• Documentation
• Commit Log
• Maintenance Policy
• Release Policy
• Release Schedule
• Changelog: RC1 RC2 RC3 RC4 RC5 RC6

Special thanks to the following individuals for their excellent contributions:

• @kofzera
• @leleuj
• @mmoayyed

• Add zero-allocation iteration helpers to Headers by @gavinbunney in https://github.com/Netflix/zuul/pull/2154
• Build origin requests and client responses with the allocation-free Headers iterators by @gavinbunney in https://github.com/Netflix/zuul/pull/2155

Full Changelog: https://github.com/Netflix/zuul/compare/v3.6.16...v3.6.17

See the release notes or download Trino

• fix(security): bump golang.org/x/crypto and x/net for HIGH CVEs by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9763

Full Changelog: https://github.com/dgraph-io/dgraph/compare/v25.3.6...v25.3.7

• fix(security): bump golang.org/x/crypto and x/net for HIGH CVEs by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9763

Full Changelog: https://github.com/dgraph-io/dgraph/compare/v25.3.6...v25.3.7

https://fluentbit.io/announcements/v4.2.6/

• release: update to 4.2.6 by @github-actions[bot] in https://github.com/fluent/fluent-bit/pull/11907
• workflows: Windows docker insufficient disk space fix [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11906
• time: time_tz: Handle conversion rules of windows and IANA tzinfo [Back port to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11911
• out_stackdriver: fix multiple memory leaks and potential corruption [Backport to 4.2] by @baizhenyu in https://github.com/fluent/fluent-bit/pull/11916
• parser: Add IANA time_zone support for native timestamps [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11919
• oauth2: harden token refresh parsing [Backport to 4.2] by @baizhenyu in https://github.com/fluent/fluent-bit/pull/11923
• dockerfiles: windows: fixed VS Build Tools installation [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11920
• workflows: Windows Docker insufficient disk space fix (2nd attempt) [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11927
• out_stackdriver: backport codeowners change by @braydonk in https://github.com/fluent/fluent-bit/pull/11921
• github: workflows: Process unit tests on 4.2 branch [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11932
• github: workflows: Specify OS configs explicitly [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11935
• regex: Plug a regex literal crash [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11946
• in_windows_exporter_metrics: Plug bitwise glitches on 32bit oses [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11947
• unicode: Use the correct maximum size of Cyrillic [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11929
• out_forward: process type and length of pong strictly [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11949
• node_exporter_metrics: Add file path to error messages [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11992
• out_es/out_opensearch: sanitize bulk action metadata [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11993
• tests: runtime: Try to eliminate flakyness on CI load [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11994
• scheduler: Plug FD leaks on destroy [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/12001

Full Changelog: https://github.com/fluent/fluent-bit/compare/v4.2.5...v4.2.6

S3 / S3 API

• s3api: sort repeated SigV4 query values — @7y-9 (#10031)
• s3api: reject malformed Range offsets — @guankai (#10034)
• s3api: preserve requested AES256 copy encryption — @7y-9 (#10049)
• s3api: preserve equals signs in tag values — @guankai (#10058)
• s3api: apply static config file updates on reload — @chrislusf (#10096)
• s3: keep a file promoted to a directory retrievable as an object — @chrislusf (#10070)
• s3: skip 503 when client disconnects during remote cache wait — @chrislusf (#10071)
• s3: avoid reading upload body when writing JSON errors — @qzhello (#10073)
• s3: propagate IAM changes from standalone weed s3 to peer pods — @chrislusf (#10095)
• s3: replicate by fanning out from the gateway to every holder — @chrislusf (#10078)

Iceberg

• iceberg: support namespace property updates — @chrislusf (#10052)
• iceberg: return 400 for invalid namespace/table names — @chrislusf (#10051)
• iceberg: support table register — @chrislusf (#10067)
• iceberg: support multi-table transaction commit — @chrislusf (#10066)
• iceberg: support views — @chrislusf (#10069)
• iceberg: support table rename — @chrislusf (#10068)
• iceberg: detect table-exists through the wrapped manager error — @chrislusf (#10075)

S3 Tables

• s3tables: fix create-after-rename overwriting the renamed table — @chrislusf (#10091)
• s3tables: allow hyphens in namespace and table names — @chrislusf (#10093)

