• [fix][sec] Bump org.asynchttpclient:async-http-client from 2.14.5 to 2.15.0 (#25818)
• [fix][sec] Upgrade commons-configuration2 to 2.15.0 to address CVE-2026-45205 (#25844)
• [fix][sec] Upgrade Netty to 4.1.133.Final to address CVEs (#25670)
• [improve][misc] Upgrade Netty to 4.1.134 (#25870)
• [fix][sec] Upgrade Netty to 4.1.135.Final to address several CVEs (#25918)
• [fix][sec] Upgrade thrift to 0.23.0 to address CVE-2026-43869 (#25744)
• [fix][sec] Upgrade vert.x to 4.5.25 to address CVE-2026-6860 (#25737)
• [fix][sec] Upgrade vertx to 4.5.27 to address CVE-2026-6860 (#25745)
• [improve][misc] Upgrade vert.x to 4.5.28 (#25924)
• [improve][build] Remove kotlin-stdlib override; upgrade okhttp3 5.3.2 and okio 3.17.0 (#25855)
• [improve][build] Upgrade org.apache.kerby:kerb-simplekdc from 1.1.1 to 2.1.1 (#25785)
• [improve][misc] Upgrade Jetty to 12.1.9 (#25752)
• [improve][misc] Upgrade Jetty to 12.1.10 (#25943)
• [improve][misc] Upgrade Caffeine to 3.2.4 (#25663)

• [fix][broker] Clean up orphan ledger on concurrent initial schema creation in BookkeeperSchemaStorage (#25514)
• [fix][broker] Close pending acks cleanup gap in BacklogQuotaManager (#25624)
• [fix][broker] ConcurrentLongHashMap throw ArrayIndexOutOfBoundsException (#25644)
• [fix][broker] Correct two race conditions in the tracker code and logic bug in InMemoryDelayedDeliveryTracker that failed with NoSuchElementException (#25681)
• [fix][broker] Decrement unacked counter when removeAllUpTo removes pending acks (#25581)
• [fix][broker] Fix compaction cursor reset may lose mark-delete properties (#25862)
• [fix][broker] Fix ManagedLedgerImpl.advanceCursorsIfNecessary() method may lose non-durable cursor properties in race condition (#25796)
• [fix][broker] Fix non-batched null-value messages not removed during topic compaction (#25817)
• [fix][broker] Fix PersistentMessageExpiryMonitor findEntryComplete() method may lose mark-delete properties in race condition (#25803)
• [fix][broker] Fix precision loss in DataSketchesSummaryLogger by replacing LongAdder with DoubleAdder for sum accumulation (#25594)
• [fix][broker] Fix PulsarService.closeAsync where Condition.signalAll was called without holding a lock (#25777)
• [fix][broker] Fix race in pending acks removal in redeliverUnacknowledgedMessages (#25589)
• [fix][broker] Fix stuck chunks in SharedConsumerAssignor permit tracking (#25620)
• [fix][broker] Merge broker offload extra configurations (#25736)
• [fix][broker] Move pending acks cleanup to selected mark-delete callbacks (#25592)
• [fix][broker] Race condition causes perpetual backlog on internal topics (#25572)
• [fix][broker] Skip backlog-quota eviction on fenced/closing topics (#25684)
• [fix][broker] Use effective offload policies for extra configs (#25781)
• [fix][broker] Wait for orphan schema ledger cleanup before retry (#25579)
• [fix][broker][fix][broker]Replication stats is empty when the cluster is the target cluster of a one-way replication (#25583)
• [fix][broker]Replication is stuck because failed to read entries (#25625)
• [fix][bk] Fix NPE in IsolatedBookieEnsemblePlacementPolicy when policy class does not match (#25825)
• [fix][meta] Fix PulsarZooKeeperClient async addWatch callback retry behavior (#25913)
• [fix][meta] Fix ZooKeeper session reconnect race condition in PulsarZooKeeperClient.clientCreator (#25910)
• [improve][broker] optimize namespaceBundle validation to fix single-thread 100% CPU during unloading entire namespaces (#25626)
• [improve][broker] Prevent stale replicator pending reads after termination (#25767)
• [improve][offload] Coalesce automatic offload triggers to reduce retry loops and ledger scans (#25793)
• [fix][broker][branch-4.2] URL-encode sub-name in Txn pending-ack topic #25727 (#25728)

• [fix][client] Apply Avro logical type conversions when decoding schema without classloader (#25759)
• [fix][client] Clean up unacked messages when unsubscribing a topic with ack timeout backoff (#25916)
• [fix][client] Fix failed to close consumer because of the error: param memorySize is a negative value (#25805)
• [fix][client] Make ClientBuilder serializable (#25730) (#25739)
• [fix][client] Match logical topic when removing unacked messages (#25921)
• [fix][client] Preserve equals in FieldParser map values (#25907)
• [fix][client] Prevent duplicate ServiceUrlProvider initialization (#25899)
• [fix][client] Reset higher-index states on recovery in SameAuthParamsLookupAutoClusterFailover (#25826)
• [fix][client] Stabilize scaleReceiverQueueHint against concurrent enqueue/take (#25578)
• [fix][client]Broker-side producer handle leak if closes a producer which state is regitering schema (#25725)
• [improve][client] Best-effort retry for individual/batch-index acks on send failure when ackReceiptEnabled=false (#25525)
• [improve][client] Clean up unacked message tracker when topics are removed in multi-topic consumers (#25923)
• [improve][client] Implement tls_client_auth for AuthenticationOAuth2 (#25538)
• [improve][client] In cases where there is a risk of message loss, adjust the log level to error (#25854)

