Apache Superset is a modern, enterprise-ready business intelligence web application

[!WARNING] Since this is a release candidate (RC), we do NOT recommend using it in a production environment. Is something not working as expected? We welcome bug reports and feedback about new features.

• Various fixes on the export route by @Mubelotix in https://github.com/meilisearch/meilisearch/pull/5753
• Fix: Preserve order of searchable attributes when modified by @ManyTheFish in https://github.com/meilisearch/meilisearch/pull/5751
• Introduce filters in the chat completions by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/5710
• Fix Total Hits being wrong when rankingScoreThreshold is used by @Mubelotix in https://github.com/meilisearch/meilisearch/pull/5725
• Allow sorting on the /documents route by @Mubelotix in https://github.com/meilisearch/meilisearch/pull/5716
• Tests for multimodal by @Mubelotix in https://github.com/meilisearch/meilisearch/pull/5734
• Fix incorrect document count in stats after clearing all documents by @kametsun in https://github.com/meilisearch/meilisearch/pull/5754
• Fix chat settings dumpless upgrade by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/5761

• @kametsun made their first contribution in https://github.com/meilisearch/meilisearch/pull/5754

• All changes since RC.0
• RC.1 changelog
• RC.0 changelog

This is a security release.

• (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()

• [db7b93fcef] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721

This is a security release.

• (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()

• [8cf5d66ab7] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721
• [9c0cb487ec] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #58902

This is a security release.

• (CVE-2025-27209) HashDoS in V8 with new RapidHash algorithm
• (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()

• [c33223f1a5] - (CVE-2025-27209) deps: V8: revert rapidhash commits (Michaël Zasso) nodejs-private/node-private#713
• [56f9db2aaa] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721

• Prevent client panicking when Milvus server return malformed search result by @congqixia
• Fix a bug that when search nq > 1, client failed to parse nullable column by @congqixia

Full Changelog: https://github.com/milvus-io/milvus/compare/client/v2.5.5...client/v2.5.4