May 2026 Monthly Release

For help upgrading to the latest version, contact your Cloudhouse Representative. The following table describes each component available to upgrade within this release of Cloudhouse Guardian (Guardian).

Tip: For more information on the known issues currently present within Guardian, see Known Issues.

Release Date Guardian Platform Guardian Web Guardian Agent
10th June 2026 V4 V3.66.2 V5.51.3

Guardian Platform V4

Here's what's included in V4 of the Guardian Platform as part of the May 2026 monthly release.

Other Enhancements

The following additional enhancements are included within this release of the Guardian Platform.

Appliance Operating System Update

The Guardian appliance operating system has been updated to Flatcar Container Linux 4593.2.1, incorporating the latest upstream security and stability fixes.

Simplified Appliance Administration

The armadactl administration tool no longer requires token-based login. Administrators will no longer encounter 'token is expired' errors when running appliance administration commands.

Fixed Issues

The following issue has been fixed within this release of the Guardian Platform.

Worker Nodes Unable to Fetch Release Packages from the Master Node
Problem:

On multi-node appliances, worker nodes fetch release packages from the master node during an upgrade. Following the migration of appliance routing to the service mesh, the route used for this transfer was not carried over, preventing worker nodes from retrieving release packages.
Solution:

The release package route has been restored, and worker nodes retrieve release packages from the master node as expected.

Guardian Web Application V3.66.2

Here's what's included in V3.66.2 of the Guardian web application as part of the May 2026 monthly release.

Other Enhancements

The following additional enhancements are included within this release of the Guardian web application.

Database Scan Options

As part of this release, we have improved the scan options available for Database nodes. The Inventory section is now visible under Enabled Sections in the scan options for Database nodes, allowing you to selectively enable or disable it. Additionally, the SQL Query scan option is now available for Windows nodes, in addition to the existing Database node support. The unused 'Key Column 2' field has been removed from the SQL scan options to simplify configuration.

CIS Benchmark Updates

The CIS Benchmarks available within Guardian have been updated, based on CIS Assessor v4.60.0. This update includes new versions of previously supported benchmarks, as well as new benchmarks for operating system versions succeeding those already supported. The following 27 new and updated benchmarks are available in this release:

  • CIS AlmaLinux OS 8 Benchmark v4.0.0

  • CIS Azure Kubernetes Service (AKS) Benchmark v1.8.0

  • CIS Debian Linux 13 Benchmark v1.0.0

  • CIS Google Kubernetes Engine (GKE) Benchmark v1.9.0

  • CIS Google Kubernetes Engine (GKE) Autopilot Benchmark v1.3.0

  • CIS Kubernetes Benchmark v1.12.0

  • CIS Microsoft Edge Benchmark v4.0.0

  • CIS Microsoft SQL Server 2019 Benchmark v1.5.2

  • CIS Microsoft SQL Server 2022 Benchmark v1.2.1

  • CIS Microsoft Windows 11 Enterprise Benchmark v5.0.0

  • CIS Microsoft Windows Server 2016 Benchmark v4.0.0

  • CIS Microsoft Windows Server 2016 STIG Benchmark v4.0.0

  • CIS Microsoft Windows Server 2019 Stand-alone Benchmark v3.0.0

  • CIS Microsoft Windows Server 2019 STIG Benchmark v4.0.0

  • CIS Microsoft Windows Server 2022 STIG Benchmark v3.0.0

  • CIS Microsoft Windows Server 2025 Stand-alone Benchmark v1.0.0

  • CIS MongoDB 7 Benchmark v1.2.0

  • CIS MongoDB 8 Benchmark v1.0.0

  • CIS Oracle Database 19c Benchmark v2.0.0

  • CIS Oracle Database 23ai Benchmark v1.1.0

  • CIS Oracle Linux 8 Benchmark v4.0.0

  • CIS Oracle Linux 10 Benchmark v1.0.0

  • CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0

  • CIS Red Hat Enterprise Linux 10 Benchmark v1.0.1

  • CIS Rocky Linux 8 Benchmark v3.0.0

  • CIS Rocky Linux 10 Benchmark v1.0.0

  • CIS Ubuntu Linux 22.04 LTS Benchmark v3.0.0

Replaced and Deprecated Benchmarks

As part of this release of CIS Assessor, CIS has published brand new benchmarks that replace — rather than update — a number of existing benchmarks with similar names. The previous versions are deprecated; if you use any of the following, it is recommended to review your policies and move to the new benchmark:

  • Microsoft Windows Server 2016 / 2019 / 2022 STIG — entirely new benchmarks intended to fully replace the previous versions, aligning more closely with the DISA STIG standards.

  • Oracle Database 19c — the previous six policies have been consolidated into two.

  • Microsoft Edge — policy name changes only; the policy content is otherwise unchanged.

