Hello Superset Community,

This is a call for the vote to release Apache Superset version 6.0.0.

The release candidate: https://dist.apache.org/repos/dist/dev/superset/6.0.0rc3/

The Git tag for the release: https://github.com/apache/superset/tree/6.0.0rc3

The CHANGELOG for the release: https://github.com/apache/superset/blob/6.0.0rc3/CHANGELOG/6.0.0.md

The instructions for updating to the release: https://github.com/apache/superset/blob/6.0.0rc3/UPDATING.md

Public keys are available at: https://www.apache.org/dist/superset/KEYS

The vote will be left open until at least 72 hours have passed and the necessary number of votes (3) have been reached.

Please vote accordingly:

[ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove with the reason

Thanks, The Apache Superset Team

• [CHANGE] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected. #17287
• [FEATURE] Dockerfile: Add OpenContainers spec labels to Dockerfile. #16483
• [FEATURE] SD: Add unified AWS service discovery for ec2, lightsail and ecs services. #17046
• [FEATURE] Native histograms are now a stable, but optional feature, use the scrape_native_histogram config setting. #17232 #17315
• [FEATURE] UI: Support anchored and smoothed keyword in promql editor. #17239
• [FEATURE] UI: Show detailed relabeling steps for each discovered target. #17337
• [FEATURE] Alerting: Add urlQueryEscape to template functions. #17403
• [FEATURE] Promtool: Add Remote-Write 2.0 support to promtool push metrics via the --protobuf_message flag. #17417
• [ENHANCEMENT] Clarify the docs about handling negative native histograms. #17249
• [ENHANCEMENT] Mixin: Add static UID to the remote-write dashboard. #17256
• [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub. #17278
• [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't been evaluated yet. #17282
• [ENHANCEMENT] Scrape: Allow simultaneous use of classic histogram → NHCB conversion and zero-timestamp ingestion. #17305
• [ENHANCEMENT] UI: Add smoothed/anchored in explain. #17334
• [ENHANCEMENT] OTLP: De-duplicate any target_info samples with the same timestamp for the same series. #17400
• [ENHANCEMENT] Document use_fips_sts_endpoint in sigv4 config sections. #17304
• [ENHANCEMENT] Document Prometheus Agent. #14519
• [PERF] PromQL: Speed up parsing of variadic functions. #17316
• [PERF] UI: Speed up alerts/rules/... pages by not rendering collapsed content. #17485
• [PERF] UI: Performance improvement when getting label name and values in promql editor. #17194
• [PERF] UI: Speed up /alerts for many firing alerts via virtual scrolling. #17254
• [BUGFIX] PromQL: Fix slice indexing bug in info function on churning series. #17199
• [BUGFIX] API: Reduce lock contention on /api/v1/targets. #17306
• [BUGFIX] PromQL: Consistent handling of gauge vs. counter histograms in aggregations. #17312
• [BUGFIX] TSDB: Allow NHCB with -Inf as the first custom value. #17320
• [BUGFIX] UI: Fix duplicate loading of data from the API speed up rendering of some pages. #17357
• [BUGFIX] Old UI: Fix createExpressionLink to correctly build /graph URLs so links from Alerts/Rules work again. #17365
• [BUGFIX] PromQL: Avoid panic when parsing malformed info call. #17379
• [BUGFIX] PromQL: Include histograms when enforcing sample_limit. #17390
• [BUGFIX] Config: Fix panic if TLS CA file is absent. #17418
• [BUGFIX] PromQL: Fix histogram_fraction for classic histograms and NHCB if lower bound is in the first bucket. #17424