• [fix][fn] Fix functions update issue where artifact is provided as a http url (#25840)
• [fix][fn] Fix Go function runtime to continue after user exceptions and add neg-ack tests (#25867)
• [fix][fn] Fix orphan exclusive producer on creation timeout in WorkerUtils.createExclusiveProducerWithRetry (#25942)
• [improve][fn] Avoid gRPC timeout when getting status of a dead process runtime (#25819)
• [improve][fn] make built-in connector reload incremental (#25773)
• [improve][fn] make built-in functions reload incremental (#25868)
• [refactor][fn] Use Map instead of TreeMap for connector/function API types (#25790)
• [improve][functions] Allow customizing Kubernetes service domain suffix in Function Worker (#25872)

• [fix][proxy] Avoid intermittent 502 when admin proxy follows a broker redirect for a request with a body (#25919)
• [fix][proxy] Close channel on connection failure (#25770)
• [improve][cli] Add client side looping in "pulsar-admin topics analyze-backlog" cli to avoid potential HTTP call timeout (#25126)

• [fix][test] Add timeout to initial receives in ResendRequestTest.testSharedSingleAckedPartitionedTopic (#25828)
• [fix][test] Fix flaky ExtensibleLoadManagerImplTest.testLoadBalancerServiceUnitTableViewSyncer (#25596)
• [fix][test] Fix flaky OneWayReplicatorDeduplicationTest.testDeduplication (#25679)
• [fix][test] Fix flaky ProducerCleanupTest timer cleanup (#25864)
• [fix][test] Fix flaky PulsarFunctionTlsTest.testFunctionsCreation() test (#25889)
• [fix][test] Fix flaky ResendRequestTest.testSharedSingleAckedPartitionedTopic() test (#25852)
• [fix][test] Fix flaky SameAuthParamsLookupAutoClusterFailoverTest.testAutoClusterFailover() test (#25892)
• [fix][test] Fix flaky testGetExcludedBookiesWithIsolationGroups (#25640)
• [fix][test] Fix flaky testMsgDropStat in NonPersistentTopicTest (#25426)
• [fix][test] Make NamespacesTest.cleanupAfterMethod tolerant of transient infra failures (#25641)
• [fix][test] Reduce flakiness in testLoadBalancerServiceUnitTableViewSyncer (#25638)
• [fix][test] Stabilize testSecondaryIsolationGroupsBookiesNegative() test (#25900)
• [fix][test] Stabilize WebService rate limiting test (#25866)
• [improve][test] Set diskUsageThreshold to 0.999 for tests to effectively disable the check (#25677)
• [fix][test][branch-4.2] Fix PersistentMessageExpiryMonitorTest

For the complete list, check the full changelog.

• [fix][sec][branch-4.0] Upgrade avro to 1.11.5 to address CVE-2025-33042 (#25788)
• [fix][sec] Bump org.asynchttpclient:async-http-client from 2.14.5 to 2.15.0 (#25818)
• [fix][sec] Upgrade commons-configuration2 to 2.15.0 to address CVE-2026-45205 (#25844)
• [fix][sec] Upgrade Netty to 4.1.133.Final to address CVEs (#25670)
• [improve][misc] Upgrade Netty to 4.1.134 (#25870)
• [fix][sec] Upgrade Netty to 4.1.135.Final to address several CVEs (#25918)
• [fix][sec] Upgrade thrift to 0.23.0 to address CVE-2026-43869 (#25744)
• [fix][sec] Upgrade vert.x to 4.5.25 to address CVE-2026-6860 (#25737)
• [fix][sec] Upgrade vertx to 4.5.27 to address CVE-2026-6860 (#25745)
• [improve][misc] Upgrade vert.x to 4.5.28 (#25924)
• [improve][build] Remove kotlin-stdlib override; upgrade okhttp3 5.3.2 and okio 3.17.0 (#25855)
• [improve][build] Upgrade org.apache.kerby:kerb-simplekdc from 1.1.1 to 2.1.1 (#25785)
• [improve][misc] Upgrade Jetty to 12.1.9 (#25752)
• [improve][misc] Upgrade Jetty to 12.1.10 (#25943)

