JavaGolangJavaScriptSwiftAndroidRustMiddleware
8 hours ago
seaweedfs
seaweedfs

4.25

Note

This is a quick follow up for 4.24. It is safe to upgrade.

  • The erasure coding with multi-disk servers needs to recover automatically from previous failures.
  • The added security checking caused Admin UI not working well. Users with security.toml configured may get into this.

What's Changed

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.24...4.25

13 hours ago
redis
redis

8.8-RC1

This is the first Release Candidate of Redis 8.8 in Redis Open Source.

Release Candidates are feature-complete pre-releases. Pre-releases are not suitable for production use.

Headlines:

Redis 8.8 introduces new features and performance improvements.

Operating systems we test Redis 8.8 on

  • Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat), 26.04 (Resolute Raccoon)
  • Rocky Linux 8.10, 9.7, 10.1
  • AlmaLinux 8.10, 9.7, 10.1
  • Debian 12.13 (Bookworm), Debian 13.4 (Trixie)
  • Alpine 3.23
  • macOS 14.8.4 (Sonoma), 15.7.4 (Sequoia), 26.3 (Tahoe) - for both Intel and ARM

Security fixes (compared to 8.8-M03)

  • (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
  • (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
  • (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
  • (CVE-2026-25588) Invalid memory access in RESTORE may lead to Remote Code Execution (Time Series)
  • (CVE-2026-25589) Invalid memory access in RESTORE may lead to Remote Code Execution (Probabilistic)

New Features (compared to 8.8-M03)

  • #15162 New data structure: Array (@antirez)
  • #15045 INCREX: a window counter rate limiter combining INCR,INCRBY,INCRBYFLOAT, bounds, and expiration (@raffertyyu + Redis team)
  • In group sorting new reducer, allowing unwind grouped documents (after GROUPBY) and sort them

Removed Features (compared to 8.8-M03)

  • #15191 Remove GCRA rate limiter

Bug fixes (compared to 8.8-M03)

