RustFS 1.0.0-beta.10-preview.4 (beta)
Release 1.0.0-beta.10-preview.4
2.28.3 (2026-07-16)
This release contains performance improvements and bug fixes since the 2.28.2 release. We recommend that you upgrade at the next available opportunity.
Bugfixes
- #10082 Wrong result when evaluating a function returning
NULLin the columnar query execution pipeline - #10178 Fix incorrect usage of sort transformation for sort key expressions with negative constants
- #10179 Allow enabling and disabling triggers on hypertables with columnstore enabled
- #10182 Fix columnstore sort pushdown to check for different query sort key collation
- #10209 Fix potentially wrong results for
stddev(float4)andstddev(float8)when used withavg()in the columnar query execution pipeline - #10212 Fix race condition when enabling compression on a hypertable
- #10230 Batch filtering for compressed
DMLshould respect collation - #10254 Direct delete failed to handle array predicates with
NULLvalues and deleted more rows than intended (#10129) - #10257 Reuse existing
dimension_sliceIDs when possible - #10265 Truncate constraint name before trying to rename
Thanks
- @juantxorena for reporting that triggers could not be enabled or disabled on hypertables with columnstore enabled
1.0.0-beta.10-preview.3
- test(ilm): fix restore integration test object key to match transition filter by @overtrue in https://github.com/rustfs/rustfs/pull/4886
- ci: drop macOS x86_64 release target by @houseme in https://github.com/rustfs/rustfs/pull/4899
- feat(helm): flexible drivesPerNode topology with backward-compatible per-pool defaults by @overtrue in https://github.com/rustfs/rustfs/pull/4901
- fix(table-catalog): allow table recreation after drop by @marshawcoco in https://github.com/rustfs/rustfs/pull/4900
- ci: restore latest.json updates for prerelease tags by @overtrue in https://github.com/rustfs/rustfs/pull/4903
Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.10-preview.1...1.0.0-beta.10-preview.3
1.0.0-beta.10-preview.2
- test(ilm): fix restore integration test object key to match transition filter by @overtrue in https://github.com/rustfs/rustfs/pull/4886
- ci: drop macOS x86_64 release target by @houseme in https://github.com/rustfs/rustfs/pull/4899
- feat(helm): flexible drivesPerNode topology with backward-compatible per-pool defaults by @overtrue in https://github.com/rustfs/rustfs/pull/4901
- fix(table-catalog): allow table recreation after drop by @marshawcoco in https://github.com/rustfs/rustfs/pull/4900
- ci: restore latest.json updates for prerelease tags by @overtrue in https://github.com/rustfs/rustfs/pull/4903
Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.10-preview.1...1.0.0-beta.10-preview.2
1.0.0-beta.10-preview.1
- test(heal): tolerate by-design "retry scheduled" deferral in resume e2e by @houseme in https://github.com/rustfs/rustfs/pull/4867
- chore(deps): trim s3select datafusion features by @houseme in https://github.com/rustfs/rustfs/pull/4869
- ci: tune build workflow runners by @houseme in https://github.com/rustfs/rustfs/pull/4871
- ci: add zip packaging fallback by @houseme in https://github.com/rustfs/rustfs/pull/4872
- ci: switch linux builds to ubicloud runners by @houseme in https://github.com/rustfs/rustfs/pull/4873
- fix(rustfs): gate mimalloc JSON helpers off Windows by @houseme in https://github.com/rustfs/rustfs/pull/4875
- fix(ecstore): serialize transitioned object restores by @overtrue in https://github.com/rustfs/rustfs/pull/4877
- fix(replication): stop active-active replay loops by @overtrue in https://github.com/rustfs/rustfs/pull/4878
- test(replication): fix nightly site peer setup by @overtrue in https://github.com/rustfs/rustfs/pull/4882
- test(replication): pin SSE replication contracts by @overtrue in https://github.com/rustfs/rustfs/pull/4883
- ci: switch Linux builds to custom runners by @houseme in https://github.com/rustfs/rustfs/pull/4884
- chore(deps): localize workspace dependency features by @houseme in https://github.com/rustfs/rustfs/pull/4888
- chore(deps): simplify dependency features by @houseme in https://github.com/rustfs/rustfs/pull/4890
- test(ilm): scope restore e2e object under the rule's test/ prefix by @houseme in https://github.com/rustfs/rustfs/pull/4868
- chore(deps): remove redundant obs tracing feature by @houseme in https://github.com/rustfs/rustfs/pull/4892
- fix(table-catalog): return absolute Iceberg metadata paths by @marshawcoco in https://github.com/rustfs/rustfs/pull/4893
- ci: install C build tools before compiling s3s-e2e on custom runners by @overtrue in https://github.com/rustfs/rustfs/pull/4894
- chore(deps): tighten crate dependency features by @houseme in https://github.com/rustfs/rustfs/pull/4896
- feat(api): wire opt-in per-client S3 API rate limiting (429 + Retry-After) by @overtrue in https://github.com/rustfs/rustfs/pull/4895
- ci: install zip and aws CLI on self-hosted runners by @overtrue in https://github.com/rustfs/rustfs/pull/4897
- chore(release): prepare 1.0.0-beta.10-preview.1 by @houseme in https://github.com/rustfs/rustfs/pull/4898
Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.9...1.0.0-beta.10-preview.1
release-1.30.4
nginx-1.30.4 stable version has been released, with fixes for buffer overflow vulnerability when using map with regex (CVE-2026-42533), memory disclosure vulnerability when using ngx_http_slice_module (CVE-2026-60005), and use-after-free vulnerability when using ngx_http_ssi_module (CVE-2026-56434).