• [fix][broker] Clean up orphan ledger on concurrent initial schema creation in BookkeeperSchemaStorage (#25514)
• [fix][broker] Close pending acks cleanup gap in BacklogQuotaManager (#25624)
• [fix][broker] ConcurrentLongHashMap throw ArrayIndexOutOfBoundsException (#25644)
• [fix][broker] Correct two race conditions in the tracker code and logic bug in InMemoryDelayedDeliveryTracker that failed with NoSuchElementException (#25681)
• [fix][broker] Decrement unacked counter when removeAllUpTo removes pending acks (#25581)
• [fix][broker] Fix compaction cursor reset may lose mark-delete properties (#25862)
• [fix][broker] Fix ManagedLedgerImpl.advanceCursorsIfNecessary() method may lose non-durable cursor properties in race condition (#25796)
• [fix][broker] Fix non-batched null-value messages not removed during topic compaction (#25817)
• [fix][broker] Fix PersistentMessageExpiryMonitor findEntryComplete() method may lose mark-delete properties in race condition (#25803)
• [fix][broker] Fix precision loss in DataSketchesSummaryLogger by replacing LongAdder with DoubleAdder for sum accumulation (#25594)
• [fix][broker] Fix PulsarService.closeAsync where Condition.signalAll was called without holding a lock (#25777)
• [fix][broker] Fix race in pending acks removal in redeliverUnacknowledgedMessages (#25589)
• [fix][broker] Fix stuck chunks in SharedConsumerAssignor permit tracking (#25620)
• [fix][broker] Merge broker offload extra configurations (#25736)
• [fix][broker] Move pending acks cleanup to selected mark-delete callbacks (#25592)
• [fix][broker] Race condition causes perpetual backlog on internal topics (#25572)
• [fix][broker] Skip backlog-quota eviction on fenced/closing topics (#25684)
• [fix][broker] Use effective offload policies for extra configs (#25781)
• [fix][broker] Wait for orphan schema ledger cleanup before retry (#25579)
• [fix][broker][fix][broker]Replication stats is empty when the cluster is the target cluster of a one-way replication (#25583)
• [fix][broker]Replication is stuck because failed to read entries (#25625)
• [fix][bk] Fix NPE in IsolatedBookieEnsemblePlacementPolicy when policy class does not match (#25825)
• [fix][meta] Fix PulsarZooKeeperClient async addWatch callback retry behavior (#25913)
• [fix][meta] Fix ZooKeeper session reconnect race condition in PulsarZooKeeperClient.clientCreator (#25910)
• [improve][broker] optimize namespaceBundle validation to fix single-thread 100% CPU during unloading entire namespaces (#25626)
• [improve][broker] PIP-380: Support-setting-up-specific-namespaces-to-skipping-the-load-shedding (#23549)
• [improve][broker] Prevent stale replicator pending reads after termination (#25767)
• [improve][offload] Coalesce automatic offload triggers to reduce retry loops and ledger scans (#25793)

• [fix][client] Apply Avro logical type conversions when decoding schema without classloader (#25759)
• [fix][client] Clean up unacked messages when unsubscribing a topic with ack timeout backoff (#25916)
• [fix][client] Fix failed to close consumer because of the error: param memorySize is a negative value (#25805)
• [fix][client] Fix stale Healthy state in SameAuthParamsLookupAutoClusterFailover causing flaky test (#25388)
• [fix][client] Make ClientBuilder serializable (#25730) (#25740)
• [fix][client] Match logical topic when removing unacked messages (#25921)
• [fix][client] Preserve equals in FieldParser map values (#25907)
• [fix][client] Prevent duplicate ServiceUrlProvider initialization (#25899)
• [fix][client] Reset higher-index states on recovery in SameAuthParamsLookupAutoClusterFailover (#25826)
• [fix][client] Stabilize scaleReceiverQueueHint against concurrent enqueue/take (#25578)
• [fix][client]Broker-side producer handle leak if closes a producer which state is regitering schema (#25725)
• [improve][client] Best-effort retry for individual/batch-index acks on send failure when ackReceiptEnabled=false (#25525)
• [improve][client] Clean up unacked message tracker when topics are removed in multi-topic consumers (#25923)
• [improve][client] Enable configurable preemptive OAuth2 token refresh (#25363)
• [improve][client] Implement tls_client_auth for AuthenticationOAuth2 (#25538)
• [improve][client] In cases where there is a risk of message loss, adjust the log level to error (#25854)

• [fix][fn] Fix functions update issue where artifact is provided as a http url (#25840)
• [fix][fn] Fix Go function runtime to continue after user exceptions and add neg-ack tests (#25867)
• [fix][fn] Fix orphan exclusive producer on creation timeout in WorkerUtils.createExclusiveProducerWithRetry (#25942)
• [improve][fn] Avoid gRPC timeout when getting status of a dead process runtime (#25819)
• [improve][fn] make built-in connector reload incremental (#25773)
• [improve][fn] make built-in functions reload incremental (#25868)
• [refactor][fn] Use Map instead of TreeMap for connector/function API types (#25790)
• [improve][functions] Allow customizing Kubernetes service domain suffix in Function Worker (#25872)

• [improve][proxy][branch-4.0] Restore AdminProxyHandler changes which were accidentially reverted in Jetty 12 upgrade
• [fix][proxy] Avoid intermittent 502 when admin proxy follows a broker redirect for a request with a body (#25919)
• [fix][proxy] Close channel on connection failure (#25770)

• [fix][test] Add timeout to initial receives in ResendRequestTest.testSharedSingleAckedPartitionedTopic (#25828)
• [fix][test] Fix flaky ExtensibleLoadManagerImplTest.testLoadBalancerServiceUnitTableViewSyncer (#25596)
• [fix][test] Fix flaky MessagePublishBufferThrottleTest.testBlockByPublishRateLimiting (#25365)
• [fix][test] Fix flaky OneWayReplicatorDeduplicationTest.testDeduplication (#25679)
• [fix][test] Fix flaky ProducerCleanupTest timer cleanup (#25864)
• [fix][test] Fix flaky PulsarFunctionTlsTest.testFunctionsCreation() test (#25889)
• [fix][test] Fix flaky ResendRequestTest.testSharedSingleAckedPartitionedTopic() test (#25852)
• [fix][test] Fix flaky SameAuthParamsLookupAutoClusterFailoverTest.testAutoClusterFailover() test (#25892)
• [fix][test] Fix flaky testGetExcludedBookiesWithIsolationGroups (#25640)
• [fix][test] Fix flaky testMsgDropStat in NonPersistentTopicTest (#25426)
• [fix][test] Make NamespacesTest.cleanupAfterMethod tolerant of transient infra failures (#25641)
• [fix][test] Reduce flakiness in testLoadBalancerServiceUnitTableViewSyncer (#25638)
• [fix][test] Reduce flakiness in testLoadBalancerServiceUnitTableViewSyncer (#25638)
• [fix][test] Stabilize testSecondaryIsolationGroupsBookiesNegative() test (#25900)
• [fix][build][branch-4.0] Fix issue in backporting PR #25644
• [fix][test] Fix compile error in OffloadPoliciesTest
• [fix][test][branch-4.0] Fix AvroSchemaTest cases that were invalid
• [fix][test][branch-4.0] Fix PersistentMessageExpiryMonitorTest
• [fix][test][branch-4.0] Fix PulsarFunctionTlsTest

For the complete list, check the full changelog.