  • SUBSCRIBE, PSUBSCRIBE, SSUBSCRIBE: crash on OOM (RED-167788)
  • CONFIG SET: some settings allow invalid characters (RED-167787)
  • SCRIPT DEBUG: potential crash on scripts (RED-175507)
  • VADD: crash or buffer overflow on large REDUCE value (RED-170921)
  • VSET: crash on huge allocations (MOD-12678)
  • #15188 cluster-announce-ip rejecting hostnames (regression)
  • #15095 Double free when loading streams with duplicate consumer PEL entries
  • #15124 Issues processing corrupt Streams RDB data
  • #15111 fast_float_strtod rounding mismatch
  • #15190 vecClear reset the logical size without releasing element ownership
  • #15163 MULTI queue memory incorrect memory accounting
  • #15094 Cluster crash when CLIENT KILL unsubscribes SSUBSCRIBE client inside EXEC
  • #15151 Listpack backlength encoding thresholds off-by-one
  • #15115 Under-copy in the Lua debugger
  • #14970 Sentinel config injection via SENTINEL SET
  • #14934 Client output buffer memory tracking not accounting for copy-avoided bulk string references
  • RediSearch/RediSearch#9182 FT.PROFILE HYBRID returns an empty reply (MOD-14778)
  • RediSearch/RediSearch#9079 FT.SPELLCHECK treats PARAMS placeholders as literal terms instead of resolving them (MOD-10596)
  • RediSearch/RediSearch#9047 FT.PROFILE output is inconsistent when a profiled value is missing (MOD-10560)
  • RediSearch/RediSearch#9078 FT.CREATE now rejects schema definitions with invalid option combinations at creation time (MOD-14655)
  • RediSearch/RediSearch#9012 PERSIST and HPERSIST notifications are not reflected in index expiration tracking (MOD-14800)
  • RediSearch/RediSearch#9066 Race condition in FT.HYBRID causes intermittent failures under concurrent hybrid query load (MOD-14732)
  • RediSearch/RediSearch#9163 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable) (MOD-14475)
  • RediSearch/RediSearch#9031, RediSearch/RediSearch#9473 Coordinator deadlock under mixed FT.SEARCH and FT.AGGREGATE load (MOD-14268)
  • RediSearch/RediSearch#9028 Memory leak when FT.DROPINDEX runs concurrently with in-flight hybrid queries (MOD-14135)
  • RediSearch/RediSearch#9310, RediSearch/RediSearch#9350 FT.CURSOR READ timeout and ON_TIMEOUT FAIL not enforced on coordinator and shard (MOD-14284, MOD-14998)
  • RediSearch/RediSearch#9425 Cursors not cleaned up after MAXIDLE, causing resource exhaustion (MOD-6430)
  • RediSearch/RediSearch#9234, RediSearch/RediSearch#9404 Coordinator RETURN_STRICT returns wrong data on partial results, including SORTBY pipeline (MOD-13617)
  • RediSearch/RediSearch#9382 MAXPREFIXEXPANSION warnings not propagated to clients in cluster mode (MOD-13804)
  • RediSearch/RediSearch#9218 Search commands fail when no worker thread is available instead of falling back to main thread (MOD-14921)
  • RediSearch/RediSearch#9448 RDB load missing validation of FT.CREATE arguments, allowing corrupt index state on load (MOD-13118)
  • RediSearch/RediSearch#9377 Use-after-move in Indexer_Process causes crash during indexing (MOD-14980)
  • RediSearch/RediSearch#9408 Deadlock between background query and main-thread writer (MOD-15364)
  • RediSearch/RediSearch#9114 FT.PROFILE prints output using wrong iterator type (MOD-14678)
  • RediSearch/RediSearch#9421 Confusing error returned when DEBUG_PARAMS_COUNT is zero (MOD-15118)
  • RediSearch/RediSearch#9045 Stack-smashing error in coordinator code path (MOD-14649)
  • RedisJSON/RedisJSON#1554 Trailing chars are ignored (MOD-7266); Fixes RedisJSON/RedisJSON#976
  • RedisJSON/RedisJSON#1543 Wrong mutation ordering for array commands with recursive paths (MOD-6722)
  • RedisJSON/RedisJSON#1542 JSONPath evaluation issues (MOD-14664); Fixes RedisJSON/RedisJSON#968 (MOD-7264), RedisJSON/RedisJSON#962 (MOD-7272), RedisJSON/RedisJSON#963 (MOD-7270), RedisJSON/RedisJSON#1089 (MOD-7268)
  • RedisTimeSeries/RedisTimeSeries#2003 Potential crash on disconnections and TLS failures (MOD-14850)
  • RedisTimeSeries/RedisTimeSeries#2013 count, countNaN, countAll reducers return NaN when all values are NaN (MOD-14420)

Performance and resource utilization improvements (compared to 8.8-M03)

  • #15049 Hyperloglog: 4 independent accumulators that are merged at the end
  • #15133 Batched prefetch for MGET and MSET
  • #14988 Batched prefetch for HGETALL on hashtable-encoded hashes
  • #15071 Pass size hint to jemalloc for faster deallocation
  • #15096 Reduces allocator and accounting overhead by adding compile-time jemalloc tuning
  • RediSearch/RediSearch#9197 Vector index hot path (HNSW and brute-force) devirtualized, reducing per-query latency (MOD-14916)
  • RediSearch/RediSearch#9262, RediSearch/RediSearch#9476 Inline LSE atomics enabled on AArch64, improving atomic operation throughput on ARM64 (MOD-14916, MOD-15419)
  • RediSearch/RediSearch#9293 Expiration handling overhead reduced when many keys expire simultaneously (MOD-14916)
  • RediSearch/RediSearch#9017 LTO (link-time optimization) enabled for x86_64 release builds (MOD-14700)
  • RediSearch/RediSearch#8765 Shard-level timeout adjusted to coordinator dispatch time for more accurate accounting (MOD-13189)
  • RediSearch/RediSearch#8790, RediSearch/RediSearch#8900, RediSearch/RediSearch#8827, RediSearch/RediSearch#8971, RediSearch/RediSearch#8966, RediSearch/RediSearch#8762, RediSearch/RediSearch#8678, RediSearch/RediSearch#8915, RediSearch/RediSearch#8653, RediSearch/RediSearch#9085, RediSearch/RediSearch#8751, RediSearch/RediSearch#8692, RediSearch/RediSearch#9224 Iterators ported to Rust, reducing FFI overhead
  • RediSearch/RediSearch#9500 numRecords no longer updated for vector fields, removing unnecessary write overhead on ingest (MOD-15487)
  • VecSim SVS thread pool integrated with the worker pool for better thread utilization (MOD-9881)