Download page What's new highlights

• API Clients: Add lazy hooks to clients #113226, @tomratcliffe
• API clients: Automatically set PATCH headers #111879, @Clarity-89
• API clients: Extract into a package #111810, @Clarity-89
• API clients: Extract into a package (Enterprise)
• API clients: Update API clients to include all endpoints & add hooks #113061, @tomratcliffe
• AccessControl: Include hidden roles in service account role display #112924, @Jguer
• AccessControl: Increase limit of LBAC for Datasources rules #111560, @Jguer
• Accessibility: Wrap data source info onto 2 lines at small viewports #113033, @ashharrison90
• Alert Enrichment: Add mutator to insert rule UID labels to allow for efficient use of labelSelector (Enterprise)
• Alerting: Add enrichment components to rule view page (Enterprise)
• Alerting: Add enrichment section to rule view page (Enterprise)
• Alerting: Add jitter support for periodic alert state storage to reduce database load spikes #111357, @softho0n
• Alerting: Add position-based matching for identical alert rules #112407, @konrad147
• Alerting: Create alertingAlertRuleFormSchema in restrictedGrafanaApis #112794, @soniaAguilarPeiron
• Alerting: Display error message in central state history view #111445, @laurenashleigh
• Alerting: Enrichment per rule wip-2 (Enterprise)
• Alerting: Hide metadata if grouping by folder #113216, @laurenashleigh
• Alerting: Improve template ai helper prompt and add some examples (Enterprise)
• Alerting: Move enrichment tab between details and versions #110886, @laurenashleigh
• Alerting: Remove ai feedback button from alert form #112713, @soniaAguilarPeiron
• Alerting: Remove unused components #111320, @laurenashleigh
• Alerting: Remove useRulesSourcesWithRuler for SmartAlertTypeDetector #111623, @soniaAguilarPeiron
• Alerting: Surface remote AM silence creation errors properly #112757, @moustafab
• Alerting: Triage #110339, @gillesdemey
• Alerting: Triage rule details drawer #112055, @konrad147
• Alerting: Update prompt examples for template AI Helper (Enterprise)
• Alerting: Update width to instance details drawer in Triage page #113209, @soniaAguilarPeiron
• Alerting: Use new enrichment endpoints in FE (Enterprise)
• Alerting: Use ruleUid as a prop instead of extracting it from the rule context (Enterprise)
• Analytics: Aggregate daily summary in datasources analytics (Enterprise)
• Analytics: Apply proper batching to Loki exports and add configurable settings (Enterprise)
• Annotations: Exclude internal dashboard id when saved via UID #111535, @ryantxu
• Azure: Use SSO settings in plugin context #112058, @aangelisc
• Buttons: Active style for buttons #111235, @gtk-grafana
• Caching: Disable cache if datasource has oauthPassThru=true (Enterprise)
• Canvas: Allow non-icon bg image fields #112308, @fastfrwrd
• Chore: Add logsdrilldown replace to apps/iam/go.mod #112581, @njvrzm
• CloudWatch Logs: Don't add console link to every field in the logs response #112230, @idastambuk
• CloudWatch Logs: Support Log Anomalies query type #113067, @idastambuk
• CloudWatch: Add syntax highlighting and autocomplete for logs diff command #111207, @kevinwcyu
• CloudWatch: Add tracking for logs anomalies #113181, @idastambuk
• Dashboard Controls: Add annotations to the dashboard controls menu #112816, @leventebalogh
• Dashboard Picker: Update to use correct search + dashboards APIs #112341, @tomratcliffe
• Dashboard: Backend always set metricEditorMode: 0 regardless metricQueryType and expression #111613, @ivanortegaalba
• Dashboards: Add a new variable type called "Switch" #111366, @leventebalogh
• Dashboards: Hide error notifications in kiosk mode on dashboards #112390, @ivanortegaalba
• Dynamic Dashboards: Expand dashboards_init_dashboard_completed tracking info #111102, @idastambuk
• ErrorBoundary: Report specific boundary type to Faro #112071, @tskarhed
• Explore: Use compact mode only when targeting Tempo #113037, @ifrost
• FeatureToggles: Remove deprecated experimental apiserver #111617, @ryantxu
• Fields Selector: Add component and integrate with Logs and Logs table visualization #112534, @matyax
• Flame Graph: Anchor exact match when clicking a table symbol in search #111101, @samarthbagga-meesho
• FlameGraph: Improve prompt for open assistant to analyze flamegraph #113071, @simonswine
• FolderPicker: Don't show expand button for empty folders and move search icon #111872, @aocenas
• FolderPicker: Show parent folder when searching #111026, @aocenas
• Geomap: Add a MapLibre style base layer #109841, @remogeissbuehler
• Geomap: Move beta layers to GA #113186, @drew08t
• Go: Update to 1.25.2 + golangci-lint v2.5.0 + golang.org/x/net v0.45.0 #112149, @macabu
• Go: Update to 1.25.3 #112359, @macabu
• Grafana Advisor: Prometheus Type Migration check #110853, @bossinc
• Grafana Data Source: Add random walk configuration options #113009, @nmarrs
• IAM: Add uid column in team_member DB table #112439, @dmihai
• Jaeger: Migrate API calls to gRPC endpoint #113297, @jcolladokuri
• LBAC for data sources: Provide user feedback of potential performance loss from LBAC rules (Enterprise)
• Library Panels: Remove direct use of legacy search #112231, @tomratcliffe
• Logs panel: Respect selected fields for downloading logs #111753, @matyax
• Nav: Render menu items as p tags so truncation logic can work #113248, @tomratcliffe
• Navigation: Move Cost management and billing plugin to root #111739, @gubjanos
• PanelTimeCompare: Support saving time compare window #113150, @torkelo
• PanelTimeSettings: Support panel time range settings changes from dashboard in view mode #113027, @torkelo
• Plugins: Install Grafana Pathfinder behind a feature flag #109909, @Jayclifford345
• PostgreSQL: Support PGPASSFILE by making password optional #108856, @taraspos
• Provisioning: Watch file system for changes #112184, @ryantxu
• Reporting: Add support for schema v2 dashboards (Enterprise)
• Reporting: Wait for streaming to end before exporting CSVs (Enterprise)
• SQL Expressions: Add Functions to Allow list #113291, @kylebrandt
• Snapshots: Use appSubUrl for View all snapshots #111652, @Clarity-89
• Span Details: Bring back span id to span details #112411, @ifrost
• Span Details: Wrap label values #112413, @ifrost
• Stars: Refactor StarsToolbarButton and unify nav update logic #112582, @tomratcliffe
• Stat/BarGauge: Border radius tweak #112562, @torkelo
• Table: Add some error-case handling to ImageCell #110461, @fastfrwrd
• Table: Allow FieldType.other containing arrays to use Pills #111205, @fastfrwrd
• Table: Disable virtualization, hover overflow, and scrollbar width resizing on Safari 26 #111834, @fastfrwrd
• Table: Pill and JSON Cells should allow formatting #111951, @fastfrwrd
• Table: Support DataLinks and Actions in SparklineCell #112244, @fastfrwrd
• Table: Update ad-hoc filter to use name instead of displayName #112815, @fastfrwrd
• Tempo: Migrates tags and tag values to datasource backend CallResource requests (Enterprise)
• Theme: Changes light theme canvas color a more white shade #111318, @torkelo
• Themes: Update themes border radius #111478, @torkelo
• TimeComparison: Automatically show/hide menu on hover #112750, @jesdavpet
• TimeSeries: Allow custom time units on x-axis #112913, @leeoniya
• Timeseries: Numeric duration values could render as NaN (#73795) #112076, @fastfrwrd
• Transformations: Hide "Match all/any" conditions for less than two filters #109754, @sudoice
• UI Extensions: Remove path validation from link extensions #112259, @leventebalogh

