apache/pulsar
 Watch   
 Star   
 Fork   
简介统计版本
2 days ago
pulsar
apache

v4.2.0

Changes

2026-02-20 03:47:36
pulsar
apache

v4.1.3

Cherry-picked changes

2026-02-20 03:47:22
pulsar
apache

v4.0.9

Cherry-picked changes

2026-02-16 17:24:15
pulsar
apache

v3.0.16

2026-02-16

Library updates

  • [fix][sec] Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in /pulsar-function-go (#24987)
  • [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095)
  • [fix][sec] Upgrade log4j to 2.25.3 to address CVE-2025-68161 (#25102)
  • [fix][sec] Upgrade Netty to 4.1.130.Final (#25078)
  • [fix][sec] Upgrade vertx to address CVE-2026-1002 (#25152)
  • [fix][test] Upgrade docker-java to 3.7.0 (#25209)
  • [fix] Upgrade gson to 2.13.2 (#25022)

Broker

  • [fix][broker] Fix chunked message loss when no consumers are available (#25077)
  • [fix][broker] Fix creation of replicated subscriptions for partitioned topics (#24997)
  • [fix][broker] Fix httpProxyTimeout config (#25223)
  • [fix][broker] Fix incomplete futures in topic property update/delete methods (#25228)
  • [fix][broker] Fix issue with schemaValidationEnforced in geo-replication (#25012)
  • [fix][broker] Fix MultiRolesTokenAuthorizationProvider error when subscription prefix doesn't match. (#25121)
  • [fix][broker] Fix regex matching of namespace name which might contain a regex char (#25136)
  • [fix][broker] Fix transactionMetadataFuture completeExceptionally with null value (#25231)
  • [fix][broker] Fix various error-prone detected errors mainly in logging and String.format parameters (#25059)
  • [fix][broker] Force EnsemblePolicies to resolve network location after rackInfoMap is updated due to changes in /ledgers/available znode (#25067)
  • [fix][broker] Use poll instead remove to avoid NoSuchElementException (#24933)
  • [fix][broker][branch-3.0] fix prepareInitPoliciesCacheAsync in SystemTopicBasedTopicPoliciesService (#24978)
  • [fix][admin] Fix asyncGetRequest to handle 204 (#25124)
  • [fix][ml] Fix NoSuchElementException in EntryCountEstimator caused by a race condition (#25177)
  • [fix][meta] Use getChildrenFromStore to read children data to avoid lost data (#24665)
  • [improve][broker] Give the detail error msg when authenticate failed with AuthenticationException (#25221)
  • [improve][ml] Optimize ledger opening by skipping fully acknowledged ledgers (#24655)
  • [improve][meta] Improve fault tolerance of blocking calls by supporting timeout (#21028)
  • [fix] Handle TLS close_notify to avoid SslClosedEngineException: SSLEngine closed already (#24986)

Client

  • [fix][client] Fix AutoProduceBytesSchema.clone() method (#25015)
  • [fix][client] Fix double recycling of the message in isValidConsumerEpoch method (#25008)
  • [fix][client] Fix invalid parameter type passed to Map.get in TopicsImpl.getListAsync method (#25069)
  • [fix][client] Fix producer synchronous retry handling in failPendingMessages method (#25207)
  • [fix][client] Fix race condition between isDuplicate() and flushAsync() method in PersistentAcknowledgmentsGroupingTracker due to incorrect use Netty Recycler (#25208)
  • [fix][client] Fix thread-safety of AutoProduceBytesSchema (#25014)
  • [fix][client] PIP-84: Skip processing a message in the message listener if the consumer epoch is no longer valid (#25007)
  • [fix][client] Skip processing messages in the listener when the consumer has been closed (#25006)
  • [fix][client]Producer stuck or geo-replication stuck due to wrong value of message.numMessagesInBatch (#25106)
  • [improve][client] Test no exception could be thrown for invalid epoch in message (#25013)
  • [fix] Handle TLS close_notify to avoid SslClosedEngineException: SSLEngine closed already (#24986)