Configuration parameters

  • #15182 Slowlog entry truncation limits:
    • slowlog-entry-max-argc: maximum number of command arguments kept in a slowlog entry
    • slowlog-entry-max-string-len: maximum length of a command argument in a slowlog entry
  • RediSearch/RediSearch#8876, RediSearch/RediSearch#8960 Default maximum worker threads value updated; MAX_WORKER_THREADS is now a string config (MOD-14486, MOD-14763)

Metrics (compared to 8.8-M03)

  • RediSearch/RediSearch#8210, RediSearch/RediSearch#8231 FT.PROFILE: added queue time tracking (MOD-13602)

CLI tools

  • #15150 Memory leak on malformed legacy help entry in redis-cli
19 hours ago
orientdb
orientechnologies

3.2.52

This patch release contain an additional fix in query engine "order by" logic with nested properties, and a fix in dates without time.

Changes

Core

  • Truncate asDate timestamps with 24-hour clock, thanks @officialasishkumar
  • Avoid to use index when using order by with nested property issue #10732
  • Dependencies updates

Artifacts

orientdb-community-3.2.52.tar.gz orientdb-community-3.2.52.zip

orientdb-tp3-3.2.52.tar.gz orientdb-tp3-3.2.52.zip

agent-3.2.52.jar

21 hours ago
rustfs
rustfs

1.0.0-beta.3

What's Changed

New Contributors

Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.2...1.0.0-beta.3

23 hours ago
seaweedfs
seaweedfs

4.24

Important note

4.23 is not safe when there are multiple disks configured and erasure coding(EC) is using the worker. The worker added a capability to distribute EC shards to different disks to ensure proper shard distribution. However, the volume server fails to loaded the EC shards, because the EC index could be on a different peer disk.