• Access Control: Fix the permission checks for saving/updating/deleting annotations #112953, @IevaVasiljeva
• Accessibility: Improve no-unreduced-motion rule and fix violations #110304, @tomratcliffe
• Alerting Provisioning: Don't error on recording rules without conditions #109410, @djpnicholls
• Alerting: Clear outdated settings when switching contact point type #111869, @konrad147
• Alerting: Fix enrichment tab to be rendered only for grafana alerting rules #113030, @soniaAguilarPeiron
• Alerting: Fix instances matching in notification policies #112326, @konrad147
• Alerting: Fix threshold params #111645, @soniaAguilarPeiron
• Alerting: Fix unmarshalling of GettableStatus to include time intervals #112602, @yuri-tceretian
• Alerting: Migrate spec.title and spec.name fieldSelectors #111993, @gillesdemey
• Alerting: Normalize health when filtering rules #113087, @gillesdemey
• Alerting: Prohibit receivers with empty name #113064, @yuri-tceretian
• Alerting: Provisioning to fix contact point type on save #112246, @yuri-tceretian
• Alerting: Remove __grafana_origin when duplicating rule #112396, @soniaAguilarPeiron
• AnnoList: Fix annotations not loading when in a repeated row #111540, @joshhunt
• Annotations: Fix issue with transformation logic in scenes #112288, @fastfrwrd
• Auth: Fix render user OAuth passthrough #111636, @charandas
• ComboBox: Add loading state to dropdown and prefixIcon #112967, @tomratcliffe
• Connections: Fix connections home page on enterprise #111751, @oshirohugo
• Dashboard: Fix editor specific permissions in /api #113292, @stephaniehingtgen
• Dashboards: Fix bug with anon users with editor permissions creating dashboards #113260, @stephaniehingtgen
• Dashboards: Fix missing Ctrl+O keyboard shortcut for crosshair toggle #111310, @ivanortegaalba
• Dashboards: Fix moving to root folder #111515, @stephaniehingtgen
• Dashboards: Fix preload field not being persisted via /v1beta1 #112475, @ivanortegaalba
• Flame Graph: Use suffix for values formatted with a short formatter #110999, @ifrost
• FlameGraph: Ensure total is only counted once for recursive function calls #111548, @simonswine
• FolderPermissions: Return 404 error when folder does not exist instead of 500 #112919, @Jguer
• FolderPicker: Fix expand toggle also selecting folder #111755, @aocenas
• Graphite: Fix legacy response unmarshalling #112968, @aangelisc
• Histogram: Properly handle sparse heatmap-cells frames #112907, @leeoniya
• LDAP Authentication: Fix URL to propagate username context as parameter #111723, @bradleypettit
• Node graph: Fix context menu position after scrolling #112374, @adrapereira
• Playlist: Fix navigation issues with emoji-titled dashboards during dual-write migration #111659, @axelavargas
• Plugin Details Page: Fix tabs not loading on hard refresh #112915, @sunker
• Plugin navigation: Fix active nav item selection when there are more than 10 items in a group #112886, @aocenas
• Plugins: Dependencies do not inherit parent URL for preinstall #111762, @wbrowne
• Plugins: Set isProvisioned for local plugins without remote counterpart #111268, @oshirohugo
• Prometheus: Fix incremental querying logic for public dashboards #111642, @jcolladokuri
• Prometheus: Fix parsing logic of prometheus expressions to honor the order of binary operations #112220, @jcolladokuri
• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)
• SoloPanel: Fixes issue with solo route and scopes variable #112769, @torkelo
• Stars: Fix starred state not being updated #111936, @Clarity-89
• Stat: Fix math for percent change value heights when sparkline is not rendered #112599, @fastfrwrd
• StateTimeline: Fix color display in tooltip #112878, @fastfrwrd
• Table: Fix cell inspect for Sparkline and inferred JSON cells #113059, @fastfrwrd
• TextPanel: Fix CodeEditor not appearing properly #111937, @ashharrison90
• UnitPicker/Cascader: Fixes type to search for unit feature #112614, @torkelo
• VizTooltip: Better overflow handling on long series names #112240, @fastfrwrd