See official CHANGES-1.30 on nginx.org.
Below is a release summary generated by GitHub.
- Nginx 1.30.4 by @arut in https://github.com/nginx/nginx/pull/1563
Full Changelog: https://github.com/nginx/nginx/compare/release-1.30.3...release-1.30.4
release-1.31.3
nginx-1.31.3 mainline version has been released, with fixes for buffer overflow vulnerability when using map with regex (CVE-2026-42533), memory disclosure vulnerability when using ngx_http_slice_module (CVE-2026-60005), and use-after-free vulnerability when using ngx_http_ssi_module (CVE-2026-56434).
See official CHANGES on nginx.org.
Below is a release summary generated by GitHub.
- Configure: set cache line size for loongarch64 by @shankerwangmiao in https://github.com/nginx/nginx/pull/1489
- HTTP/2: fix overlapping memcpy in CONTINUATION frames by @wufengwind in https://github.com/nginx/nginx/pull/1486
- Add missing bounds check in ngx_{http,stream}_compile_complex_value() by @wufengwind in https://github.com/nginx/nginx/pull/1484
- Revert "HTTP/2: fixed overlapping memcpy in CONTINUATION frames" by @ac000 in https://github.com/nginx/nginx/pull/1517
- GH: explicitly set permissions in workflows by @ac000 in https://github.com/nginx/nginx/pull/1451
- Charset: disabled charset_map with utf-8 in the first column by @pluknet in https://github.com/nginx/nginx/pull/1523
- Upstream: Upgrade header processing by @vinaykumar-1591 in https://github.com/nginx/nginx/pull/1476
- Fix setting the IPV6_DONTFRAG socket option by @arut in https://github.com/nginx/nginx/pull/1544
- Xslt: disable loading of external entities by default by @VadimZhestikov in https://github.com/nginx/nginx/pull/1549
- SSL: fixed memory leak in ngx_ssl_get_ech_outer_server_name(). by @devnexen in https://github.com/nginx/nginx/pull/1471
- Fixing HTTP/2 issues by @hongzhidao in https://github.com/nginx/nginx/pull/1441
- Perl fixes by @pluknet in https://github.com/nginx/nginx/pull/1556
- Configure: include crypt.h for crypt() feature tests by @bavshin-f5 in https://github.com/nginx/nginx/pull/1552
- HTTP/2: Reject requests with pseudo-headers after headers by @nitin9977 in https://github.com/nginx/nginx/pull/1541
- Stream and HTTP: rcvbuf and sndbuf directives for upstream sockets by @patrikwl in https://github.com/nginx/nginx/pull/1298
- Tunnel body improvements by @arut in https://github.com/nginx/nginx/pull/1560
- Nginx 1.31.3 security fixes by @arut in https://github.com/nginx/nginx/pull/1561
- nginx-1.31.3-RELEASE by @pluknet in https://github.com/nginx/nginx/pull/1562
- @shankerwangmiao made their first contribution in https://github.com/nginx/nginx/pull/1489
- @wufengwind made their first contribution in https://github.com/nginx/nginx/pull/1486
- @vinaykumar-1591 made their first contribution in https://github.com/nginx/nginx/pull/1476
- @patrikwl made their first contribution in https://github.com/nginx/nginx/pull/1298
Full Changelog: https://github.com/nginx/nginx/compare/release-1.31.2...release-1.31.3
1.0.0-beta.9
RustFS 1.0.0-beta.9 focuses on hardening the storage engine, S3 compatibility, table catalog support, runtime observability, security posture, and CI/release reliability. This summary condenses the full beta.8...beta.9 change set while preserving the contributor credits below.