STS / IAM / Security

• sts: authorize AssumeRole by the role's trust policy — @chrislusf (#10097)
• sts: enforce session-policy explicit deny during role chaining — @chrislusf (#10103)
• security: add BearerPrefix constant for Authorization headers — @chrislusf (#10101)

Filer

• filer: propagate proxyChunkId query params to volume server — @MorezMartin (#10036)
• filer: apply -filer.disk default to metadata log assigns — @jk2lx (#10080)
• filer.backup: repair chunk-incomplete and stale destination entries — @kisow (#10082)
• filer: mint volume read JWT when proxying chunk reads — @chrislusf (#10100)

Mount (FUSE)

• mount: don't hang close() when a writer is killed during flush — @chrislusf (#10090)
• mount: skip redundant permission checks under default_permissions — @chrislusf (#10089)
• mount: confirm an empty directory rebuild before caching it — @chrislusf (#10092)
• mount: don't fail close() on a benign FUSE interrupt — @chrislusf (#10102)
• fix: enforce XATTR_REPLACE semantics in setxattr — @shiftraodd (#10059)

Volume / EC / Storage

• feat: support marking volumes by collection — @7y-9 (#9585)
• Volume balancing by step — @m-sementsov (#10035)
• Fix stale cache fallback for empty volume locations in wdclient — @os-pradipbabar (#10081)
• chunk_cache: close data/index files on initialization error — @AlexArtemis (#10057)

Shell (EC tooling)

• shell: support batched EC encode and multi-volume selection in ec.encode — @qzhello (#10030)
• shell: exclude failed EC shard copies from rebuild recoverability gate — @qzhello (#10043)
• shell ec.rebuild: allow targeting rebuild to specific volume IDs — @plisandro (#10087)

Worker

• worker: don't leak task goroutines on forced shutdown — @chrislusf (#10062)

PostgreSQL

• postgres: resolve startup message length type mismatch and uint underflow OOM risk — @198wmj (#10065)
• postgres: prevent uint32 underflow & OOM in message parsing — @sshhan (#10099)

Util / Core

• util: support IPv6 host port parsing — @guankai (#10046)
• util: trim minFreeSpace values before parsing — @guankai (#10083)
• util/http: lazily init the global HTTP client to fix admin metrics nil panic — @chrislusf (#10044)
• benchmark: close CPU profile file handle after profiling — @AlexArtemis (#10048)

Error-handling cleanups

• fix: use %w instead of %v in fmt.Errorf to preserve error chain — @DanielWu-star (#10047)
• refactor: 将 fmt.Errorf 中的 %v 替换为 %w 以保留错误链 — @aCuteBegCinner (#10050)
• fix: resolve inconsistent usage of error variables — @mumingl (#10060)

Dependencies

• bump cassandra-gocql-driver to v2.1.2 — @chrislusf (#10033)
• bump ydb-go-sdk/v3 3.139.5 → 3.141.0 — @dependabot (#10041)
• bump modernc.org/sqlite 1.49.1 → 1.53.0 — @dependabot (#10040)
• bump reedsolomon 1.14.0 → 1.14.1 — @dependabot (#10039)
• bump testcontainers-go 0.40.0 → 0.43.0 — @dependabot (#10042)
• bump iceberg-go 0.5.0 → 0.6.0 — @dependabot (#10038)
• bump jackson-databind 2.18.6 → 2.22.0 (test/java/spark) — @dependabot (#10094)
• deps: replace deleted tyler-smith/go-bip39 with cosmos fork — @chrislusf (#10088)

Build / CI / Telemetry

• build(deps): bump actions/checkout 6 → 7 — @dependabot (#10037)
• telemetry: sync go.mod/go.sum with parent module deps — @chrislusf (#10045)

• @guankai made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10034
• @DanielWu-star made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10047
• @AlexArtemis made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10048
• @aCuteBegCinner made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10050
• @mumingl made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10060
• @shiftraodd made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10059
• @198wmj made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10065
• @jk2lx made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10080
• @sshhan made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10099

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.35...4.36

This release includes 48 updates, covering AI Gateway enhancements, multi-provider LLM protocol compatibility, gateway stability, Gateway API and Helm improvements, test coverage, and release maintenance.

• New Features: 11 items
• Bug Fixes: 28 items
• Documentation Updates: 1 item
• Testing Improvements: 5 items
• Release and Dependency Maintenance: 3 items

• Related PR: #3849
  Contributor: @GHX5T-SOL
  Change Log: Key Auth now supports multiple credentials for a single service.
  Feature Value: Simplifies migration and multi-client access scenarios where more than one key must be managed for the same service.

