# Stork 2.4.0 Release Notes, February 25, 2026 Welcome to Stork 2.4.0, a stable release. The changes and features introduced since Stork stable release 2.2.0 are: 1. **Direct API support for Kea**: The Kea Control Agent (CA) is deprecated as of Kea 3.0; it is now possible to run Kea in a mode where the DHCP daemons receive commands directly (without the CA). This caused a major refactoring of Stork: the application concept was dropped and Stork now operates on the daemon level [#1835, #2193]. We fixed a problem where the Stork agent was not able to detect a Kea instance when the control agent was bound to an IPv6 address [#2092]. System tests for the direct API were implemented [#2133]. Commands to Kea are now sent over other control sockets if the first one is unavailable [#2223]. The daemons are no longer removed from the database if they are inactive; a button can delete them manually [#2095]. The agent can now communicate to UNIX control sockets if they are configured by name only in Kea [#2166]. 2. **DNS**: Stork now attempts to detect which zones are configured as Response Policy Zones (RPZ) in BIND configurations and labels those zones as such. The RPZ zones can be filtered (all zones, only RPZ zones, only non-RPZ zones) [#1805]. The Resource Records (RRs) from the zones being viewed are now cached in the Stork DB. This avoids repeated zone transfers (AXFR) when showing zone contents. Cached content can be forcibly refreshed on demand by clicking a button in the UI [#1909]. The number of distinct and built-in zones is displayed in the dashboard and DNS fetch status pages [#1786]. Stork can now properly parse a BIND configuration that contains the `query-source`, `query-source-v6`, `transfer-source`, or `notify-source` directives [#1877, #1881]. Stork is now able to properly parse a configuration if a zone of type `mirror` is present [#1870]. Stork is now able to parse a BIND config if TLS dotted value is used [#1876]. Stork's parser for BIND 9 was updated to use a proper parser rather than a series of regular expressions. This addresses problems with some valid BIND 9 configurations confusing Stork [#1926]. We fixed a problem with Stork being unable to parse a BIND 9 configuration with a dyndb configuration block [#1938]. We addressed performance issues with large BIND 9 configuration parsing [#1912]. We fixed a problem where some BIND 9 statistics pertaining to zone transfers were handled incorrectly. New statistics are now exported to Prometheus: XfrReqDone, AXFRReqv4, AXFRReqv6, IXFRReqv4, and IXFRReqv6 [#1967]. We expanded the list of default locations where Stork tries to find PowerDNS configuration files [#1930]. The BIND 9 configuration and RNDC key files can now be viewed via the Stork UI [#1634]. The built-in zones are now hidden by default [#2118]. We fixed error handling in two gRPC streaming calls: one for receiving zone contents from the agent, and another for receiving BIND 9 configurations. The errors are now correctly interpreted in the Stork server [#2157]. We fixed an issue with slow loading of the dialog box displaying the zone RRs. The new solution should significantly improve the dialog box loading time on all browsers [#2096]. The mirror of the root zone can now be shown in the UI [#2072]. We fixed a problem where the zone viewer might display a debug message that was not intended for users [#2071]. The zone viewer can now filter RRs [#2136]. Detection of BIND 9 and PowerDNS servers was optimized in the Stork agent, avoiding parsing of configuration files if they haven't changed since the last detection [#2200]. The zone list can now be forcibly refreshed from the UI [#2201]. We added labels to display daemon links consistently [#2220]. 3. **PowerDNS support**: The UI was updated to display the PowerDNS app and the zone information fetched [#1753]. Agent and server changes for detecting and supporting operations on PowerDNS were implemented [#1751]. 4. **Sortable tables**: The Stork UI presents a lot of information in the form of tables, and this release introduces the ability to sort those tables by clicking on a column header [#1893, #1900, #2076, #2117]. 