Add an experimental feature, queueDocumentsFetch, forcing the routes GET indexes/:uid/documents and POST indexes/:uid/documents/fetch to wait in the search queue if there is no available thread to process them.

• #18790 inputs.gnmi_listener Add plugin

• #18909 agent Accept TELEGRAF_CONTROLLER_TOKEN environment variable
• #18744 inputs.azure_monitor Support secrets for client_secret
• #18921 inputs.directory_monitor Allow to preserve timestamps when moving file
• #18338 inputs.exec Convert 'commands' to already parsed argument lists
• #18740 inputs.fritzbox Add support for fiber lines
• #18987 inputs.http_response Add secret token support
• #18739 inputs.huebridge Add brightness and color fields to light metric
• #18571 inputs.internal Add counters for failing writes and gathers
• #19038 inputs.kafka_consumer Add consumer_fetch_min and consumer_fetch_max_wait options
• #18532 inputs.mem Add extended memory statistics
• #18871 inputs.modbus Add workaround for devices with smaller batch size
• #18690 inputs.nvidia_smi Add schema v13 support
• #18643 inputs.opcua Add locales configuration option
• #18831 inputs.opcua Discover nodes by browse-path glob patterns
• #18465 inputs.opcua_listener Allow selecting the deadband mode 'None'
• #18941 inputs.opcua_listener Wire browse-based node discovery
• #18468 inputs.openntpd Add sensor and status metrics
• #18944 inputs.prometheus Add per-URL statistics on gather cycles
• #18915 inputs.socket_listener Add SSM/IGMPv3 support
• #18868 inputs.system Add hardware information
• #18834 inputs.system Add operating-system information
• #18533 inputs.system Add option to specify collected information
• #18906 inputs.temp Add setting to force thermal-zones gathering on linux
• #18457 inputs.wireguard Add endpoint field to peer metrics
• #18819 inputs.x509_cert Add field for public-key length
• #18829 outputs.kafka Add support for custom record headers
• #18826 outputs.mongodb Allow specifying metadata fields
• #18784 outputs.opensearch Implement startup-error-behavior options
• #18823 outputs.opentelemetry Add proxy support
• #18980 outputs.opentelemetry Add support for token authentication
• #19036 outputs.sql Add oracle driver
• #18904 parsers.avro Implement ParserTimeFuncPlugin interface
• #18945 parsers.binary Implement ParserTimeFuncPlugin interface
• #18903 parsers.csv Implement ParserTimeFuncPlugin interface
• #18946 parsers.dropwizard Implement ParserTimeFuncPlugin interface
• #18947 parsers.form_urlencoded Implement ParserTimeFuncPlugin interface
• #18948 parsers.graphite Implement ParserTimeFuncPlugin interface
• #18950 parsers.grok Implement ParserTimeFuncPlugin interface
• #18990 parsers.json Implement ParserTimeFuncPlugin interface
• #18994 parsers.json_v2 Implement ParserTimeFuncPlugin interface
• #18995 parsers.logfmt Implement ParserTimeFuncPlugin interface
• #18996 parsers.nagios Implement ParserTimeFuncPlugin interface
• #18998 parsers.openmetrics Implement ParserTimeFuncPlugin interface
• #19000 parsers.parquet Implement ParserTimeFuncPlugin interface
• #19042 parsers.prometheus Implement ParserTimeFuncPlugin interface
• #19043 parsers.prometheusremotewrite Implement ParserTimeFuncPlugin interface
• #19008 parsers.value Implement ParserTimeFuncPlugin interface
• #19009 parsers.wavefront Implement ParserTimeFuncPlugin interface
• #19011 parsers.xpath Implement ParserTimeFuncPlugin interface
• #18901 parsers Add time-setting interface
• #18558 processors.parser Add strategy to merge parsed metric with parent individually
• #18786 secretstores.vault Add token authentication

• #18918 agent Skip output buffer initialization in test mode
• #19033 circleci Fix destination of nightly build artifact uploads
• #18910 common.tls Set default minimum TLS version explicitly
• #17664 config Reject invalid tagpass and tagdrop types
• #18913 input.temp Ignore EAGAIN on unavailable thermal-zones
• #18988 inputs.docker_log Don't use follow when tailing docker logs
• #19001 inputs.docker_log Guard concurrent access to the state map
• #19004 inputs.docker_log Read only new entries if from_beginning is false
• #19006 inputs.docker_log Restore following the log-stream and keep the state
• #18902 inputs.netflow Parse all counter records
• #18683 inputs.opcua_listener Defer node ID parsing until after server connection
• #18870 inputs.ping Use deterministic packet IDs to prevent collisions
• #18911 inputs.system Demote missing utmp debug log to trace
• #18982 inputs.system Restore n_cpu field name
• #18923 inputs.webhooks.github Restore secret field in configuration
• #18984 outputs.influxdb_v2 Capture unix socket path before URL mutation
• #18908 secrets Avoid panic with empty content

