2026.05.13 Release Note

This version introduces:

• a redesigned UI with new visualizations (multi-protocol view, waterfall),
• a parsing pipeline migrated to Go with Protobuf serialization and gRPC for the hot paths,
• and a new tooling layer for humans and AI agents: the spider and spider-mon CLIs plus two Claude Code plugins that wrap them.
• a vulnerability upgrade agent to lands the release with all known CVEs patched across all 44 active components.

Upgrade risk

warning

With the change of technology for parsers - to GO -, the regular expressions used for templates and tags may need to be adapted.
Indeed, Go regular expressions do not support backtracking, which can be replaced by splitting the regular expressions using it.

A Playground has been added for Templates and Tags allowing to test easily the configuration changes.
LLM like Claude are quite capable of adjusting the regular expressions set.

Key changes

• Rewrite Controller in Go
• UI redesign - Enhance usability and user experience
• Unified L7 view — HTTP and PostgreSQL communications together
• Waterfall view
• Network-View modernization - React 18, MUI v7, Redux Toolkit, Rspack, Luxon
• Parsing pipeline migrated to Go + Protobuf + gRPC
• Spider CLI - verb-first command line for humans and AI agents
• Spider-mon CLI - structured self-monitoring queries and baselines
• Spider's Claude Code plugins - two surfaces, one marketplace
• Vulnerability upgrade agent - 44 components, 0 CVEs, 3h30

How to upgrade

1. Use Helm chart 6.4.0 from repository
2. Adjust global.version field value to 2026.05.13 in your values.yaml
3. Deploy

tip

See Reference documentation for details.

Versions

Spider

New versions of Spider components:

Component	Version	Docker tag
Helm chart	6.4.0	-
Analysis UI	15.0	2026.05.13
Controllers	3.0	2026.05.13
Gossipers	7.11	2026.05.13
Gociphers	1.8	2026.05.13
Back office	-	2026.05.13
Login UI	-	2026.05.13
Monitoring UI	-	2026.05.13

Dependencies

This operator is required on the Kube where Spider is installed.

Dependency	Version
Elastic Cloud for Kubernetes	2 or 3

These components are set up in the correct versions by the Helm chart:

Dependency	Version	Docker tag
Elastic stack	9.1*	9.1
Redis	8.2	8-alpine
Traefik	3.5	v3.5

(*) Version 7 is still available and compatible for clusters still using ECK 2.

Compatibility

Spider has been successfully tested under these versions of dependencies:

3rd party software	Version
Helm	3.14+
Kube	1.28+

List of changes

Helm chart

✨ New features	Expose parsers for Playground APIs Use GRPC for intensive internal communications Replace key parsing services by their Go rewrite New Pg Upload service to allow uploading Pg Coms. Allow deploying a different Whisperer version than Controller one Optional namespace-scoped ECK operator (v3.2): set elasticsearch.eck.enabled: true to let Spider install its own ECK when none is present, or when the existing one does not watch Spider's namespace. Preflight guards abort on conflict.
⚙️ Improvements
🐞 Bug fixes	Fix overloading the version of Controller or Gocipher

Analysis UI

✨ New features	UI redesign to enhance usability Multi-protocol communications view (label: "All") — unified grid, sequence diagram, waterfall and stats showing HTTP and PostgreSQL communications together. Waterfall view. Drag and drop of widgets in Dashboard configuration Drag and drop of columns in Columns selection Drag and drop of actors in Sequence Diagram Color scale to numeric columns in Grid Save filters associated to view when switching views Option to show Template in sequence diagram Horizontal scroll to sequence diagram SVG and PNG export of maps Enhance pcap filter editor in Create Whisperer & Whisperer Capture Config tabs Syntax highlighting Parser Templates Add Playground in Whisperer Config to test Templates and Tags configuration
⚙️ Improvements	PSQL view PSQL stats in Host details tab Limit status code errors to code 400, that is the only one generated by the parser Add JSON download to PgComs Whisperer Config Playground now validates Templates and Tags against the actual Go parsing engine (calls web-parser / pg-parser /v1/playground) instead of matching with the browser's JS regex engine — no more false positives, and regexes the parser cannot use (backreferences / lookaround) are now flagged. Major frontend modernization (v15.0): React 18, MUI v7, Redux Toolkit, Luxon, Rspack
🐞 Bug fixes

Controllers

✨ New features
⚙️ Improvements	Rewrite in Go for better scalability and stability of integration with Kubernetes
🐞 Bug fixes

Gossipers (Whisperers)

✨ New features
⚙️ Improvements
🐞 Bug fixes

Gociphers

✨ New features
⚙️ Improvements
🐞 Bug fixes

Back office

✨ New features	New Pg Upload service to allow uploading Pg Coms. New MultiRead service (multi-read) to search HTTP and PostgreSQL communications in a unified view. Queries a single ES alias (spider-search-multicoms) that unions the HTTP and PG communication indices. Playground validation API on the Go parsers — POST /web-parser/v1/playground and POST /pg-parser/v1/playground run draft tag & template rules through the real parsing engine, returning extracted values per com and the list of rules the parser cannot use (RE2 rejects backreferences / lookaround). Backs the Whisperer Config Playground.
⚙️ Improvements	Allow service accounts to connect many times at once. Useful for automated tests, and surely for other stuff. Still logs a warning since last connection date could not be saved (OCC on Elastic). Reduce CPU usage of status aggregation services (Whisps-Status-Agg, Ciphers-Status-Agg, Hosts-Agg). The instance sweep is now computed once per agent per polling batch instead of once per status message, reducing cost from O(N×K) to O(N+K). Whisperer batches in Hosts-Agg are also processed in parallel. Rewrite in Go of major services used in parsing flow: Pack-Write Pack-Read Tcp-Write Tcp-Update Web-Write Pg-Parser Tls-Keys-Linker Change serialization format of communications from JSON to Protobuf for: Packets TcpSessions Http coms & parsing log Changed communication protocol from REST+JSON to GRPC between parsers (Web-Write & Pg-Parser) and Pack-Read / Tcp-Update
🐞 Bug fixes	TlsKeys-Linker no longer counts "no TCP session found for a captured TLS key" as a parsing error. It is an expected case (session not captured, expired, dropped packet…), so it stopped inflating the error counter in monitoring.

Login UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Monitoring UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Tools

✨ New features	New spider CLI tool designed for use by AI Agents Access network usage and captured data Attach whisperers, access configuration... Search attachments, show sidecars spider-mon CLI: Access all Spider monitoring and alerting status. Spider Claude Code marketplace with 2 plugins: Spider plugin: skills + agents to investigate capture data and troubleshoot your systems. Spider-mon plugin: skills + agents to review monitoring, compare periods, report performance metrics, decode alerts, propose tuning. New fleet management agent to fix CVE on all components before release.
⚙️ Improvements
🐞 Bug fixes

Online documentation

Main updated parts:

• [/docs/ui/BottomPanelModes/Waterfall](Waterfall view)
• [/docs/tools/spider-cli](Spider CLI)
• [/docs/tools/spider-mon](Spider-mon CLI)
• [/docs/tools/spider-claude-plugin](Spicer Claude plugin)
• [/docs/tools/spider-mon-plugin](Spider-mon Claude plugin)

API impacts

note

This section informs about any impact on Spider API, so you may adjust your scripts.

Data impacts

note

The table below tells if there are data mapping changes in Elasticsearch indices, associated or not with migrations (Yes ✅ / No ❌).
Migration are automated at upgrade time, but they may leave unattended indices that you have to remove manually.

Index	Description	Migration
httpcoms & pgcoms	New alias for multi-com	-