5. **Security**: We added a verification of the size of incoming requests to fix a DoS attack vector, and added a patch securing against an integer overflow bug in the go-pg library (CVE-2024-44905). This patch prevents potential vulnerabilities that could stem from this bug in the future [#1939, #1940]. We fixed a problem with a potential remote denial of monitoring in the Kea Prometheus exporter. Previously, the exporter could stop working after receiving statistics from Kea with a malformed subnet, pool, or prefix-pool ID. In addition, the exporter could stop working after receiving pool-level statistics at the subnet level [#2155, STO-01-002]. We added HTTP security headers to all Stork server HTTP responses, and these headers have been enabled in the demo and example nginx and Apache reverse proxy configurations [#2153, STO-01-007]. We fixed a non-exploitable SQL injection in the Stork tool command when creating a database [#2137, STO-01-003]. The number of tokens in a single line of the PowerDNS configuration is now limited to 500, to prevent attempts to parse malformed configurations and excessive use of memory during parsing [#2131, STO-01-009]. The maximum size of the PowerDNS parser buffer is 16KB, and the initial buffer size is 512B. This is aimed at reducing memory usage during PowerDNS configuration parsing [#2132, STO-01-010]. A potential panic is now prevented while merging Kea configurations, when saving an updated configuration [#2130, STO-01-012]. We addressed an issue whereby the Stork server could panic as a result of receiving and parsing an empty DNS RR from a monitored DNS server over AXFR [#2129, STO-01-011]. We changed the way the Kea daemon version information is displayed in the UI, to prevent the possibility of an HTTP injection attack [#2152, STO-01-004]. These issues were found via an external security audit by 7ASecurity, and the 'STO-*' codes refer to that report. We enhanced security by setting the default minimum required TLS version to 1.3 for connections to the Stork server RestAPI, database, and Kea API [#2250]. We fixed a command injection vector attack in the agent installer script [#2251]. We added validation of the password policy on the backend side [#2252]. The user form now better conforms to the password policy [#2275]. 6. **UI refresh**: Several styling components were simplified in anticipation of the upcoming PrimeNG upgrade [#1911]. The out-of-pool assignments are now displayed when showing pool utilization, for both addresses and IPv6 prefixes [#879]. The events list can now be cleared [#1539]. The options and parameters in the subnet options panel can now be hidden [#1550]. The user interface (UI) was upgraded to Angular 19 and PrimeNG 19, and several UI components were rewritten to better align with the new library versions [#1760]. We fixed a problem with some elements exceeding the viewport or container on small screens [#1528]. We fixed a problem where expanding IP reservations on the host reservations tab could crash the Stork UI [#2036]. We fixed a problem that when navigating away from the edit form, the editing capability would be locked out for 10 minutes, even for the same user [#1904]. Stateful tables have been globally disabled [#1894]. We fixed a problem with the tab menu underline not moving when a tab was closed [#1799]. The priority errors panel now tries to avoid using href [#1450]. We improved the handling of tabs when viewing, editing, or adding users in the Configuration > Users menu [#1390]. The list of apps can now be filtered by app type (Kea, BIND 9, PowerDNS) [#1956]. The PowerDNS server name is now displayed next to the version number on the machines page and the dashboard [#1973]. We refactored the filtering panels placed above various list views that support filtering; the new panels take less space and can be hidden with a toggle switch [#2197]. The Stork database ID is now displayed in the text of links to subnets in the Host Reservations list view [#2280]. 7. **Lease tracking (WIP)**: There is work in progress to develop lease tracking and inspection capabilities in Stork. While the whole solution is not yet functional, we have implemented an important step of the upcoming solution: the Stork agent can now detect the lease file location and is able to parse its contents. Unfortunately, the information gleaned is not used in any way yet, but we would appreciate user feedback about any problems, such as the Stork agent complaining about the lease file not being parseable, being inaccessible, slowing down considerably, running out of memory, or any other similar issues [#2055]. We added an agent API for obtaining a snapshot of all leases from Kea. It is disabled by default and is not currently ready for production use, but if you'd like to enable it and use it anyway (to test it and report problems), pass `--enable-lease-tracking` or set `STORK_AGENT_ENABLE_LEASE_TRACKING=1` when starting the agent [#2057]. 