• #18897 deps Bump cloud.google.com/go/monitoring from 1.28.0 to 1.29.0
• #18928 deps Bump cloud.google.com/go/storage from 1.62.1 to 1.62.2
• #19030 deps Bump github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor from 0.11.0 to 0.12.0
• #18889 deps Bump github.com/IBM/sarama from 1.48.0 to 1.48.1
• #18929 deps Bump github.com/IBM/sarama from 1.48.1 to 1.49.0
• #19031 deps Bump github.com/IBM/sarama from 1.49.0 to 1.50.1
• #18881 deps Bump github.com/SAP/go-hdb from 1.16.7 to 1.16.8
• #19028 deps Bump github.com/SAP/go-hdb from 1.16.8 to 1.16.11
• #18970 deps Bump github.com/apache/inlong/inlong-sdk/dataproxy-sdk-twins/dataproxy-sdk-golang from 1.0.7 to 1.0.8
• #18880 deps Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.300.0 to 1.301.0
• #19016 deps Bump github.com/aws/smithy-go from 1.25.1 to 1.27.0
• #18938 deps Bump github.com/bluenviron/gomavlib/v3 from 3.3.1 to 3.3.3
• #18974 deps Bump github.com/bluenviron/gomavlib/v3 from 3.3.3 to 3.3.4
• #19015 deps Bump github.com/bluenviron/gomavlib/v3 from 3.3.4 to 3.3.5
• #19023 deps Bump github.com/emiago/sipgo from 1.3.1 to 1.4.0
• #18912 deps Bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.9.0
• #18930 deps Bump github.com/google/cel-go from 0.28.0 to 0.28.1
• #18976 deps Bump github.com/gopacket/gopacket from 1.5.0 to 1.6.0
• #18967 deps Bump github.com/hashicorp/consul/api from 1.34.2 to 1.34.3
• #19019 deps Bump github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0
• #19024 deps Bump github.com/mdlayher/vsock from 1.2.1 to 1.3.0
• #18972 deps Bump github.com/nats-io/nats-server/v2 from 2.14.0 to 2.14.1
• #19020 deps Bump github.com/nats-io/nats-server/v2 from 2.14.1 to 2.14.2
• #18894 deps Bump github.com/nats-io/nats.go from 1.51.0 to 1.52.0
• #19022 deps Bump github.com/pion/dtls/v3 from 3.1.2 to 3.1.3
• #19018 deps Bump github.com/prometheus/common from 0.67.5 to 0.68.1
• #19025 deps Bump github.com/prometheus/prometheus from 0.311.3 to 0.312.0
• #19029 deps Bump github.com/redis/go-redis/v9 from 9.19.0 to 9.20.0
• #18997 deps Bump github.com/shirou/gopsutil/v4 from 4.26.4 to 4.26.5
• #18898 deps Bump github.com/tidwall/gjson from 1.18.0 to 1.19.0
• #18888 deps Bump github.com/vmware/govmomi from 0.53.1 to 0.54.0
• #19027 deps Bump github.com/vmware/govmomi from 0.54.0 to 0.54.1
• #18884 deps Bump go.opentelemetry.io/collector/pdata from 1.57.0 to 1.58.0
• #18975 deps Bump go.opentelemetry.io/collector/pdata from 1.58.0 to 1.59.0
• #18887 deps Bump go.step.sm/crypto from 0.77.9 to 0.79.0
• #18935 deps Bump go.step.sm/crypto from 0.79.0 to 0.81.0
• #19021 deps Bump go.step.sm/crypto from 0.81.0 to 0.81.1
• #18885 deps Bump golang.org/x/crypto from 0.50.0 to 0.51.0
• #18971 deps Bump golang.org/x/crypto from 0.51.0 to 0.52.0
• #18890 deps Bump golang.org/x/mod from 0.35.0 to 0.36.0
• #18969 deps Bump golang.org/x/net from 0.54.0 to 0.55.0
• #18896 deps Bump golang.org/x/sys from 0.43.0 to 0.44.0
• #18973 deps Bump golang.org/x/sys from 0.44.0 to 0.45.0
• #18886 deps Bump golang.org/x/term from 0.42.0 to 0.43.0
• #18891 deps Bump golang.org/x/text from 0.36.0 to 0.37.0
• #18882 deps Bump golang.org/x/tools from 0.44.0 to 0.45.0
• #18883 deps Bump google.golang.org/api from 0.277.0 to 0.278.0
• #18931 deps Bump google.golang.org/api from 0.278.0 to 0.279.0
• #18968 deps Bump google.golang.org/api from 0.279.0 to 0.280.0
• #19017 deps Bump google.golang.org/api from 0.280.0 to 0.283.0
• #18937 deps Bump google.golang.org/grpc from 1.81.0 to 1.81.1
• #18927 deps Bump k8s.io/client-go from 0.36.0 to 0.36.1
• #18893 deps Bump modernc.org/sqlite from 1.50.0 to 1.50.1
• #19026 deps Bump modernc.org/sqlite from 1.50.1 to 1.51.0
• #18933 deps Bump srebhan/label-milestone-action from 1.0.2 to 1.1.0
• #19014 deps Bump the aws-sdk-go-v2 group across 1 directory with 11 updates
• #18926 deps Bump the aws-sdk-go-v2 group with 2 updates
• #18966 deps Bump the aws-sdk-go-v2 group with 5 updates