What's Changed

New Contributors

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.23...4.24

1 days ago
node
nodejs

2026-05-13, Version 22.22.3 'Jod' (LTS), @marco-ippolito

Commits

  • [4f780905c5] - crypto: fix potential null pointer dereference when BIO_meth_new() fails (Nora Dossche) #61788
  • [4a09efb947] - crypto: update root certificates to NSS 3.121 (Node.js GitHub Bot) #62485
  • [e4c0d99839] - deps: update timezone to 2026a (Node.js GitHub Bot) #62164
  • [0226c8dd7a] - deps: update simdjson to 4.5.0 (Node.js GitHub Bot) #62382
  • [e742ab748c] - deps: update sqlite to 3.51.3 (Node.js GitHub Bot) #62256
  • [73cac0571a] - deps: update amaro to 1.1.8 (Node.js GitHub Bot) #62151
  • [ae5c162b93] - deps: update amaro to 1.1.7 (Node.js GitHub Bot) #61730
  • [b819cb9977] - deps: update amaro to 1.1.6 (Node.js GitHub Bot) #61603
  • [bbcce09dc7] - deps: update sqlite to 3.52.0 (Node.js GitHub Bot) #62150
  • [22ff2d81ce] - deps: update simdjson to 4.3.1 (Node.js GitHub Bot) #61930
  • [f49b51d75c] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #61928
  • [1a5cec0d49] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925
  • [d339497688] - deps: update nbytes to 0.1.3 (Node.js GitHub Bot) #61879
  • [3ff8ffd459] - deps: remove stale OpenSSL arch configs (René) #61834
  • [b8ddbc1e9a] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #61827
  • [ffda97afd4] - deps: update googletest to 2461743991f9aa53e9a3625eafcbacd81a3c74cd (Node.js GitHub Bot) #62484
  • [79aa32cf4f] - deps: update googletest to 73a63ea05dc8ca29ec1d2c1d66481dd0de1950f1 (Node.js GitHub Bot) #61927
  • [b6957e13b6] - deps: update archs files for openssl-3.5.6 (Node.js GitHub Bot) #62629
  • [3a27669063] - deps: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub Bot) #62629
  • [d568a1bb53] - deps: upgrade npm to 10.9.8 (npm team) #62463
  • [ec11f3c1d5] - deps: V8: backport 85b390089e51 (Thibaud Michaud) #62783
  • [08609712ed] - deps: V8: backport 1b27e4674f11 (Thibaud Michaud) #62783
  • [dcc60d5ab2] - deps: V8: backport 9997fc013952 (Thibaud Michaud) #62783
  • [1d1f4451fb] - deps: V8: cherry-pick b96e40d5ac85 (Clemens Backes) #62783
  • [2268567237] - deps: V8: cherry-pick 7cb6188cf913 (Thibaud Michaud) #62783
  • [92804cdbea] - deps: V8: cherry-pick e7ccf0af1bdd (Thibaud Michaud) #62783
  • [eae2c27a40] - deps: V8: cherry-pick 8e214ec3ec8c (Thibaud Michaud) #62783
  • [a1799a49bb] - deps: V8: backport 63b8849d73ae (Thibaud Michaud) #62783
  • [a2df2d8731] - deps: V8: backport 323942700cfe (Thibaud Michaud) #62783
  • [e3d65c7dca] - deps: V8: backport 89dc6eab605c (Thibaud Michaud) #62783
  • [5e7db133de] - deps: V8: backport 910cb91733dc (Jakob Kummerow) #62783
  • [d0c24a28af] - deps: V8: cherry-pick b8f91e510e0f (Thibaud Michaud) #62783
  • [d358687824] - deps: V8: cherry-pick cf03d55db2a0 (Thibaud Michaud) #62783
  • [67c8b2c349] - deps: V8: cherry-pick 692f3d526a38 (Sébastien Doeraene) #62783
  • [71e5a59ffd] - deps: V8: cherry-pick c734674e03f9 (Manos Koukoutos) #62783
  • [f0dbe81c7b] - deps: V8: cherry-pick b2f3aea23a01 (Thibaud Michaud) #62783
  • [d333f480c3] - deps: V8: cherry-pick 5f1342c20b59 (Matthias Liedtke) #62783
  • [db722725bb] - deps: use npm undici@six tag in update-undici.sh (Matteo Collina) #63012
  • [9b57979d9c] - doc: add Rafael to last security release steward (Rafael Gonzaga) #62423
  • [d8075585bf] - doc: add path to vulnerabilities.json mention (Rafael Gonzaga) #62355
  • [6ec9a70204] - doc: clarify fs.ReadStream and fs.WriteStream are not constructable (Kit Dallege) #62208
  • [1fc86fcb6e] - doc: add note (and caveat) for mock.module about customization hooks (Jacob Smith) #62075
  • [491be80bd9] - doc: add efekrskl as triager (Efe) #61876
  • [18558293a3] - doc: fix module.stripTypeScriptTypes indentation (René) #61992
  • [8e20976522] - doc: explicitly mention Slack handle (Rafael Gonzaga) #61986
  • [70b8e6b4fb] - doc: rename invalid function parameter (René) #61942
  • [4045c76f6c] - doc: clarify status of feature request issues (Antoine du Hamel) #61505
  • [c54652f2aa] - doc: remove incorrect mention of module in typescript.md (Rob Palmer) #61839
  • [9fad6cedf5] - doc: clarify async caveats for events.once() (René) #61572
  • [2f1e5733fe] - doc: update Juan's security steward info (Juan José) #61754
  • [a64bdb5068] - doc: fix overstated Date header requirement in response.sendDate (Kit Dallege) #62206
  • [02797de923] - doc: fix small environment_variables typo (chris) #62279
  • [f22ebdc809] - doc: fix small logic error in DETECT_MODULE_SYNTAX (René) #62025
  • [9f4508062a] - doc: fix methods being documented as properties in process.md (Antoine du Hamel) #61765
  • [3ea39ff135] - doc: fix dropdown menu being obscured at <600px due to stacking context (Jeff) #61735
  • [c22445079b] - doc: fix spacing in process message event (Aviv Keller) #61756
  • [32831b5223] - doc: fix broken links of net.md (YuSheng Chen) #61673
  • [005508d509] - doc: remove obsolete Boxstarter automated install (Mike McCready) #61785
  • [37c2fd6f7d] - esm: fix path normalization in finalizeResolution (Antoine du Hamel) #62080
  • [1769d74613] - esm: populate separate cache for require(esm) in imported CJS (Joyee Cheung) #59679
  • [ee02966ffc] - http: fix keep-alive socket reuse race in requestOnFinish (Martin Slota) #61710
  • [2fdb5ce6cc] - http2: fix FileHandle leak in respondWithFile (sangwook) #61707
  • [aa2c1eca04] - lib: fix source map url parse in dynamic imports (Chengzhong Wu) #61990
  • [785b00cbeb] - meta: pass release version to release worker (flakey5) #62777
  • [447fb9a0b5] - meta: persist sccache daemon until end of build workflows (René) #61639
  • [5065a0acb3] - module: do not invoke resolve hooks twice for imported cjs (Joyee Cheung) #61529
  • [9a2e21305d] - module: do not wrap module._load when tracing is not enabled (Joyee Cheung) #61479
  • [b9240bc063] - module: fix sync resolve hooks for require with node: prefixes (Joyee Cheung) #61088
  • [2e91b28aaf] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #59929
  • [39147c154e] - module: use sync cjs when importing cts (Marco Ippolito) #60072
  • [12a2462b2c] - module: only put directly require-d ESM into require.cache (Joyee Cheung) #59874
  • [cf39566277] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #61948
  • [578a9a9230] - src: clamp WriteUtf8 capacity to INT_MAX in EncodeInto (semimikoh) #62621
  • [57c3035fec] - stream: fix decoded fromList chunk boundary check (Thomas Watson) #61884
  • [57fb008bb8] - test: update tls junk data error expectations (Filip Skokan) #62629
  • [363f9a9d18] - test: skip test-url on --shared-ada builds (Antoine du Hamel) #62019
  • [daaead342b] - test: simplify encodeInto large buffer regression test (semimikoh) #62621
  • [ecfa766b41] - tools: fix auto-start-ci (Antoine du Hamel) #61900
  • [17c0a610af] - tools: fix parsing of commit trailers in lint-release-proposal GHA (Antoine du Hamel) #62077
  • [89ad7dc63b] - tools: enforce removal of lts-watch-* labels on release proposals (Antoine du Hamel) #61672
  • [5f9bb8ef0c] - tools: revert tools GHA workflow to ubuntu-latest (Richard Lau) #62024
  • [977ef80ac1] - url: process crash via malformed UNC hostname in pathToFileURL() (Nicola Del Gobbo) #62574
  • [ad8f518a81] - zlib: fix use-after-free when reset() is called during write (Matteo Collina) #62325
1 days ago
nginx
nginx