8. **LDAP**: We have added the ability to configure multiple groups for LDAP group mapping in the LDAP hook [#1845]. 9. **Bug fixes**: We fixed a problem where editing a shared network could lead to all reservations in a subnet belonging to the shared network being removed. This problem manifested itself if the reservations were kept in the config file [#1866]. We fixed an agent crash if the BIND config file was missing an `allow` statement in the statistics-channel configuration [#1908]. Stork no longer falsely claims that persistence is disabled if Kea uses memfile and the default lease file location [#667]. We fixed an incorrect link to Kea 3.0.0 packages [#1899]. Host migration now properly reports an error if the required `host_cmds` hook is not loaded in the Kea configuration [#1868]. We fixed a problem with reported deadlocks detected when High Availability (HA) was used with a backup server in Kea [#1872]. We fixed a problem in the statistics counting that produced enormous negative values or crashed due to division by zero [#1953]. We fixed a problem with handling comments in an extended JSON configuration in Kea. Two problematic cases were addressed: the first was a comment that had unbalanced quotes, and the second was about having two consecutive lines with quotes on them commented out [#2134]. We refactored error logging to log error messages and error stack traces in separate fields and ensure the error log entry is a single line [#1622]. The shared networks table no longer displays zero values in columns with Prefix Delegation statistics for IPv4 networks [#2104]. Host migration is now more informative when attempting to migrate hosts on an older (prior to 2.3.8) Kea version [#2034]. We fixed a bug preventing users from opening an edit form for a host reservation if it included any delegated prefix. Thanks to Benjamin Solenthaler for the patch [#2038]. We fixed the UI reporting versions to sometimes show security release-related messages as warnings instead of errors [#2048]. We corrected the query param value when filtering zones by type and when the type uses old (master, slave) naming conventions [#2186]. We fixed an issue in the Stork agent which misinterpreted the keyword "any" in the BIND 9 `listen-on` configuration clause. Now, Stork tries to communicate with BIND 9 over the local loopback addresses when it finds this keyword [#2122]. We fixed an issue with retrieving Kea configurations containing consecutive quotes from the database; it resulted in using invalid configuration strings (missing quotes) when trying to update the Kea configurations [#2112]. We fixed an issue with fetching and displaying Kea log targets [#2222]. We fixed a bug where filtering apps by text would have no effect if filtering by app type was active at the same time [#2180]. We fixed a database migration failure when the database server was Postgres 10 [#2144]. We fixed the `state:declined` search for Kea 3.1.5 and newer; however, the search for Kea 3.1.1 through 3.1.4 will not work [#1993]. We corrected a bug in the subnet edit form that resulted in displaying wrong input controls for specifying different subnet names for the subnet [#2184]. We fixed an issue with setting the number of clients and the rate in the DNS traffic simulator. Previously, these settings were ignored and the default values of one client and the rate of one query per second were used [#2100]. Fixed a bug preventing deletion of an unauthorized machine or a machine without any detected daemons [#2295]. 