Arch	Platform	Package	SHA256
arm64	CentOS	telegraf-1.39.0-1.aarch64.rpm	fd5219f8928342cbfcc8f698d9391db055af47b9c509e6efb7a7e3103bd8f020
armel	CentOS	telegraf-1.39.0-1.armel.rpm	4ff8478bdba66915f9dbe71e91ba7263cffa37aae3ed04854d5514c4c9eeca55
armv6hl	CentOS	telegraf-1.39.0-1.armv6hl.rpm	2685fab59d1170ff5b1132f2744b050201a6ddc515ba2c90dd4129f2015d4ae0
i386	CentOS	telegraf-1.39.0-1.i386.rpm	bd4fb59b14f13d3753a15bdd40f769889bd8394a50bfa58f43798be07198f4f2
unknown	CentOS	telegraf-1.39.0-1.loongarch64.rpm	1e8312ad9fa471c27bfd130df74cb84b8ccd0b276508a241ea18f9e00ee42929
ppc64le	CentOS	telegraf-1.39.0-1.ppc64le.rpm	c46aca867920f5a2f19dcb3f8d15f98c18fedb77ee2886d3d9c03124a7f8584a
riscv64	CentOS	telegraf-1.39.0-1.riscv64.rpm	e9043358964ee98e5ba361c84d87747d6814a4f2cd62f050ce1fd186970b9dca
s390x	CentOS	telegraf-1.39.0-1.s390x.rpm	07498001d21f49cb22643000159e6af6b9e1d80f4826402c9096297dfc95a3c0
amd64	CentOS	telegraf-1.39.0-1.x86_64.rpm	4f72830eeeeabb8c4adc4b365cb5223865f6bed12747ef4abe8d95a755c1ba66
amd64	macOS	telegraf-1.39.0_darwin_amd64.dmg	aca0c8fec5b332272fef3023acc694cde0636aff7b4c7a9c952f97d175bc613d
amd64	macOS	telegraf-1.39.0_darwin_amd64.tar.gz	1a945e859a3c48b3a660448bb69c74093ebb406ef91eea43656c831f6cb9e784
arm64	macOS	telegraf-1.39.0_darwin_arm64.dmg	88d690df591b4111de82c2bfc3558b2ed5285762ee95405fc691c9c41705ced6
arm64	macOS	telegraf-1.39.0_darwin_arm64.tar.gz	0ee5408aabd45024952ec39642e141100ce81d537f17e145ff0221eb7b2618b4
amd64	FreeBSD	telegraf-1.39.0_freebsd_amd64.tar.gz	345b3d37e45d5df7342846d74f908856610d44b480364972ac2c54065f00cb3c
armv7	FreeBSD	telegraf-1.39.0_freebsd_armv7.tar.gz	fb0808289f2b1aec7a714e5200fd3817a5cfc5adfe123ed07f83267cf7911314
i386	FreeBSD	telegraf-1.39.0_freebsd_i386.tar.gz	da300159eb5b2a75bdc5acaf15d92fc73e5b111d187dc27853d2437921501ada
amd64	Linux	telegraf-1.39.0_linux_amd64.tar.gz	a630831411fd2181048a5e3c6d001ea320f7636b3aae020bce439b810efbc76c
arm64	Linux	telegraf-1.39.0_linux_arm64.tar.gz	3c8c271910d8e46e00a10008a7f7afaac3580554c882c5168891709d51118275
armel	Linux	telegraf-1.39.0_linux_armel.tar.gz	2d18c4b9c5ddaf75deae6a2d9145759b0effe7c531ef874cbcb9b0976b1133d7
armhf	Linux	telegraf-1.39.0_linux_armhf.tar.gz	fab708e7d57dbb295563601e9c02c772236a03b4e0bb6060c0e18148ba967dfd
i386	Linux	telegraf-1.39.0_linux_i386.tar.gz	69591cbbe6ed20ebd7c2762d66cc69f5378bf1e717338da9f8c24d63bb74d259
loong64	Linux	telegraf-1.39.0_linux_loong64.tar.gz	7f9f31c5ad04bb6a88784b53a24d712e1a854586f6970eae141cbc8bb58185c2
mips	Linux	telegraf-1.39.0_linux_mips.tar.gz	a33a77d92c1814ce30bb3ee01375219bfc14575eccb30bea2344bf546bf31521
mipsel	Linux	telegraf-1.39.0_linux_mipsel.tar.gz	b22fc3c19bcd5e0d8fe85a29266b1e9c263a7ea3e9063040cc798146ebed3eea
ppc64le	Linux	telegraf-1.39.0_linux_ppc64le.tar.gz	86953f83be9784045bf0b53dbc81e3107932cfbca4a06d36be009b2fc3cad385
riscv64	Linux	telegraf-1.39.0_linux_riscv64.tar.gz	8a6b352e662c9d91a68b256e015341ddcc1c1f858dc1425d5821857b0ee06757
s390x	Linux	telegraf-1.39.0_linux_s390x.tar.gz	0af3ec8c11c632dbdf60bf5c972f2404c7c2995215ea1e03ff80a11ce79c288e
amd64	Windows	telegraf-1.39.0_windows_amd64.zip	c8cb1f920297fc02304c62788699a0765f04089400d7834c69c40a808461769f
arm64	Windows	telegraf-1.39.0_windows_arm64.zip	6fe610911d5fef62a5fe3dfb375516d35f16900cc9d46a8eaffd2fc8ad52233b
i386	Windows	telegraf-1.39.0_windows_i386.zip	c84fba6291095fafec4966587379afa4502ed59706495598d0604a0ab8ac8585
amd64	Debian	telegraf_1.39.0-1_amd64.deb	548b8dfdfc19ab9bdcbaafdcfc4b545b90e0eac337165f8eed5e0b03aa374af2
arm64	Debian	telegraf_1.39.0-1_arm64.deb	7a85249e87c26f1a798f3de7f20b80fa8c50c9cc67dc9aa3f21f198718049e8d
armel	Debian	telegraf_1.39.0-1_armel.deb	f71f8a817bb1e5e0ab4c6a0f17677c3819e38cc6e988476cca500d983efe1659
armhf	Debian	telegraf_1.39.0-1_armhf.deb	5358ea9dc0bda3aa3908f41c84a90cffa677fb51cd121534829d0927f48d4406
i386	Debian	telegraf_1.39.0-1_i386.deb	ae550acde102dc36f03549b0e13049d085d8b177b8dc94324299aebe44207ec1
loong64	Debian	telegraf_1.39.0-1_loong64.deb	9b6508d7fc8ddb12eef257a6c982e617f265778914e27b256e624008b17ecd12
mips	Debian	telegraf_1.39.0-1_mips.deb	e0c2ba2bebbc7ee1985682fe3fd3ff013bbaa74d82545f20f70b99f18c0e5a82
mipsel	Debian	telegraf_1.39.0-1_mipsel.deb	9f4d4eea5059352e1a57ecb99148b8f25e3caa6963746e7f79a69063340240cd
ppc64el	Debian	telegraf_1.39.0-1_ppc64el.deb	743116f19800d1b2a9d57385bc1f9c21ee6e8c2360e98ad3d23090596d736b53
riscv64	Debian	telegraf_1.39.0-1_riscv64.deb	082e714301d9f5a8d61ed616231ac4eda230936e8c3f7f88d4a0dab012a890a3
s390x	Debian	telegraf_1.39.0-1_s390x.deb	4fe755948ef62f2fd16059308d1a7adf50e19ff8ed846fdb4aa168c4444eadb2