- Hardened ECStore object reads/writes, listings, metadata updates, delete rollback, heal cleanup, and crash-consistency boundaries across degraded, multipart, and directory-marker cases.
- Improved large-object and GET-path behavior with codec-streaming rollout controls, bitrot path cleanup, short-body/truncation detection, pooled shard reuse, hedged slow shard reads, fewer setup fanouts, and safer legacy fallback handling.
- Added and refined io_uring read support behind runtime probes/rollout gates, including per-disk probe cache, degradation latch, O_DIRECT preservation, fd cache invariants, page-cache reclaim, and rustfs-uring updates.
- Tightened object data cache correctness: write-unique keys, invalidation/fill race fixes, bounded memory admission, clear/drain stability, admin visibility, benchmarks, and Grafana coverage.
- Improved capacity accounting and filesystem probing, including symlinked scan roots, safe env defaults, Linux filesystem magic mapping, and drive stall budgets for walks.
- Improved S3 API compatibility with flexible multipart checksums, content disposition on GET, native additional checksum support, virtual-hosted-style 501 guidance, stronger SigV4 negative coverage, and AWS-aligned object-lock overwrite tests.
- Hardened replication and site-replication flows: bidirectional sync/backfill, MRF persistence, target refresh after peer edits, multipart fanout integrity, loopback coverage, version deletion convergence, service account sync, custom TLS peers, and outbound checksum consistency.
- Made lifecycle/tiering recovery safer with recoverable tier cleanup, persisted remote-tier delete journal tasks, expire/GET race coverage, lifecycle debug acceleration for tests, and gated s3-tests lifecycle lanes.
- Strengthened admin behavior for auth, server info, metrics auth, account info quotas, datausage live refresh, heal runtime state, site-replication import notifications, and external OIDC redirects.
- Added or reinforced authorization and input-safety fixes across remote target listing, FTP handlers, metrics, admin auth, service-account deletion, JSON ingress, signed headers, SSE-C nonce persistence, local SSE-S3 fallback, KMS local key storage, outbound egress guards, Docker credential handling, log cleaner symlink safety, and GHSA regression tests.
- Fixed correctness issues around incomplete object streams, DARE truncation, peer-health counting, storage error mapping, CommonPrefix merging, metadata early-stop quorum, rollback warnings, and background task cancellation.
- Added adversarial validation policy/playbooks and removed agent-generated planning docs from version control.
- Expanded S3 Tables/Iceberg support with REST commit compatibility, exists endpoints, scoped credentials, data-plane policy bridge, protected ref metadata, production surfaces, refs/views semantics, external catalog sync, backing migration contracts, vendor compatibility profiles, maintenance workers, reachability cleanup, row-level conflict hardening, PyIceberg live smoke coverage, and conformance evidence.
- Continued the InstanceContext/AppContext migration across startup, storage, IAM, admin, ECStore, runtime services, bucket metadata, embedded servers, per-server contexts, and optional runtime boundaries.
- Added runtime capability, workload admission, memory/allocator/metrics controller status, extension/ops-profiler schemas, plugin/sidecar policy gates, and embedded multi-server support.
- Reduced logging and telemetry noise while improving request IDs, redaction, OTLP/local output consistency, dial9 opt-in telemetry, runtime event governance, API boundary events, retention/durability, and warning rate limits.
- Added NATS JetStream publish support for notify/audit targets, SFTP macOS/Windows support and docs, Helm multi-pool capacity expansion, and Docker/cluster startup hardening.
- Improved PUT, GET, EC decode, multipart sync, object cache, metrics, report collection, and large-object first-byte latency paths.
- Removed avoidable hot-path work such as repeated env reads, unnecessary metric-handle lookup, per-emission allocations, percentile sorting on per-IO paths, extra shard zeroing/copying, and blocking filesystem work in async paths.
- Expanded e2e, property, fuzz, table-catalog, lifecycle, replication, admin-auth, cache, ECStore, filemeta, parser, erasure, path-validator, and MinIO/SSE interop coverage.
- Stabilized nextest profiles, quarantine policy, migration-critical count guards, e2e smoke lanes, weekly s3tests, Mint and perf pipelines, scheduled CI alerts, cargo-deny supply-chain checks, SBOM/provenance assets, release image scans, secret-scanning exclusions, and stable Rust toolchain usage.