• Related PR: #3838
  Contributor: @Betula-L
  Change Log: jwt-auth now supports remote JWKS.
  Feature Value: Makes centralized key management and key rotation easier for JWT-based authentication.

• Related PR: #3894
  Contributor: @JianweiWang
  Change Log: ai-security-guard adds structured x_higress deny responses, error-path metrics, and AI logging.
  Feature Value: Improves observability and policy feedback for AI content safety enforcement.

• Related PR: #3898
  Contributor: @zat366
  Change Log: ai-load-balancer adds a cluster_hash load balancing policy based on FNV-1a consistent hashing.
  Feature Value: Provides more stable routing across model backend clusters.

• Related PR: #3895
  Contributor: @JianweiWang
  Change Log: ai-security-guard adds Embedding API content detection support.
  Feature Value: Extends AI content safety checks beyond chat/completion-style requests.

• Related PR: #3916
  Contributor: @ponypony0123
  Change Log: model-router adds keepOriginalModelName to preserve the full original model name.
  Feature Value: Helps users keep downstream model identity semantics intact while still applying model routing rules.

• Related PR: #3979
  Contributor: @EndlessSeeker
  Change Log: Helm now supports skipping IngressClass creation.
  Feature Value: Better supports clusters where IngressClass resources are pre-managed or controlled by platform teams.

• Related PR: #3981
  Contributor: @EndlessSeeker
  Change Log: GatewayClass isolation is now configurable.
  Feature Value: Gives operators more control over resource boundaries in multi-GatewayClass environments.

• Related PR: #3943
  Contributor: @zijiren233
  Change Log: Enhanced SSL passthrough support.
  Feature Value: Improves Higress support for TLS passthrough scenarios.

• Related PR: #3989
  Contributor: @Rand01ph
  Change Log: AI Proxy adds vLLM passthrough support for Anthropic Messages and newer OpenAI endpoints.
  Feature Value: Improves compatibility for users running vLLM behind Higress as an AI gateway.

• Related PR: #4000
  Contributor: @ponypony0123
  Change Log: Added the ai-context-limit WASM plugin for context window limit enforcement.
  Feature Value: Helps reduce failures and cost risks caused by requests that exceed model context limits.

• Related PR: #3864
  Contributor: @Jing-ze
  Change Log: ai-proxy re-anchors X-HI-ORIGINAL-AUTH on the first hop to fix cascaded-gateway 401 responses.
  Feature Value: Restores correct authentication behavior in cascaded gateway deployments.

• Related PR: #3839
  Contributor: @zat366
  Change Log: ai-proxy uses HasSuffix instead of Contains in Claude API name detection.
  Feature Value: Avoids sub-path misidentification and improves Claude-compatible routing accuracy.

• Related PR: #3870
  Contributor: @CH3CHO
  Change Log: Fixed descriptions for basePath-related fields in the ai-proxy plugin.
  Feature Value: Makes plugin configuration documentation clearer and less error-prone.

• Related PR: #3869
  Contributor: @CH3CHO
  Change Log: Fixed test cases in registry/nacos/mcpserver/watcher_test.go.
  Feature Value: Improves reliability of registry and MCP server watcher tests.

• Related PR: #3860
  Contributor: @Jing-ze
  Change Log: ai-proxy now routes Anthropic Messages natively to Vertex :rawPredict.
  Feature Value: Improves Vertex AI compatibility for Anthropic Messages requests.

• Related PR: #3851
  Contributor: @JianweiWang
  Change Log: ai-statistics skips empty streaming model values.
  Feature Value: Prevents inaccurate or noisy model statistics for streaming requests.

• Related PR: #3904
  Contributor: @Jing-ze
  Change Log: ai-proxy strips anthropic-beta and anthropic-version headers in Vertex passthrough mode.
  Feature Value: Avoids incompatible headers when routing Anthropic-style requests through Vertex.

• Related PR: #3914
  Contributor: @Jing-ze
  Change Log: Bumped oauth2-proxy to fix a nil panic in the OIDC verifier callback.
  Feature Value: Improves OIDC authentication stability.

• Related PR: #3923
  Contributor: @johnlanni
  Change Log: Removed request-count rebuild triggers in WASM.
  Feature Value: Reduces unnecessary rebuild behavior.