This release introduces fixes for a regression in v1.45.0, where we were batching deletions by filter with other deletions or additions. It also enables the new settings indexer to support more parameters, making the engine faster to index documents when those settings are specified.

• Support exact and disable on numbers in the new settings indexer by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6398 Introduce support for exact words and disable-on-words parameters in the new settings indexer, making the engine more efficient when changing these settings.

• Support computing prefixes in the new settings indexer by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6391 Support for the prefix search settings in the new settings indexer, so that changing this parameter makes the engine more efficient.

• Better limit read bytes when creating the S3 multipart part by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6405 This fixes an issue we had with the multipart part size by ensuring we never construct a part larger than the defined multipart part size. With this fix, we always create a multipart with the provided multipart part size, except for the last part. Thanks, @vidit-virmani, for the help investigating the issue.

• Batch of documentDeletionByFilter with documentAdditionOrUpdate by @Kerollmops and @ManyTheFish in https://github.com/meilisearch/meilisearch/pull/6415 Correctly implement the support for auto-batching deletion by filter with document replacement and updates. This fixes a regression introduced in v1.45.0.

• Fix a panic with incomplete filters by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6421 Fixes an internal panic when a filter is incomplete by returning an error instead.

• Bump tar from 0.4.45 to 0.4.46 by @dependabot[bot] in https://github.com/meilisearch/meilisearch/pull/6418

• OpenAPI CI: disable rule to avoid crash (workaround) by @curquiza in https://github.com/meilisearch/meilisearch/pull/6417
• Remove milli benchmarks by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6419
• Add precision in the index swap documentation by @ManyTheFish in https://github.com/meilisearch/meilisearch/pull/6408
• Fix broken links in the documentation by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6406

• Misc

  • fix(http): check delete request errors before auth by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9784
  • chore(weed/storage/needle): prune unused test functions by @alrs in https://github.com/seaweedfs/seaweedfs/pull/9812
  • [test] update docker image for s3test by @kmlebedev in https://github.com/seaweedfs/seaweedfs/pull/9811
  • security: hot-reload JWT signing keys on SIGHUP by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9826
  • ip.bind: bind outbound connections to the configured address by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9834
  • s3: actually bind outbound connections when -ip.bind is set by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9849
  • operation: index VidCache by map instead of slice by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9853
  • rust release: fix large-disk/normal binary overwrite + publish md5 checksums by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9862

• Volume Server

  • [CheckDisk]: implement disk health detection by @MilanFun in https://github.com/seaweedfs/seaweedfs/pull/9560
  • fix(needle): use discovered file content type by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9851
  • ec placement: spread EC shards evenly across machines, not onto the lowest-id one by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9855
  • Treat co-located volume servers as one fault domain when balancing and allocating by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9854
  • ec.balance: verify shard landed on destination before deleting the source by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9858

• Admin Server and Worker

  • fix(admin): make scheduler pruning lane-aware by @ahalaun in https://github.com/seaweedfs/seaweedfs/pull/9790
  • admin: show S3 servers under Cluster by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9847
  • worker: drop ec.balance from the default admin script by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9848
  • admin: default -dataDir to "." so maintenance task state persists across restarts by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9856
  • admin/maintenance: reload in-flight tasks on startup instead of discarding them by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9857