10. **Demo**: The Stork demo was updated to use Kea 3.1.0 and BIND 9.20 [#1856]. Since most Kea hooks are now available as open source, there is no longer a need for dedicated premium containers in the demo so some premium containers were removed. The now-open source hooks are demonstrated in the open source containers [#1819]. The demo can now use native containers on ARM64 [#1931]. Many warnings about client-class printed in the console were fixed [#1884]. Several traffic simulator issues were fixed [#1871]. We updated ca-certificates dependencies to address a demo build problem, due to older certificates no longer being available [#2005]. We fixed a minor problem where the kea-large container in the demo sometimes failed to start [#2103]. We fixed a problem with HA containers in the demo failing to start [#2066]. The PostgreSQL version used in the demo was updated to version 18 [#2028]. We added one intentionally conflicted host reservation to the demo to showcase conflict detection [#2080]. To demonstrate backward compatibility, the Stork demo now includes an older (2.6.x) Kea version on one of its example containers [#2139]. We fixed a problem with a traffic simulator not being able to generate traffic to some subnets [#2070]. We fixed the traffic simulator to now properly display servers on the DNS tab [#2081]. We fixed instabilities in the demo by changing the way the interfaces are assigned to networks in the Docker Compose configuration [#2140]. 11. **Packages**: A problem with the environment file being overwritten on RHEL and other RPM-based distributions was fixed [#1874]. 12. **Build improvements**: Dependencies were updated: front-end (Angular), back-end (Go compiler to 1.25.7, Go libraries), CI (Python, Rake), Grafana, Docker image [#1946, #2035, #2148, #2240]. The software versions available through the online version-checker were updated [#1958]. The Stork logo is now stored as a local SVG file and no longer requires an external font [#1850]. Stork now manages independent requirement files for easier builds with different Python versions. Also, if the requirements file is missing for a specific version, it is generated dynamically on the fly [#1505]. We fixed a problem where a too-specific curl version was required, resulting in a failed build on some systems [#1966]. We fixed a build problem with the recently released Python 3.14 [#2110]. We updated the list of available Kea versions in versions.json [#2054]. The Swagger UI is no longer included in the JavaScript bundle, which makes the bundle smaller by 3MB and improves the initial loading time [#2030]. The bump-up of the software versions available is now automated, meaning the release cycle is a bit smoother and less error-prone [#1570]. 13. **Testing**: We have developed system tests for host reservations, in particular for migration from a config file to a database [#1839]. The ChangeLog linter is now run in the CI [#1843]. We added Playwright support for Stork; Playwright is now used to run more comprehensive UI tests [#1224, #1992]. We implemented a reliable server-state reset mechanism for Playwright [#1949]. We created a dedicated test environment for Playwright automation [#1948]. We fixed several unstable unit-tests [#1572]. The `test_search_leases` system tests were extended [#1913]. We updated the `pkgs-compose` image, which was affecting several system tests [#2128]. We merged system tests for the older CVE-2025-8696 [#2045]. We fixed one system test that failed due to an incorrect type comparison [#2085]. The Playwright test code was updated to no longer require Selenium [#2090]. We fixed several problems with the CodeQL pipeline [#2064, #2065]. We improved one test for a `notify-source` fix that was included in an earlier release [#2013]. UI tests for machines [#2049], login [#2006], and user management [#2022] were developed. 14. **Documentation**: The previously implemented relaxed password restrictions are now documented [#1841]. We rearranged some sections of the Administrator Reference Manual (ARM), and created new sections to cover DHCP- and DNS-specific topics. We described the process of detecting Kea, BIND 9, and PowerDNS, and the configuration requirements for the DNS servers, so they can be monitored by Stork [#1844]. We updated the issue templates for GitLab [#2019]. The list of authors was updated [#1855]. The documentation for LDAP configuration has been updated [#1809]. We updated the ARM to include PowerDNS-specific features; specifically, we updated the security architecture description and the troubleshooting sections [#1972]. Please see this link for known issues: https://gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues. ## Incompatible Changes There are no backward-incompatible changes in this release. ## Release Model Stork has stable (even-numbered minor version, e.g. 2.0.1) and