• Related PR: #3922
  Contributor: @johnlanni
  Change Log: Rebuilds the MCP filter under high memory usage.
  Feature Value: Improves runtime stability under memory pressure.

• Related PR: #3928
  Contributor: @Jing-ze
  Change Log: Fixed Set-Cookie header corruption during OIDC session refresh.
  Feature Value: Prevents broken sessions during OIDC refresh flows.

• Related PR: #3964
  Contributor: @EndlessSeeker
  Change Log: Merges InferencePool route configs correctly during HTTPRoute merging.
  Feature Value: Fixes route config loss in Gateway API inference routing scenarios.

• Related PR: #3971
  Contributor: @EndlessSeeker
  Change Log: Helm disables alpha Gateway API watches by default.
  Feature Value: Reduces default install risk from alpha API watchers.

• Related PR: #3980
  Contributor: @EndlessSeeker
  Change Log: Sets Gateway status address type by value.
  Feature Value: Fixes Gateway status address reporting.

• Related PR: #3956
  Contributor: @XinhhD
  Change Log: ai-proxy cleans client Authorization headers for API-key providers.
  Feature Value: Prevents client credentials from leaking into upstream API-key provider requests.

• Related PR: #3973
  Contributor: @XinhhD
  Change Log: ai-proxy preserves Vertex thoughtSignature values in OpenAI tool calls.
  Feature Value: Improves Vertex tool-call compatibility.

• Related PR: #3985
  Contributor: @XinhhD
  Change Log: ai-proxy includes tool call type in Claude stream deltas.
  Feature Value: Improves Claude stream compatibility for tool calls.

• Related PR: #3924
  Contributor: @geekspeng
  Change Log: Helm moves imagePullPolicy from PodSpec to the gateway container level.
  Feature Value: Aligns rendered gateway manifests with Kubernetes container-level image pull policy semantics.

• Related PR: #3905
  Contributor: @philo-x
  Change Log: Fixed golang-filter architecture mismatch during local gateway builds on arm64 macOS.
  Feature Value: Improves local build reliability on Apple Silicon machines.

• Related PR: #3998
  Contributor: @yyyCode
  Change Log: Helm uses Chart.Version as the default plugin-server image tag.
  Feature Value: Keeps plugin-server image tag defaults aligned with chart versions.

• Related PR: #3994
  Contributor: @EndlessSeeker
  Change Log: Preserves Ingress LoadBalancer hostnames.
  Feature Value: Avoids losing hostname-based load balancer addresses in Ingress status.

• Related PR: #4002
  Contributor: @geekspeng
  Change Log: Helm applies imagePullPolicy to the controller container and promtail sidecar.
  Feature Value: Ensures rendered manifests apply image pull behavior consistently across containers.

• Related PR: #3988
  Contributor: @enkilee
  Change Log: Fixed several typos.
  Feature Value: Improves repository documentation and code readability.

• Related PR: #3962
  Contributor: @CH3CHO
  Change Log: ai-cache handles SSE first chunks that only contain a role, fixing #3953.
  Feature Value: Improves AI cache compatibility with streaming responses.

• Related PR: #3990
  Contributor: @XinhhD
  Change Log: ai-proxy adds IDs for Vertex tool calls.
  Feature Value: Improves downstream tool-call correlation and compatibility.

• Related PR: #4013
  Contributor: @EndlessSeeker
  Change Log: OIDC now fails closed when the verifier is unavailable.
  Feature Value: Avoids unsafe authentication behavior during verifier failures.

• Related PR: #4012
  Contributor: @EndlessSeeker
  Change Log: Hardened cluster key rate-limit cookie parsing.
  Feature Value: Improves robustness for cluster-level rate-limit cookie handling.

• Related PR: #4016
  Contributor: @EndlessSeeker
  Change Log: Reverted "Skip TLS certificate verification for HTTPS upstreams".
  Feature Value: Restores safer TLS verification behavior for HTTPS upstreams.

• Related PR: #3890
  Contributor: @FAUST-BENCHOU
  Change Log: Added the missing Chinese README for extensions.
  Feature Value: Improves documentation coverage for Chinese users.

• Related PR: #3871
  Contributor: @Jing-ze
  Change Log: Expanded unit test coverage for the wasm-go/mcp mcp-server framework.
  Feature Value: Improves confidence in MCP server framework behavior.