- Updated docs for scanner/runtime controls, SFTP operations, object data cache boundaries, testing pyramid, e2e contributor workflow, security advisory lessons, Makefile/CONTRIBUTING verification gates, and Podman instructions.
- Site replication fixes and replication startup behavior by @abdullahnah92.
- SFTP platform support and NATS JetStream target support by @simon-escapecode.
- Table catalog/IAM/metadata compatibility work by @GatewayJ.
- ECStore, lifecycle, logging, replication, and admin fixes by @cxymds, @reatang, @RamakrishnaChilaka, and @majinghe.
- Docs, CLI, Helm, and observability fixes from @w4hf, @Tirka, @Rohmilchkaese, @Littlew0od, and others.
- 1,200+ merged PR entries condensed into this summary.
- Largest areas: ECStore/storage, replication, table catalog, observability, runtime context migration, security hardening, and CI/test reliability.
- @abdullahnah92 made their first contribution in https://github.com/rustfs/rustfs/pull/3401
- @w4hf made their first contribution in https://github.com/rustfs/rustfs/pull/3479
- @AdnanHussainTurki made their first contribution in https://github.com/rustfs/rustfs/pull/3488
- @hkwi made their first contribution in https://github.com/rustfs/rustfs/pull/3653
- @rokton made their first contribution in https://github.com/rustfs/rustfs/pull/3831
Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.8...1.0.0-beta.9
1.0.0-beta.9
RustFS 1.0.0-beta.9 focuses on hardening the storage engine, S3 compatibility, table catalog support, runtime observability, security posture, and CI/release reliability. This summary condenses the full beta.8...beta.9 change set while preserving the contributor credits below.
- Hardened ECStore object reads/writes, listings, metadata updates, delete rollback, heal cleanup, and crash-consistency boundaries across degraded, multipart, and directory-marker cases.
- Improved large-object and GET-path behavior with codec-streaming rollout controls, bitrot path cleanup, short-body/truncation detection, pooled shard reuse, hedged slow shard reads, fewer setup fanouts, and safer legacy fallback handling.
- Added and refined io_uring read support behind runtime probes/rollout gates, including per-disk probe cache, degradation latch, O_DIRECT preservation, fd cache invariants, page-cache reclaim, and rustfs-uring updates.
- Tightened object data cache correctness: write-unique keys, invalidation/fill race fixes, bounded memory admission, clear/drain stability, admin visibility, benchmarks, and Grafana coverage.
- Improved capacity accounting and filesystem probing, including symlinked scan roots, safe env defaults, Linux filesystem magic mapping, and drive stall budgets for walks.
- Improved S3 API compatibility with flexible multipart checksums, content disposition on GET, native additional checksum support, virtual-hosted-style 501 guidance, stronger SigV4 negative coverage, and AWS-aligned object-lock overwrite tests.
- Hardened replication and site-replication flows: bidirectional sync/backfill, MRF persistence, target refresh after peer edits, multipart fanout integrity, loopback coverage, version deletion convergence, service account sync, custom TLS peers, and outbound checksum consistency.
- Made lifecycle/tiering recovery safer with recoverable tier cleanup, persisted remote-tier delete journal tasks, expire/GET race coverage, lifecycle debug acceleration for tests, and gated s3-tests lifecycle lanes.
- Strengthened admin behavior for auth, server info, metrics auth, account info quotas, datausage live refresh, heal runtime state, site-replication import notifications, and external OIDC redirects.
- Added or reinforced authorization and input-safety fixes across remote target listing, FTP handlers, metrics, admin auth, service-account deletion, JSON ingress, signed headers, SSE-C nonce persistence, local SSE-S3 fallback, KMS local key storage, outbound egress guards, Docker credential handling, log cleaner symlink safety, and GHSA regression tests.
- Fixed correctness issues around incomplete object streams, DARE truncation, peer-health counting, storage error mapping, CommonPrefix merging, metadata early-stop quorum, rollback warnings, and background task cancellation.
- Added adversarial validation policy/playbooks and removed agent-generated planning docs from version control.
- Expanded S3 Tables/Iceberg support with REST commit compatibility, exists endpoints, scoped credentials, data-plane policy bridge, protected ref metadata, production surfaces, refs/views semantics, external catalog sync, backing migration contracts, vendor compatibility profiles, maintenance workers, reachability cleanup, row-level conflict hardening, PyIceberg live smoke coverage, and conformance evidence.
- Continued the InstanceContext/AppContext migration across startup, storage, IAM, admin, ECStore, runtime services, bucket metadata, embedded servers, per-server contexts, and optional runtime boundaries.