Pulsar IO and Pulsar Functions

  • [fix][fn] complete flushAsync before closeAsync in ProducerCache and wait for completion in closing the cache (#25140)
  • [fix][fn] Fix graceful Pulsar Function shutdown so that consumers and producers are closed (#25157)

Others

  • [fix][proxy] Close client connection immediately when credentials expire and forwardAuthorizationCredentials is disabled (#25179)
  • [fix][proxy] Fix memory leaks in ParserProxyHandler (#25142)
  • [improve][proxy] Add regression tests for package upload with 'Expect: 100-continue' (#25211)
  • [fix][misc] Allow JWT tokens in OpenID auth without nbf claim (#25197)
  • [improve] Eliminate unnecessary duplicate schema lookups for partitioned topics in client and geo-replication (#25011)

Tests & CI

  • [fix][build] Remove Confluent and Restlet maven repositories from top level pom.xml (#24981)
  • [improve][test][branch-3.0] Add test for issue #25220

For the complete list, check the full changelog.

2025-11-17 15:57:11
pulsar
apache

v4.1.2

Cherry-picked changes

2025-11-17 15:57:03
pulsar
apache

v4.0.8

Cherry-picked changes

2025-11-17 15:55:07
pulsar
apache

v3.0.15

Cherry-picked changes

2025-09-27 12:39:08
pulsar
apache

v4.1.1

2025-09-27

Library updates

  • [fix][sec] Upgrade Netty to 4.1.127.Final to address CVEs (#24717)
  • [improve][build] Upgrade Lombok to 1.18.42 to fully support JDK25 (#24763)
  • [improve][build] Upgrade Apache Parent POM to version 35 (#24742)
  • [improve][build] Upgrade Mockito, AssertJ and ByteBuddy to fully support JDK25 (#24764)
  • [improve][build] Upgrade SpotBugs to a version that supports JDK25 (#24768)
  • [feat][misc] upgrade oxia version to 0.6.2 (#24689)
  • [improve][io] Upgrade to Debezium 3.2.2 (#24712)

Broker

  • [fix][broker] Key_Shared subscription doesn't always deliver messages from the replay queue after a consumer disconnects and leaves a backlog (#24736)
  • [fix][broker] Ensure KeyShared sticky mode consumer respects assigned ranges (#24730)
  • [fix][broker] First entry will be skipped if opening NonDurableCursor while trimmed ledger is adding first entry. (#24738)
  • [fix][broker] Fix cannot shutdown broker gracefully by admin api (#24731)
  • [fix][broker] Fix memory leak when metrics are updated in a thread other than FastThreadLocalThread (#24719)
  • [fix][broker] Prevent unexpected recycle failure in dispatcher's read callback (#24741)
  • [fix][broker]Fix never recovered metadata store bad version issue if received a large response from ZK (#24580)
  • [fix][ml]Fix EOFException after enabled topics offloading (#24753)
  • [fix][broker] Fix NPE and annotate nullable return values for ManagedCursorContainer (#24706)
  • [fix][broker]Dispatcher did unnecessary sort for recentlyJoinedConsumers and printed noisy error logs (#24634)
  • [fix][broker]Fix dirty reading of namespace level offload thresholds (#24696)
  • [fix][ml] Negative backlog & acked positions does not exist & message lost when concurrently occupying topic owner (#24722)
  • [improve][broker] If there is a deadlock in the service, the probe should return a failure because the service may be unavailable (#23634)
  • [improve][broker] Allow deletion of empty persistent topics regardless of retention policy (#24733)
  • [improve][broker] PIP-402: Optionally prevent role/originalPrincipal logging (#23386)
  • [improve][broker] Reduce unnecessary MessageMetadata parsing by caching the parsed instance in the broker cache (#24682)
  • [improve][ml] Improve cache insert performance by removing exists check since it's already covered by putIfAbsent (#24699)

Client

  • [fix][client] Avoid recycling the same ConcurrentBitSetRecyclable among different threads (#24725)
  • [fix][client] Fix receiver queue auto-scale without memory limit (#24743)
  • [fix][client]TopicListWatcher not closed when calling PatternMultiTopicsConsumerImpl.closeAsync() method (#24698)
  • [fix][client] rollback TopicListWatcher retry behavior (#24752)
  • [fix][client] Exclude io.prometheus:simpleclient_caffeine from client-side dependencies (#24761)
  • [improve][client] PIP-407 Add newMessage with schema and transactions (#23942)