• S3 API

  • fix(s3/lifecycle): report success to admin via JobCompleted by @ahalaun in https://github.com/seaweedfs/seaweedfs/pull/9787
  • fix(s3api): authorize DeleteObjects per key so object-scoped policies match by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9793
  • fix(s3api): keep ListBucket resource ARN at bucket level by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9792
  • test(s3/iam): scope ListBucket isolation via s3:prefix condition by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9805
  • fix(iam): implement CreatePolicyVersion for managed policies by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9795
  • fix(iam): return a valid user ARN from CreateUser and GetUser by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9794
  • s3: route object reads to the key's owner filer by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9806
  • s3: defer a recently-unreachable owner that is also the current filer by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9808
  • s3: keep dynamic IAM live when -iam.config is set by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9817
  • s3: return BucketAlreadyOwnedByYou when recreating your own bucket by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9822
  • fix(s3api): standardize ETag calculation in copy handlers by @phucnguyen261199 in https://github.com/seaweedfs/seaweedfs/pull/9829
  • s3: make lifecycle TTL fast path per-bucket opt-in by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9825
  • filer: replicate RECOMPUTE_LATEST pointer updates to peers by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9840
  • s3: rescan .versions when the cached latest pointer is missing on a list by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9841
  • s3: list directory key objects in versioned bucket version listings by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9842
  • test(s3): deref Object.Size in versioned list assertion by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9843
  • test(s3): make the whole versioning suite pass and gate it in CI by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9844
  • s3: collapse suspended-versioning deletes onto one null marker by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9845
  • test(s3): address review feedback on the versioning suite by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9846
  • fix(s3api): require space in v2 auth prefix by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9852
  • fix(s3api): reject zero default retention years by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9860

• FUSE mount

  • fix(mount): don't strand a directory cached-but-empty when an eviction races a rebuild by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9791

• Filer

  • fix(log_buffer): re-check buffer before bailing with ResumeFromDiskError by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9804
  • filer: bound TraverseBfsMetadata memory by queuing directory paths by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9814
  • filer: stream persisted log files when serving metadata subscriptions by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9821
  • filer: keep S3 list order byte-lexicographic regardless of SQL name column collation by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9824
  • fix: handle meta backup offset errors safely by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9818
  • feat(filer.backup): -initialSnapshot re-seeds a reinitialized destination by @kisow in https://github.com/seaweedfs/seaweedfs/pull/9828

• sFTPd

  • sftpd: support SSH user certificates signed by a trusted CA by @FabianHardt in https://github.com/seaweedfs/seaweedfs/pull/9815

• Master

  • fix(master): advance maxVolumeId when registering EC shards by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9827
  • master: grow rack-spanning volumes once per DC, capped at copy_N by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9835
  • vacuum: compact a read-only volume when an explicit volumeId is given by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9861

• Helm Charts

  • fix(helm): suspend bucket versioning for YAML bool false by @lexfrei in https://github.com/seaweedfs/seaweedfs/pull/9836
  • fix(helm): deduplicate all-in-one extra environment variables by @lexfrei in https://github.com/seaweedfs/seaweedfs/pull/9837

• @ahalaun made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/9790
• @FabianHardt made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/9815
• @lexfrei made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/9836

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.31...4.32

https://fluentbit.io/announcements/v5.0.7/

• release: update to 5.0.7 by @github-actions[bot] in https://github.com/fluent/fluent-bit/pull/11834
• http_server: serialize worker teardown to prevent race conditions by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11845
• http_server: fix libevent crash on connection drop by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11843
• out_chronicle: Support label and namespace mapping by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11836
• tests: internal: fuzzers: avoid destroying active input fuzzer tasks by @edsiper in https://github.com/fluent/fluent-bit/pull/11850
• config_format: fix YAML variant cleanup on parser errors by @edsiper in https://github.com/fluent/fluent-bit/pull/11857
• avro: Handle int64 values correctly by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11883
• tests: runtime: Stabilize out_lib test case by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11888
• in_elasticsearch: check map size before accessing first entry by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11856
• snappy: fix OOB reads in framed data parser by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11855
• zstd: add 100 MB decompression size limit by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11854
• in_mqtt: fix OOB read from hardcoded remaining length overhead by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11853
• in_collectd: reject parts with length < 4 and fix null-terminator OOB by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11849
• in_forward: validate array size before accessing message mode fields by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11851
• in_syslog: fix integer overflow in octet-counting length parser by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11852
• out_stackdriver: fix multiple memory leaks and potential corruption by @baizhenyu in https://github.com/fluent/fluent-bit/pull/11879
• CODEOWNERS: remove @braydonk and @jefferbrecht by @braydonk in https://github.com/fluent/fluent-bit/pull/11909
• time: time_tz: Handle conversion rules of windows and IANA tzinfo by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11903
• storage: discard checksum corrupt chunks on startup by @edsiper in https://github.com/fluent/fluent-bit/pull/11886
• parser: Add IANA time_zone support for native timestamps by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11913
• workflows: pin all actions to SHA by @patrick-stephens in https://github.com/fluent/fluent-bit/pull/11908
• out_kinesis_streams: increase PUT_RECORDS_PAYLOAD_SIZE to 10MB by @ShelbyZ in https://github.com/fluent/fluent-bit/pull/11848
• in_stdin: support stdin plugin on windows by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11821
• in_ebpf: Implement dns trace by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11735
• out_s3: Provide options for inactive chunks behavior by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11816
• oauth: out_http: add user-agent option for oauth by @rja5 in https://github.com/fluent/fluent-bit/pull/11830
• in_tail: fix offset_key value multiplied by 8 on Windows 64-bit by @zshuang0316 in https://github.com/fluent/fluent-bit/pull/11893
• http_client_http2: bracket IPv6 authority hosts by @edsiper in https://github.com/fluent/fluent-bit/pull/11922

• @TristanInSec made their first contribution in https://github.com/fluent/fluent-bit/pull/11856
• @rja5 made their first contribution in https://github.com/fluent/fluent-bit/pull/11830

Full Changelog: https://github.com/fluent/fluent-bit/compare/v5.0.6...v5.0.7