release-1.30.1

nginx-1.30.1 stable version has been released with fixes for HTTP/2 request injection vulnerability in the ngx_http_proxy_module (CVE-2026-42926), buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-42945), buffer overread vulnerabilities in the ngx_http_scgi_module and ngx_http_uwsgi_module (CVE-2026-42946), buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-42934), address spoofing vulnerability in HTTP/3 (CVE-2026-40460), and use-after-free vulnerability in OCSP requests to resolver (CVE-2026-40701).

See official CHANGES-1.30 on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

Full Changelog: https://github.com/nginx/nginx/compare/release-1.30.0...release-1.30.1

1 days ago
nginx
nginx

release-1.31.0

nginx-1.31.0 mainline version has been released with fixes for HTTP/2 request injection vulnerability in the ngx_http_proxy_module (CVE-2026-42926), buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-42945), buffer overread vulnerabilities in the ngx_http_scgi_module and ngx_http_uwsgi_module (CVE-2026-42946), buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-42934), address spoofing vulnerability in HTTP/3 (CVE-2026-40460), and use-after-free vulnerability in OCSP requests to resolver (CVE-2026-40701). Additionally, the release features support for HTTP forward proxy.

See official CHANGES on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

New Contributors

Full Changelog: https://github.com/nginx/nginx/compare/release-1.29.8...release-1.31.0

2 days ago
yugabyte-db
yugabyte

v2025.2.3.0 (Released May 14, 2026)

Download the artifacts and read the release notes here - https://docs.yugabyte.com/stable/releases/ybdb-releases/v2025.2/#v2025.2.3.0

2 days ago
grafana
grafana

13.0.1+security-01

Download page What's new highlights

  • Security: CVE-2026-28374
  • Security: CVE-2026-28376
  • Security: CVE-2026-28383
  • Security: CVE-2026-28380
  • Security: CVE-2026-33376
  • Security: CVE-2026-28379
  • Security: CVE-2026-33377
  • Security: CVE-2026-33378
  • Security: CVE-2026-33381
  • Security: CVE-2026-33380