In addition, the CIS AlmaLinux OS 8 Benchmark v2.0.0 (CIS_Alma_Linux_OS_8_Benchmark_v2.0.0-xccdf.xml) has been removed from the supported benchmark whitelist to avoid confusion due to inconsistent naming conventions from CIS. It is superseded by the AlmaLinux OS 8 Benchmark v4.0.0 listed above.

API Documentation

The Guardian core API documentation (core-api.cloudhouse.com) has been refreshed to include documentation for the Credentials endpoints (/api/v2/credentials), supporting customers integrating credential management into synchronization scripts and automation.

Security Updates

As part of our ongoing commitment to security, the authentication library used by Guardian has been updated to address a published security advisory.

Fixed Issues

The following issues have been fixed within this release of the Guardian web application.

GWB-6553 – LDAP Not Synchronizing Existing Users Correctly When Switched On
Affects Versions: – Fix Version: V3.66.2
Problem:

When LDAP authentication was enabled on an appliance with existing local users, those users were unable to sign in. Each attempt displayed the 'Username LDAP Synchronization Complete - Please Login Again' message, but the synchronization never completed and the user's LDAP username was not recorded. In addition, inviting the same email address to a second organization while an existing invite was pending failed with an 'already been invited' error, and LDAP users following an invite link were directed to a registration form that could not be completed.
Solution:

Existing users are now synchronized with their LDAP username automatically in the background and can sign in immediately once LDAP is enabled. Users can be invited to multiple organizations, with registration granting access to every organization they were invited to, and LDAP users following an invite link are now taken directly to the sign-in page, where the invite is accepted on their first sign-in.

 

GWB-6587 – Members Unable to Edit Policies
Affects Versions: V3.63.0 Fix Version: V3.66.2
Problem:

Since V3.63.0, users with the Member role could no longer edit policies used on node groups they were a part of. A change introduced to prevent users from editing public policies inadvertently removed this capability.
Solution:

The permission check has been corrected so that Member users can once again edit policies for their node groups, while public policies remain protected from unauthorized edits.

 

GWB-6589 – Errors Opening Specific Benchmarks
Affects Versions: – Fix Version: V3.66.2
Problem:

Opening certain CIS benchmark policies resulted in an error page. This affected benchmarks where an older version had been removed by the CIS data tidy-up option, leaving behind references to the deleted benchmark data.
Solution:

Benchmark pages now handle removed benchmark versions correctly, and affected benchmarks open as expected.

 

GWB-6593 – Policy CI Path Wildcards Not Applied to Paths Containing Slashes
Affects Versions: – Fix Version: V3.66.2
Problem:

Wildcards in a policy CI path were not applied correctly when the CI path contained slashes, causing policy checks to miss configuration items they should have matched.
Solution:

Wildcard matching in policy CI paths has been extended to correctly handle paths containing slashes.

 

GWB-6596 – Post-Login Redirect Returned 404 on On-Premise Installations
Affects Versions: – Fix Version: V3.66.2
Problem:

On a default on-premise installation, an account administrator's first sign-in could be redirected to a page that returned a "page cannot be found" error.
Solution:

The post-login redirect now correctly lands on the node setup page when the new user interface is not enabled.

Guardian Agent V5.51.3

Here's what's included in V5.51.3 of the Guardian Agent as part of the May 2026 monthly release.

Other Enhancements

The following additional enhancements are included within this release of the Guardian Agent.

Azure Cloud Discovery Updates

Azure cloud discovery has been expanded and standardized across a wide range of resource types, improving the coverage and consistency of discovered Azure resources. This update includes:

  • Azure SQL, MySQL, and PostgreSQL databases

  • Azure VM Scale Sets

  • Azure App Services and Function Apps

  • Azure Network Interfaces and Network Watchers

  • Azure Private DNS Zones

  • Standardized labels, tags, and capitalization across all Azure blueprints

Improved Remote Helper Version Logging

When a remote helper is present on a target node but does not meet the minimum version requirement, the agent now logs the detected version and the required version. Additionally, when a privileged scan is expected to use the remote helper, any failure to use it is now logged against the scan task as a warning visible in Job History.

Consistent Ordering of Set-Type Attributes in Linux Scans

Attributes that represent unordered sets — such as group membership lists — are now sorted before submission in Linux scans. This prevents differences being raised when only the ordering of such values changes between scans.

Fixed Issues

The following issue has been fixed within this release of the Guardian Agent.

GLA-889 – F5 Configuration Parser Error: "unexpected $end"
Affects Versions: V5.41.0 Fix Version: V5.51.3
Problem:

Scans of some F5 load balancers failed with the error F5 configuration parser issue: ... syntax error: unexpected $end. This occurred when the device configuration contained escaped or commented bracket symbols, which caused the parser's brace matching to fail.
Solution:

The F5 configuration parser now correctly accounts for escaped bracket symbols, and affected devices scan successfully.