• a578a47: [rust] Bump Rust edition to 2024, rulest_rust to 0.65.0, and crates to latest stable (#16366) (Boni García) #16366
• 6061c87: [grid] UI Light/Dark Mode Toggle (#16364) (Viet Nguyen Duc) #16364
• 8e84f0d: [rust] Set Rust version to 1.89.0 in WORKSPACE (#16368) (Boni García) #16368

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.663...7.20.0-rc.664

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.662...7.20.0-rc.663

• #48641 - Messaging kafka: incorrect setting of the graceful shutdown property for dev/test modes
• #49861 - Correct setting kafka graceful-shutdown property for dev and test profiles
• #50207 - Allow configuring Cache-Control when OIDC session cookie is created
• #50224 - Bump org.bouncycastle:bctls-fips from 2.1.20 to 2.1.22
• #50226 - Micrometer HTTP server requests metrics tags multiple URLs for 404s
• #50228 - @RestControllerAdvice raise exception
• #50243 - Use annotationProcessorPathsUseDepMgmt in Jakarta Data docs
• #50246 - Changes that allows Mcp usage from Chappie
• #50249 - Add OIDC CacheControl configuration
• #50250 - Add Transactional config in Infinispan client side
• #50251 - Polyglot application using truffle-enterprise fails due to missing nativebridge artifact in boot.
• #50252 - OutboundSseEvents (SSE) are not compressed
• #50253 - Make test-fixture sources available to continuous testing
• #50254 - Fix server requests metrics tags for 404s when initialPath ends with /
• #50259 - Explain where the links go for clarity, in the dev mode docs
• #50263 - Configure Infinispan tx caches on client side
• #50264 - Fix initial download of decompiler when version not provided
• #50265 - 3.28.1: java.util.zip.ZipException: duplicate entry in Quarkus generated jar(s)
• #50270 - Allow ecosystem extensions to use dev service result builder
• #50274 - Quarkus 3.18.1 can't find config inner classes during @QuarkusTest tests
• #50278 - Config - Avoid producing duplicate GeneratedClassBuildItem
• #50281 - Make compression work in Quarkus REST for streaming responses
• #50286 - Avoid double scanning mappings that are already included by the Quarkus processor
• #50288 - Make org.graalvm.sdk:nativebridge dependency parent first
• #50293 - UriInfo.getBaseUri ignores prefix header handling
• #50299 - Adding prefix handling to base uri
• #50300 - Improve documentation to clarify servlet type support is limited to RESTEasy Classic
• #50312 - Update security-openid-connect-providers.adoc
• #50314 - Multiple GeneratedClassBuildItem were produced for the same classes when using abstract class
• #50315 - Issues with quarkus-oidc-redis-token-state-manager
• #50316 - DevUI MCP Tool Call from Cursor fails => Cannot invoke "java.util.Map.entrySet()" because "parameters" is null
• #50320 - Dev MCP: Don't set empty params
• #50325 - Fix issue with multiple generated REST invokers
• #50327 - Application using Hibernate offline startup tries to connect to database in DEV mode on startup
• #50333 - Fix OIDC Redis Token State Manager serialization in native mode
• #50339 - Bump the hibernate group with 9 updates
• #50343 - Add example of sending back a file with `RestResponse
• #50348 - Fix Maven Wrapper in platform codestarts

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.661...7.20.0-rc.662

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.660...7.20.0-rc.661

• 9a4bbcc: [py] Add --enable-chrome-logs to chrome service args to inherit browser i/o streams (#16202) (Corey Goldberg) #16202
• b3b66a0: [dotnet] [bidi] Introduce BaseNavigationInfo type as interface (#16348) (Nikolay Borisenko) #16348
• 93fdf57: [dotnet] [bidi] Give only one chance to receive from remote end (#16360) (Nikolay Borisenko) #16360

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Full Changelog: https://github.com/Activiti/Activiti/compare/7.20.0-rc.659...7.20.0-rc.660

1. C binding 修改通过了 msvc 的编译运行。
2. Rust maker 提供了 IPv6 的生成支持，详细文档请参考 Rust Maker，使用方式如下：

# ipv6
./target/release/maker --src=../../../data/ipv6_source.txt --dst=./target/ipv6.xdb --ip-version v6
# ipv4
./target/release/maker --src=../../../data/ipv4_source.txt --dst=./target/ipv4.xdb --ip-version v4

3. Golang / Java maker 优化 IP 段的合并逻辑，对于自定义字段生成 xdb 的情况能提供更好的压缩效果，以社区 v4-基础版 的 3.4G 的 商业数据不同版本的 xdb 大小对比如下：