development (odd-numbered minor version, e.g. 2.1.2) releases; development releases are issued bi-monthly with some exceptions. New stable releases are expected roughly every six months. For ISC's detailed software support policy, see https://kb.isc.org/docs/aa-00896#stork. We recommend using stable versions in production if possible. We encourage users to test development releases and report back their findings on the stork-users mailing list (available at https://lists.isc.org/mailman/listinfo/stork-users) or open GitLab issues. ISC professional support customers may also report issues via our support portal. This text references issue numbers. For more details, visit the Stork GitLab page at https://gitlab.isc.org/isc-projects/stork/issues. ## License Stork is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 ## Download The easiest way to install the software is to use native deb or RPM packages. They can be downloaded from: https://cloudsmith.io/~isc/repos/stork/ The Stork source and PGP signature for this release may be downloaded from: https://downloads.isc.org/isc/stork The signature was generated with the ISC code-signing key, which is available at: https://www.isc.org/pgpkey ISC provides documentation in the Stork Administrator Reference Manual (ARM). It is available on ReadTheDocs.io at https://stork.readthedocs.io/en/latest/, and in source form in [the doc/ directory](https://gitlab.isc.org/isc-projects/stork/-/tree/master/doc). We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the stork-users mailing list (https://lists.isc.org/mailman/listinfo/stork-users). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Stork GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Stork is available from ISC. We encourage all professional users to consider this option; Stork and Kea maintenance is funded with support subscriptions. For more information on ISC's Kea and Stork software support, see https://www.isc.org/support/. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/mailinglists/. If you have any comments or questions about working with Stork, please share them to the stork-users list (https://lists.isc.org/mailman/listinfo/stork-users). Bugs and feature requests may be submitted via GitLab at https://gitlab.isc.org/isc-projects/stork/issues. ## Changes The following summarizes changes and important upgrades since the previous Stork stable release versioned 2.2.0. * 615 [bug] slawek Fixed a bug preventing deletion of an unauthorized machine or a machine without any detected daemons. (Gitlab #2295) * 614 [func] slawek Added validation of the password policy to the user form. (Gitlab #2275) * 613 [func] andrei The agent can now communicate to UNIX control sockets if they are configured by name only in Kea. (Gitlab #2166) * 612 [ui] william, piotrek Show the Stork database ID in the text of links to subnets in Host Reservations list view. (Gitlab #2280) * 611 [func] piotrek Refactored the filtering panels placed above various list views that support filtering. The new panels take less space and can be hidden with a toggle switch. (Gitlab #2197) * 610 [func] slawek Added labels to display daemon links consistently. (Gitlab #2220) * 609 [build] slawek Updated dependencies including the Go 1.25.7, Alpine 3.22, and several JavaScript, Python, Ruby and Go packages. (Gitlab #2240) * 608 [bug] marcin Fixed setting the number of clients and rate in the DNS traffic simulator. Previously, these settings were ignored and the default values of 1 client, and the rate of 1 query per second were used. (Gitlab #2100) * 607 [sec] slawek Enhanced security by setting the default minimum required TLS version to 1.3 for connections to the Stork server RestAPI, database, and Kea API. (Gitlab #2250) * 606 [sec] slawek Fixed command injection vector attack in the agent installer script. (Gitlab #2251) * 605 [func] slawek The daemons are no longer removed from the database if they are inactive. Added a button to delete them manually. (Gitlab #2095) * 604 [sec] slawek Added validation of the password policy on the backend side. (Gitlab #2252) * 603 [ui] slawek Dropped the application concept. (Gitlab #2193) * 602 [func] william Added agent API for obtaining a snapshot of all leases from Kea. It is disabled by default and is not currently ready for production use. If you want to enable it and use it anyway (to test