• Faro: Update configuration with best practices #112108, @joshhunt
• LibraryPanels: Remove unique name constraints #113077, @ryantxu
• RBAC: Only write action sets #112429, @IevaVasiljeva

• Checkbox: Improve accessibility of the indeterminate state #112388, @ashharrison90
• Collapse: Improve layout and deprecate collapsible prop #113164, @ashharrison90
• Docs: Add storybook links to components #113102, @samsch
• Modal: Fix button focus being clipped #112867, @ashharrison90
• Slider: Expose prop to control visibility of input #113084, @ashharrison90
• Slider: Make inputId a required param and fix minor a11y violations #112006, @ashharrison90

Download page What's new highlights

• Alerting: Fix unmarshalling of GettableStatus to include time intervals #112733, @yuri-tceretian
• AnalyticsSummaries: Fix dashboard rollup not resetting "last X days" metrics to zero (Enterprise)
• AnalyticsSummaries: Fix dashboard rollup totals resetting incorrectly (Enterprise)
• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)

Download page What's new highlights

• Alerting: Fix unmarshalling of GettableStatus to include time intervals #112732, @yuri-tceretian
• AnalyticsSummaries: Fix dashboard rollup not resetting "last X days" metrics to zero (Enterprise)
• AnalyticsSummaries: Fix dashboard rollup totals resetting incorrectly (Enterprise)
• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)

Download page What's new highlights

• Access control: Reduce memory usage when fetching user's permissions #113414, @hairyhenderson
• Table: Pill and JSON Cells should allow formatting #113130, @fastfrwrd

• AnalyticsSummaries: Fix dashboard rollup not resetting "last X days" metrics to zero (Enterprise)
• AnalyticsSummaries: Fix dashboard rollup totals resetting incorrectly (Enterprise)
• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)

Download page What's new highlights

• Alerting: Fix unmarshalling of GettableStatus to include time intervals #112731, @yuri-tceretian
• AnalyticsSummaries: Fix dashboard rollup not resetting "last X days" metrics to zero (Enterprise)
• AnalyticsSummaries: Fix dashboard rollup totals resetting incorrectly (Enterprise)
• Seeder: Add check in filterRemovedPermissions for already existing new permissions before seeding (Enterprise)

Download page What's new highlights

• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)

Download page What's new highlights

• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)

Download page What's new highlights

• Security: fix for CVE-2025-41115 in SCIM (System for Cross-domain Identity Management) (Enterprise)