Pulsar IO and Pulsar Functions

  • [fix][io] Improve Kafka Connect source offset flushing logic (#24654)
  • [feat][fn] Fallback to using STATE_STORAGE_SERVICE_URL in PulsarMetadataStateStoreProviderImpl.init (#24721)

Others

  • [fix][misc] Fix compareTo contract violation for NamespaceBundleStats, TimeAverageMessageData and ResourceUnitRanking (#24772)
  • [fix] Exclude commons-lang dep from bookkeeper (#24749)

Tests & CI

  • [fix][test] Flaky-test: BrokerServiceTest.testShutDownWithMaxConcurrentUnload (#24769)
  • [fix][broker] Fix testServiceConfigurationRetentionPolicy unit test (#24756)
  • [fix][broker]Fix the wrong logic of the test PartitionCreationTest.testCreateMissedPartitions (#24683)
  • [improve][build] Disable javadoc build failure (#24594)
  • [fix][ci] Fix CI for Java 25 including upgrade of Gradle Develocity Maven extension (#24767)

For the complete list, check the full changelog.

2025-09-27 12:39:04
pulsar
apache

v4.0.7

2025-09-27

Library updates

  • [fix][sec] Upgrade bouncycastle bcpkix-fips version to 1.79 to address CVE-2025-8916 (#24650)
  • [fix][sec] Upgrade Netty to 4.1.127.Final to address CVEs (#24717)
  • [fix][sec] Upgrade to Netty 4.1.124.Final to address CVE-2025-55163 (#24637)
  • [improve][io] Upgrade AWS SDK v1 & v2, Kinesis KPL and KPC versions (#24661)
  • [fix][misc] Upgrade dependencies to fix critical security vulnerabilities (#24532)
  • [improve][build] Upgrade Lombok to 1.18.42 to fully support JDK25 (#24763)
  • [improve][broker] Upgrade avro version to 1.12.0 (#24617)
  • [fix][misc] Upgrade fastutil to 8.5.16 (#24659)
  • [improve][build] Upgrade Apache Parent POM to version 35 (#24742)
  • [improve][build] Upgrade Mockito, AssertJ and ByteBuddy to fully support JDK25 (#24764)
  • [improve][build] Upgrade SpotBugs to a version that supports JDK25 (#24768)
  • [feat][misc] upgrade oxia version to 0.6.2 (#24689)

