerts in Breeze with sensible per-device cooldowns, and a per-channel notification throttle ensures a misbehaving device can’t drown out the alerts you care about. Scripts can now communicate severity through their exit code, which means one script can raise info, warning, or critical depending on what it found.

A note for self-hosters upgrading from v0.66.x: this release lands the server-side detection for “agent silent but watchdog OK,” and the dashboard badge that displays it was completed in v0.67.1. If you’re upgrading directly to v0.67.1 you get the full feature; if you stop at v0.67.0 the data is being collected but the badge isn’t yet rendered. v0.67.1 also fixes a Windows MSI upgrade issue that affects v0.67.0 installations; see the v0.67.1 notes.