• Related PR: #3873
  Contributor: @Jing-ze
  Change Log: Added end-to-end transformer coverage and fixed silent error wrapping.
  Feature Value: Improves transformer reliability and error visibility.

• Related PR: #3875
  Contributor: @Jing-ze
  Change Log: Covered the hmac-auth-apisix algorithm matrix, clock skew, and authentication edge cases.
  Feature Value: Strengthens authentication plugin reliability.

• Related PR: #3878
  Contributor: @Jing-ze
  Change Log: Covered traffic-tag operators, weight CDF boundaries, and parser rejection paths.
  Feature Value: Improves confidence in traffic tagging behavior under edge conditions.

• Related PR: #3879
  Contributor: @Jing-ze
  Change Log: Increased unit test coverage to at least 90% across 9 WASM plugins.
  Feature Value: Improves plugin quality and regression protection.

• Related PR: #3987
  Contributor: @johnlanni
  Change Log: Updated the Envoy submodule.
  Feature Value: Keeps the gateway data-plane dependency aligned with the release baseline.

• Related PR: #4017
  Contributor: @johnlanni
  Change Log: Updated the Envoy submodule.
  Feature Value: Pulls in the latest Envoy dependency updates for the release.

• Related PR: #4019
  Contributor: @EndlessSeeker
  Change Log: Released v2.2.3.
  Feature Value: Updates release metadata and versioned dependencies for Higress v2.2.3.

• 🚀 New Features: 11 items
• 🐛 Bug Fixes: 28 items
• 📚 Documentation Updates: 1 item
• 🧪 Testing Improvements: 5 items
• 🔧 Release and Dependency Maintenance: 3 items

Total: 48 changes

Thank you to all contributors for your hard work! 🎉

This release includes 8 updates, covering MCP configuration fixes, LLM provider usability improvements, route and service stability, YAML cleanup, and workflow maintenance.

• New Features: 1 item
• Bug Fixes: 7 items

• Related PR: #722
  Contributor: @CH3CHO
  Change Log: Added support for collapsing token lists for LLM providers.
  Feature Value: Improves readability and usability when configuring providers with many tokens.

• Related PR: #724
  Contributor: @JayLi52
  Change Log: Fixed parsing when MCP service names contain colons.
  Feature Value: Prevents MCP service configuration failures caused by service-name parsing.

• Related PR: #733
  Contributor: @CH3CHO
  Change Log: Fixed stale state in ServiceWeightTable.
  Feature Value: Keeps service weight display and edits aligned with the current state.

• Related PR: #729
  Contributor: @CH3CHO
  Change Log: Fixed a possible NPE in SystemServiceImpl.
  Feature Value: Improves backend stability for system service operations.

• Related PR: #730
  Contributor: @CH3CHO
  Change Log: Trims trailing whitespace in higress-config YAML data before submission.
  Feature Value: Avoids configuration noise and accidental YAML formatting issues.

• Related PR: #734
  Contributor: @CH3CHO
  Change Log: Improved SSE transport path concatenation in DirectRoutingDetailStrategy.
  Feature Value: Prevents incorrect direct-routing paths for SSE transport.

• Related PR: #735
  Contributor: @JayLi52
  Change Log: Preserves same-name routes when deleting MCP servers.
  Feature Value: Avoids deleting unrelated routes that share a name with the MCP server.

• Related PR: #737
  Contributor: @CH3CHO
  Change Log: Fixed deploy-to-OSS workflow failures caused by Node.js 20 deprecation.
  Feature Value: Restores release and deployment automation reliability.

• 🚀 New Features: 1 item
• 🐛 Bug Fixes: 7 items

Total: 8 changes

Thanks to all contributors for their hard work! 🎉

• @GHX5T-SOL made their first contribution in #3849
• @FAUST-BENCHOU made their first contribution in #3890
• @ponypony0123 made their first contribution in #3916
• @XinhhD made their first contribution in #3956
• @geekspeng made their first contribution in #3924
• @philo-x made their first contribution in #3905
• @yyyCode made their first contribution in #3998
• @zijiren233 made their first contribution in #3943
• @enkilee made their first contribution in #3988
• @Rand01ph made their first contribution in #3989

Full Changelog:

• Higress: v2.2.2...v2.2.3
• Higress Console: v2.2.2...v2.2.3

Release note is coming soon...