Broker

  • [fix][broker] Key_Shared subscription doesn't always deliver messages from the replay queue after a consumer disconnects and leaves a backlog (#24736)
  • [fix][broker] Ensure KeyShared sticky mode consumer respects assigned ranges (#24730)
  • [fix][broker] PIP-428: Fix corrupted topic policies issues with sequential topic policy updates (#24427)
  • [fix][broker][branch-4.0]Can not access topic policies if topic partitions have not been created (#24680)
  • [fix][broker] Add double-check for non-durable cursor creation (#24643)
  • [fix][broker] First entry will be skipped if opening NonDurableCursor while trimmed ledger is adding first entry. (#24738)
  • [fix][broker] Fix cannot shutdown broker gracefully by admin api (#24731)
  • [fix][broker] Fix duplicate watcher registration after SessionReestablished (#24621)
  • [fix][broker] Fix memory leak when metrics are updated in a thread other than FastThreadLocalThread (#24719)
  • [fix][broker] Fix race condition in MetadataStoreCacheLoader causing inconsistent availableBroker list caching (#24639)
  • [fix][broker] Fix REST API to produce messages to single-partitioned topics (#24450)
  • [fix][broker] Invalid regex in PulsarLedgerManager causes zk data notification to be ignored (#23977)
  • [fix][broker] Prevent unexpected recycle failure in dispatcher's read callback (#24741)
  • [fix][broker]Fix never recovered metadata store bad version issue if received a large response from ZK (#24580)
  • [fix][ml]Fix EOFException after enabled topics offloading (#24753)
  • [fix][broker] Fix incorrect AuthData passed to AuthorizationService in proxy scenarios (#24593)
  • [fix][broker] Fix namespace deletion TLS URL selection for geo-replication (#24591)
  • [fix][broker] Fix NPE and annotate nullable return values for ManagedCursorContainer (#24706)
  • [fix][broker] Fix NPE being logged if load manager class name is blank (#24570)
  • [fix][broker]Dispatcher did unnecessary sort for recentlyJoinedConsumers and printed noisy error logs (#24634)
  • [fix][broker]Failed to create partitions after the partitions were deleted because topic GC (#24651)
  • [fix][broker]Fix dirty reading of namespace level offload thresholds (#24696)
  • [fix][broker]Fix thread safety issues in BucketDelayedDeliveryTracker with StampedLock optimistic reads (#24542)
  • [fix][broker]User topic failed to delete after removed cluster because of failed delete data from transaction buffer topic (#24648)
  • [fix][ml] Negative backlog & acked positions does not exist & message lost when concurrently occupying topic owner (#24722)
  • [fix][meta] Use getChildrenFromStore to read children data to avoid lost data (#24665)
  • [improve][admin] PIP-422 part 1: Support global topic-level replicated clusters policy (#24390)
  • [improve][broker]Part-2 Add Admin API to delete topic policies (#24602)
  • [improve][broker] If there is a deadlock in the service, the probe should return a failure because the service may be unavailable (#23634)
  • [improve][ml] Optimize ledger opening by skipping fully acknowledged ledgers (#24655)
  • [improve][broker] Allow deletion of empty persistent topics regardless of retention policy (#24733)
  • [improve][broker] Extract duplication in AbstractTopic#incrementTopicEpochIfNeeded (#24520)
  • [improve][broker]Find the target position at most once, during expiring messages for a topic, even though there are many subscriptions (#24622)
  • [improve][broker]Improve the anti-concurrency mechanism expirationCheckInProgress (#24607)
  • [improve][broker]Remove block calling that named cursor.asyncGetNth when expiring messages (#24606)

Client

  • [fix][client] Avoid recycling the same ConcurrentBitSetRecyclable among different threads (#24725)
  • [fix][client] fix ArrayIndexOutOfBoundsException in SameAuthParamsLookupAutoClusterFailover (#24662)
  • [fix][client] Fix ArrayIndexOutOfBoundsException when using SameAuthParamsLookupAutoClusterFailover (#23336)
  • [fix][client] Fix receiver queue auto-scale without memory limit (#24743)
  • [fix][client] Retry for unknown exceptions when creating a producer or consumer (#24599)
  • [fix][client] Skip schema validation when sending messages to DLQ to avoid infinite loop when schema validation fails on an incoming message (#24663)
  • [fix][client]Prevent ZeroQueueConsumer from receiving batch messages when using MessagePayloadProcessor (#24610)
  • [fix][client]TopicListWatcher not closed when calling PatternMultiTopicsConsumerImpl.closeAsync() method (#24698)
  • [fix][client] rollback TopicListWatcher retry behavior (#24752)
  • [improve][client] Support load RSA PKCS#8 private key (#24582)
  • [fix][client] Exclude io.prometheus:simpleclient_caffeine from client-side dependencies (#24761)
  • [improve][client] Add OpenTelemetry metrics for client memory buffer usage (#24647)
  • [improve][client] RawReader support pause and resume (#24597)
  • [fix][client] Refactor AttributeWrappedMeasurement to use a class instead of a record to compatible with lower version JDK

Pulsar IO and Pulsar Functions

  • [fix][io] Improve Kafka Connect source offset flushing logic (#24654)
  • [improve][io] Add dependency file name information to error message when .nar file validation fails with ZipException (#24604)
  • [improve][io] Support specifying Kinesis KPL native binary path with 1.0 version specific path (#24669)
  • [improve][io] Add support for the complete KinesisProducerConfiguration in KinesisSinkConfig (#24489)
  • [feat][fn] Fallback to using STATE_STORAGE_SERVICE_URL in PulsarMetadataStateStoreProviderImpl.init (#24721)