it and report problems), pass `--enable-lease-tracking` or set `STORK_AGENT_ENABLE_LEASE_TRACKING=1` when starting the agent. (Gitlab #2057) * 601 [bug] marcin Corrected the bug in the subnet edit form resulting in displaying wrong input controls for specifying different subnet names for the subnet. (Gitlab #2184) * 600 [func] marcin Added an option in the UI to force refreshing the zones list from the monitored DNS servers. (Gitlab #2201) * 599 [func] slawek The commands to Kea are now sent over other control sockets if the first one is unavailable. (Gitlab #2223) * 598 [bug] william Fix `state:declined` search for Kea 3.1.5 and newer. Kea 3.1.1 through 3.1.4 will not work. (Also updated Kea version to 3.1.4 in demo and system tests.) (Gitlab #1993) * 597 [bug] slawek Fixed database migration failure when the database server was Postgres 10. (Gitlab #2144) * 596 [bug] piotrek Fixed a bug where filtering apps by text would have no effect if filter by app type was active at the same time. (Gitlab #2180) * 595 [bug] slawek Fixed fetching and displaying Kea log targets. (Gitlab #2222) * 594 [bug] marcin Fixed an issue with getting Kea configurations containing consecutive quotes from the database. It resulted in using invalid configuration strings (missing quotes) when trying to update Kea configurations. (Gitlab #2112) * 593 [doc] marcin Updated the ARM to include PowerDNS-specific features. In particular: updated the security architecture description and the troubleshooting sections. (Gitlab #1972) * 592 [func] marcin Optimized detection of the BIND 9 and PowerDNS servers in the Stork agent. It avoids parsing configuration files if they haven't changed since the last detection. (Gitlab #2200) * 591 [bug] marcin Fixed an issue in the Stork agent which misinterpreted the keyword "any" in the BIND 9 listen-on configuration clause. Now, it tries to communicate with BIND 9 over the local loopback addresses when it finds this keyword. (Gitlab #2122) * 590 [bug] marcin Corrected query param value when filtering zones by type and when the type uses old (master, slave) naming convention. (Gitlab #2186) * 589 [func] marcin Added RRs filtering in the zone viewer. (Gitlab #2136) * 588 [build] slawek Fixed instabilities in the demo by changing the way the interfaces are assigned to networks in the Docker Compose configuration. (Gitlab #2140) Stork 2.3.2 released on 2025-12-10. * 587 [func] piotrek Enabled tables sorting in Stork UI. Now most of the table views can be sorted by clicking on a column header. (Gitlab #1893) * 586 [build] slawek Updated dependencies including the Go 1.25.5, Angular, Grafana (in demo) and several JavaScript, Python, Ruby and Go packages. (Gitlab #2148) * 585 [bug] marcin Fixed error handling in two gRPC streaming calls, one for receiving zone contents from the agent, and another one for receiving BIND 9 configuration. The errors are now correctly interpreted in the Stork server. (Gitlab #2157) * 584 [func] marcin Builtin DNS zones are no longer listed by default. (Gitlab #2118) * 583 [bug] slawek Fixed a bug preventing Stork from reading Kea configuration with comments that included quotes. Added support for trailing commas in the Kea configuration files. (Gitlab #2134) * 582 [bug] marcin Address a potential remote denial of monitoring in the Kea Prometheus exporter. The exporter could stop working after receiving statistics from Kea with malformed subnet, pool or prefix pool ID. In addition, the exporter could stop working after receiving pool-level statistic at the subnet level. (Gitlab #2155) * 581 [func] slawek Refactored error logging to log error message and error stack trace in separate fields and ensure the error log entry is single-line. (Gitlab #1622) * 580 [bug] lucaspetrino, slawek Fixed a problem that the Stork agent was not able to detect kea when the control agent binds to an IPv6 address. (Gitlab #2092) * 579 [sec] piotrek Added HTTP security headers to all Stork server HTTP responses. The same headers were enabled in the demo and example nginx and Apache reverse proxy configurations. (Gitlab #2153) * 578 [sec] piotrek Changed the way the Kea daemon version information is displayed in the UI. This prevents the possibility of an HTTP injection attack. (Gitlab #2152) * 577 [func] marcin Implemented BIND 9 server configuration and rndc key files preview in the dialog boxes. (Gitlab #1634) * 576 [func] ! slawek Support for monitoring Kea daemons directly without an intermediate Kea Control Agent (direct Kea API). Implemented communication via HTTP endpoint and sockets. (Gitlab #1835) * 575 [bug] slawek Fixed non-exploitable SQL injection in the Stork tool command creating a database. (Gitlab #2137) * 574 [bug] marcin Fix an issue with slow loading of the dialog box displaying the zone RRs. The issue was initially observed on Safari, with loading times reaching tens of seconds. However, it could also take several seconds on other browsers. The new solution uses a virtual scroller. It significantly improves the dialog box loading time on all browsers. (Gitlab #2096) * 573 [func] piotrek Shared networks table will no longer display zero values in columns with Prefix Delegation statistics for IPv4 networks. (Gitlab #2104) * 572 [func] marcin Limit the number of tokens in a single line of the PowerDNS configuration to 500. It prevents attempts to parse malformed configurations and excessive use of memory during parsing. (Gitlab #2131) * 571 [bug] marcin Maximum size of the PowerDNS parser buffer is 16kB. The initial buffer size is 512B. It is aimed at reducing the memory usage during PowerDNS configuration parsing. (Gitlab #2132) * 570 [bug] marcin Prevent potential panic while merging Kea configurations when saving updated configuration. (Gitlab #2130) * 569 [bug] marcin Addressed an issue in the Stork server whereby the server could panic as a result of receiving and parsing an empty DNS RR from the monitored DNS server over AXFR. (Gitlab #2129) * 568 [bug] slawek The host migrator verifies the Kea version now and produces a descriptive error if it is unsupported. (Gitlab #2034) * 567 [bug] besole, slawek Fixed a bug preventing users from opening an edit form for a host reservation if it included any delegated prefix. (Gitlab #2038) * 566 [bug] marcin Prevent ignoring errors while getting server and traffic statistics from the BIND 9 server. (Gitlab #2065) * 565 [bug] marcin Improved error reporting when closing some files fails. (Gitlab #2064) * 564 [func] marcin Enable showing mirror zones in the UI. (Gitlab #2072) * 563 [bug] marcin Fix listing DNS servers in the traffic simulator. Previously, BIND 9 servers were not listed when other apps were authorized. Now, both BIND 9 and PowerDNS servers are correctly listed in the simulator. (Gitlab #2081) Stork 2.3.1 released on 2025-10-15. * 562 [func] piotrek Responsive UI was improved. Content overflow was minimized for smaller viewports. (Gitlab #1528) * 561 [sec] slawek Updated Go to version 1.24.9 which fixes CVE-2025-58187. (Gitlab #2035) * 560 [func] marcin BIND 9 configuration parser is used by the Stork agent during detection of BIND 9 instances. It is not user-visible change but it is explicitly noted here in case it introduces some issues with uncommon BIND 9 configurations. (Gitlab #1926) * 559 [bug] slawek Fixed a bug in the statistic counting that produced enormous big or negative values or crashed due to division by zero. (Gitlab #1953) * 558 [build] piotrek Updated frontend dependencies including Angular 19 and PrimeNG 19. Frontend code was refactored to support new Angular and PrimeNG versions. (Gitlab #1760) * 557 [bug] marcin Fixed parsing "dyndb" BIND 9 configuration statement. Previously, BIND 9 configuration parsing failed on this statement causing issues with detecting BIND 9 servers. (Gitlab #1938) * 556 [build] slawek Split Python requirements in separate files for each Python version. The Python requirement files are now generated dynamically if they do not already exist. This improves building, especially of the UI, on systems with old Python versions. (Gitlab #1505) * 555 [func] marcin Improved performance of BIND 9 configuration parsing by the agent. Added support for annotating parts of the BIND 9 configuration to skip parsing them. These annotations are useful in large deployments when parsing the BIND 9 configuration file can take significant amount of time. Use //@stork:no-parse:scope and //@stork:no-parse:end to skip parsing selected part of the configuration file. Use //@stork:no-parse:global to skip parsing the rest of the configuration file following the annotation. (Gitlab #1912) * 554 [ui] william Add drop-down menu to filter by app type (Kea, BIND9, PowerDNS) in the Services > Apps page. (Gitlab #1956) * 553 [bug] marcin Fix collecting and exporting some of the BIND 9 statistics pertaining to zone transfers. Exporting new statistics to Prometheus: XfrReqDone, AXFRReqv4, AXFRReqv6, IXFRReqv4, IXFRReqv6. (Gitlab #1967) * 552 [doc] marcin Restructured Stork ARM. Created new sections to cover DHCP and DNS-specific topics. Described the process of detecting Kea, BIND 9 and PowerDNS, and the configuration requirements for the DNS servers, so they can be monitored by Stork. (Gitlab #1844) * 551 [sec] slawek Added a verification of the size of incoming requests to fix the DoS attack vector. Added a patch securing against an integer overflow bug in go-pg library (CVE-2024-44905). This patch prevents potential vulnerabilities that could stem from this bug in the future. (Gitlab #1939, #1940) * 550 [ui] marcin PowerDNS server name is displayed next to the version number on the machines page and the dashboard. (Gitlab #1973) * 549 [build] marcin Improved detection of PowerDNS config file location. The agent tries to find the config file in typical locations. Added the command line argument (`--powerdns-path`) and environment variable (`STORK_AGENT_POWERDNS_CONFIG`) to specify custom PowerDNS config file location. (Gitlab #1930) * 548 [build] yavorpeev Playwright initial configuration for UI testing plus test example (Gitlab #1224) Stork 2.3.0 released on 2025-08-13. * 547 [build] slawek Upgraded the Kea to version 3.1.0 and BIND 9 to version 9.20 in the demo. (Gitlab #1856) * 546 [func] marcin Integrated PowerDNS server. Stork can now fetch and list zones configured on the PowerDNS servers, and show zone contents. (Gitlab #1751, #1753) * 545 [func] piotrek Added a possibility to configure multiple groups for LDAP group mapping in the LDAP hook. (Gitlab #1845) * 544 [bug] marcin Show RPZ tags next to the response policy zones in the zones list. The list can also be filtered by RPZ. (Gitlab #1805) * 543 [bug] william Fixed issue where Stork would incorrectly report that lease persistence was disabled on a Kea server, when it was actually enabled and set to use the default memfile path. (Gitlab #667) * 542 [func] slawek Display a utilization bar for out of pool addresses and delegated prefixes. (Gitlab #879) * 541 [bug] slawek Fixed unexpected wiping out all shared network-related host reservations from the configuration file after modifying this shared network by UI form. (Gitlab #1866) * 540 [ui] william Add a Clear button on the Monitoring > Events page which clears all of the events that Stork knows about. (Gitlab #1539) * 539 [ui] william When viewing a subnet, shared network, or host reservation, the DHCP Options and DHCP Parameters boxes can now be expanded and collapsed. (Gitlab #1550) * 538 [bug] marcin The stork-agent gracefully deals with the situation when the statistics-channel configuration in BIND 9 lacks the allow statement. It logs an error requesting that the allow statement is included in the configuration. (Gitlab #1908) * 537 [bug] marcin Zone RRs are cached in the database for a viewed zone. It avoids repeated zone transfers (AXFR) when showing zone contents. The cached zone contents can be refreshed using zone transfer on demand by clicking a button in the UI. (Gitlab #1909) * 536 [bug] marcin The number of distinct and builtin zones are displayed in the dashboard and DNS fetch status pages. (Gitlab #1786) * 535 [bug] marcin Root zone is now properly fetched from the agent and stored in the database. Previously, fetching the zones from the agent failed when the DNS server configuration on the agent's machine included a root zone. (Gitlab #1870) * 534 [func] slawek The host migrator reports now a missing Kea host_cmds hook as a daemon-related error. (Gitlab #1868) * 533 [bug] slawek Fixed deadlocks in the database while detecting Kea HA services including backup servers. They were caused by infinitely appending the same backup server ID to one of the database tables. (Gitlab #1872) * 532 [bug] marcin Fixed parsing BIND9 query-source, query-source-v6, notify-source notify-source-v6, and similar parameters. (Gitlab #1881) * 531 [bug] marcin Fixed parsing of the BIND 9 configuration file containing dots in the configuration statement names. (Gitlab #1876) * 530 [bug] slawek Fixed overriding the environment files when updating RPM packages. (Gitlab #1874) Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.