- Added runtime capability, workload admission, memory/allocator/metrics controller status, extension/ops-profiler schemas, plugin/sidecar policy gates, and embedded multi-server support.
- Reduced logging and telemetry noise while improving request IDs, redaction, OTLP/local output consistency, dial9 opt-in telemetry, runtime event governance, API boundary events, retention/durability, and warning rate limits.
- Added NATS JetStream publish support for notify/audit targets, SFTP macOS/Windows support and docs, Helm multi-pool capacity expansion, and Docker/cluster startup hardening.
- Improved PUT, GET, EC decode, multipart sync, object cache, metrics, report collection, and large-object first-byte latency paths.
- Removed avoidable hot-path work such as repeated env reads, unnecessary metric-handle lookup, per-emission allocations, percentile sorting on per-IO paths, extra shard zeroing/copying, and blocking filesystem work in async paths.
- Expanded e2e, property, fuzz, table-catalog, lifecycle, replication, admin-auth, cache, ECStore, filemeta, parser, erasure, path-validator, and MinIO/SSE interop coverage.
- Stabilized nextest profiles, quarantine policy, migration-critical count guards, e2e smoke lanes, weekly s3tests, Mint and perf pipelines, scheduled CI alerts, cargo-deny supply-chain checks, SBOM/provenance assets, release image scans, secret-scanning exclusions, and stable Rust toolchain usage.
- Updated docs for scanner/runtime controls, SFTP operations, object data cache boundaries, testing pyramid, e2e contributor workflow, security advisory lessons, Makefile/CONTRIBUTING verification gates, and Podman instructions.
- Site replication fixes and replication startup behavior by @abdullahnah92.
- SFTP platform support and NATS JetStream target support by @simon-escapecode.
- Table catalog/IAM/metadata compatibility work by @GatewayJ.
- ECStore, lifecycle, logging, replication, and admin fixes by @cxymds, @reatang, @RamakrishnaChilaka, and @majinghe.
- Docs, CLI, Helm, and observability fixes from @w4hf, @Tirka, @Rohmilchkaese, @Littlew0od, and others.
- 1,200+ merged PR entries condensed into this summary.
- Largest areas: ECStore/storage, replication, table catalog, observability, runtime context migration, security hardening, and CI/test reliability.
- @abdullahnah92 made their first contribution in https://github.com/rustfs/rustfs/pull/3401
- @w4hf made their first contribution in https://github.com/rustfs/rustfs/pull/3479
- @AdnanHussainTurki made their first contribution in https://github.com/rustfs/rustfs/pull/3488
- @hkwi made their first contribution in https://github.com/rustfs/rustfs/pull/3653
- @rokton made their first contribution in https://github.com/rustfs/rustfs/pull/3831
Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.8...1.0.0-beta.9
2.5.3 (Jul 14th, 2026)
Nacos 2.5.3 is mainly a bugfix, security, and experience-improvement release for the 2.x series.
This release focuses on:
- Compatible security dependency upgrades for the v2.x JDK 8 baseline.
- Client stability and logging improvements.
- Config namespace isolation fixes.
- Server-side request validation improvements.
It also keeps incompatible major dependency lines out of v2.x, such as Spring Boot 3, Spring Framework 6, and other JDK 17+ only upgrades.
Detailed changes in this release:
No major feature changes.
[#12323] Improve Logback packagingData behavior by making it configurable through nacos.logback.packagingData with default false, and upgrade the external Logback adapter to 1.1.5.
[#13940] Fix continuous class unloading during Nacos Client Log4j2 configuration reload by using safe Log4j2 initialization.
[#14423] Fix missing exceptions when form parameters exceed the configured Tomcat request size limit.
[#15437] Fix client shutdown thread leaks and executor creation race conditions in ConfigRpcTransportClient and related client components.
[#15497] Fix Config namespace isolation for ID-based export, batch delete, and clone operations, and enforce source namespace read permission for clone requests.
[#13998][#14859] Upgrade embedded Tomcat to 9.0.118 to address known Tomcat CVEs.
[#15025][#15451] Upgrade compatible v2.x dependencies, including Jackson to 2.18.9, gRPC Java to 1.75.0, and Spring Security to 5.8.16, while preserving the JDK 8 baseline.
| Module | Java Required |
|---|---|
| Nacos-Server / Nacos-Console | Java 8 |
| Nacos-Client | Java 8 |
- @zmz789 made their first contribution in https://github.com/alibaba/nacos/pull/15288
Full Changelog: https://github.com/alibaba/nacos/compare/2.5.2...2.5.3