Others

  • [fix][proxy] Fix TooLongFrameException with Pulsar Proxy (#24626)
  • [fix][misc] Fix compareTo contract violation for NamespaceBundleStats, TimeAverageMessageData and ResourceUnitRanking (#24772)
  • [improve][doc] Improve the JavaDocs of sendAsync to avoid improper use (#24601)
  • [fix][offload] Exclude unnecessary dependencies from tiered storage provider / offloader nar files (#24649)
  • [fix][ws] Allow websocket principals to specify originalPrincipal without proxy role (#24642)
  • [fix][ws] Fix WebSocket authentication with authenticateOriginalAuthData enabled (#24615)
  • [fix][ws] Fix WebSocket proxy originalPrincipal for HTTP admin API calls (#24613)
  • [fix] Exclude commons-lang dep from bookkeeper (#24749)

Tests & CI

  • [improve][build] Use org.apache.nifi:nifi-nar-maven-plugin:2.1.0 with skipDocGeneration=true (#24668)
  • [fix][ci] Fix code coverage metrics in Pulsar CI (#24595)
  • [fix][test] Fix ConcurrentModificationException in Ipv4Proxy (#24632)
  • [fix][test] Flaky-test: BrokerServiceTest.testShutDownWithMaxConcurrentUnload (#24769)
  • [fix][test]fix flaky ZeroQueueSizeTest.testZeroQueueGetExceptionWhenReceiveBatchMessage (#24633)
  • [fix][test]fix flaky ZeroQueueSizeTest.testZeroQueueGetExceptionWhenReceiveBatchMessage (#24630)
  • [fix][broker] Fix flaky testReplicatorsInflightTaskListIsEmptyAfterReplicationFinished (#24590)
  • [fix][broker] Fix testServiceConfigurationRetentionPolicy unit test (#24756)
  • [fix][broker]Fix flaky test PartitionCreationTest.testCreateMissedPartitions (#24679)
  • [fix][broker]Fix the wrong logic of the test PartitionCreationTest.testCreateMissedPartitions (#24683)
  • [improve][build] Disable javadoc build failure (#24594)
  • [improve][build] Increase maven resolver's sync context timeout (#24666)
  • [improve][test] Add test for dead letter topic with max unacked messages blocking (#24535)
  • [improve][test] Refactor the way way pulsar-io-debezium-oracle nar file is patched when building the test image (#24586)
  • [fix][ci] Fix CI for Java 25 including upgrade of Gradle Develocity Maven extension (#24767)
  • [fix][build][branch-4.0] Fix checkstyle in BrokerServiceAutoTopicCreationTest

For the complete list, check the full changelog.

2025-09-27 12:38:59
pulsar
apache

v3.3.9

2025-09-27

Library updates

  • [fix][sec] Upgrade bouncycastle bcpkix-fips version to 1.79 to address CVE-2025-8916 (#24650)
  • [fix][sec] Upgrade Netty to 4.1.127.Final to address CVEs (#24717)
  • [fix][sec] Upgrade to Netty 4.1.124.Final to address CVE-2025-55163 (#24637)
  • [improve][build] Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#24514)
  • [improve][io] Upgrade AWS SDK v1 & v2, Kinesis KPL and KPC versions (#24661)
  • [fix][misc] Upgrade dependencies to fix critical security vulnerabilities (#24532)
  • [improve][build] Upgrade Lombok to 1.18.42 to fully support JDK25 (#24763)
  • [improve][build] Upgrade Apache Parent POM to version 35 (#24742)

Broker

  • [fix][broker] Add double-check for non-durable cursor creation (#24643)
  • [fix][broker] Ensure KeyShared sticky mode consumer respects assigned ranges (#24730)
  • [fix][broker] First entry will be skipped if opening NonDurableCursor while trimmed ledger is adding first entry. (#24738)
  • [fix][broker] Fix cannot shutdown broker gracefully by admin api (#24731)
  • [fix][broker] Fix duplicate watcher registration after SessionReestablished (#24621)
  • [fix][broker] Fix memory leak when metrics are updated in a thread other than FastThreadLocalThread (#24719)
  • [fix][broker] Fix race condition in MetadataStoreCacheLoader causing inconsistent availableBroker list caching (#24639)
  • [fix][broker] Fix REST API to produce messages to single-partitioned topics (#24450)
  • [fix][broker] Invalid regex in PulsarLedgerManager causes zk data notification to be ignored (#23977)
  • [fix][broker] Prevent unexpected recycle failure in dispatcher's read callback (#24741)
  • [improve][broker] If there is a deadlock in the service, the probe should return a failure because the service may be unavailable (#23634)
  • [fix][meta] Use getChildrenFromStore to read children data to avoid lost data (#24665)
  • [improve][broker]Remove block calling that named cursor.asyncGetNth when expiring messages (#24606)

Client

  • [fix][client] Avoid recycling the same ConcurrentBitSetRecyclable among different threads (#24725)
  • [fix][client] fix ArrayIndexOutOfBoundsException in SameAuthParamsLookupAutoClusterFailover (#24662)
  • [fix][client] Fix ArrayIndexOutOfBoundsException when using SameAuthParamsLookupAutoClusterFailover (#23336)
  • [fix][client] Fix receiver queue auto-scale without memory limit (#24743)
  • [fix][client] Retry for unknown exceptions when creating a producer or consumer (#24599)
  • [fix][client] Skip schema validation when sending messages to DLQ to avoid infinite loop when schema validation fails on an incoming message (#24663)
  • [fix][client]Prevent ZeroQueueConsumer from receiving batch messages when using MessagePayloadProcessor (#24610)
  • [fix][client]TopicListWatcher not closed when calling PatternMultiTopicsConsumerImpl.closeAsync() method (#24698)
  • [fix][client] rollback TopicListWatcher retry behavior (#24752)
  • [improve][client] Support load RSA PKCS#8 private key (#24582)

Pulsar IO and Pulsar Functions

  • [fix][io] Improve Kafka Connect source offset flushing logic (#24654)
  • [improve][io] Add dependency file name information to error message when .nar file validation fails with ZipException (#24604)
  • [improve][io] Support specifying Kinesis KPL native binary path with 1.0 version specific path (#24669)
  • [feat][fn] Fallback to using STATE_STORAGE_SERVICE_URL in PulsarMetadataStateStoreProviderImpl.init (#24721)

Others

  • [fix][proxy] Fix TooLongFrameException with Pulsar Proxy (#24626)
  • [fix][misc] Fix compareTo contract violation for NamespaceBundleStats, TimeAverageMessageData and ResourceUnitRanking (#24772)
  • [improve][doc] Improve the JavaDocs of sendAsync to avoid improper use (#24601)
  • [fix][offload] Exclude unnecessary dependencies from tiered storage provider / offloader nar files (#24649)

Tests & CI

  • [improve][build] Use org.apache.nifi:nifi-nar-maven-plugin:2.1.0 with skipDocGeneration=true (#24668)
  • [fix][ci] Fix code coverage metrics in Pulsar CI (#24595)
  • [fix][test] Fix ConcurrentModificationException in Ipv4Proxy (#24632)
  • [fix][test] Flaky-test: BrokerServiceTest.testShutDownWithMaxConcurrentUnload (#24769)
  • [fix][test]fix flaky ZeroQueueSizeTest.testZeroQueueGetExceptionWhenReceiveBatchMessage (#24633)
  • [fix][test]fix flaky ZeroQueueSizeTest.testZeroQueueGetExceptionWhenReceiveBatchMessage (#24630)
  • [fix][broker] Fix flaky testReplicatorsInflightTaskListIsEmptyAfterReplicationFinished (#24590)
  • [improve][build] Disable javadoc build failure (#24594)
  • [improve][build] Increase maven resolver's sync context timeout (#24666)
  • [improve][test] Add test for dead letter topic with max unacked messages blocking (#24535)
  • [improve][test] Refactor the way way pulsar-io-debezium-oracle nar file is patched when building the test image (#24586)
  • [fix][ci] Fix CI for Java 25 including upgrade of Gradle Develocity Maven extension (#24767)

For the complete list, check the full changelog.