v1.48.0 🫎
by @Mubelotix in https://github.com/meilisearch/meilisearch/pull/5765
Introduces a new POST /render-template route that can be used to render any template or fragment on any input and associated renderRoute experimental feature that gates access to the route.
This route can be used to test document templates and fragments before and after having configured an embedder.
A body payload for the route is of the form:
where template describes the template or fragment to render, and input describes what to use to render the template.
Upon calling this route, Meilisearch responds with:
{
"template": "{{doc.text}}",
"rendered": "template text after rendering using the input"
}
where template contains the unrendered base text of the document template, or the unrendered base JSON object of a fragment, and rendered contains the result of rendering the template of the chosen input.
If input is null in the request, then rendered is null in the response, and the route can be used solely to retrieve a template or fragment from the settings of an index.
The API of this route is subject to change, so before calling this route, please enable the renderRoute experimental feature:
PATCH /experimental-features --json '{"renderRoute": true}'
- Rendering a document from an index on a document template from an embedder of that index
request
// POST /render-template
{
"template": {
"kind": "documentTemplate",
"indexUid": "movies",
"embedder": "myMoviesEmbedder"
},
"input": {
"kind": "indexDocument",
"indexUid": "movies",
"id": "2"
}
response
{
"template": "A movie titled {{doc.title}} whose description starts with {{doc.overview|truncatewords:10}}",
"rendered": "A movie titled Ariel whose description starts with Taisto Kasurinen is a Finnish coal miner whose father has..."
}
- Rendering an inline document on a fragment from an embedder of an index
request
// POST /render-template
{
"template": {
"kind": "indexingFragment",
"indexUid": "dogs",
"embedder": "multi",
"fragment": "captionedImage"
},
"input": {
"kind": "inlineDocument",
"inline": { // pass your document inline as a JSON object
"kind": "dog",
"name": "iko",
"breed": "jack russell",
"mime": "image/png",
"image": "/9j/4AAQSk..."
}
}
}
response
{
"template": {
"content": [
{
"type": "text",
"text": "A picture of a {{doc.kind}} of breed {{doc.breed}}"
},
{
"type": "image_base64",
"image_base64": "data:{{doc.mime}};base64,{{doc.image}}"
}
]
},
"rendered": {
"content": [
{
"type": "text",
"text": "A picture of a dog of breed jack russell"
},
{
"type": "image_base64",
"image_base64": "data:image/png;base64,/9j/4AAQSk..."
}
]
}
}
- Rendering a search query on a search fragment from a multimodal embedder of an index
request
// POST /render-template
{
"template": {
"kind": "searchFragment",
"indexUid": "testIndex",
"embedder": "testEmbedder",
"fragment": "justBreed"
},
"input": {
"kind": "inlineSearch",
"inline": { // pass the search query inline
"q": "unused",
"media": {
"name": "iko",
"breed": "jack russell"
},
"filter": "ignored"
}
}
}
response
{
"template": "It's a {{ media.breed }}",
"rendered": "It's a jack russell"
}
- Rendering an inline document on the document template from the chat settings of an index
request
// POST /render-template
{
"template": {
"kind": "chatDocumentTemplate",
"indexUid": "movies"
// no embedder to specify since chat document template is global to index
},
"input": {
"kind": "indexDocument",
"indexUid": "movies",
"id": "2"
}
response
{
"template": "{% for field in fields %}{% if field.is_searchable and field.value != nil %}{{ field.name }}: {{ field.value }}\n{% endif %}{% endfor %}",
"rendered": "id: 2\ntitle: Ariel\noverview: Taisto Kasurinen is a Finnish coal miner whose father has just committed suicide and who is framed for a crime he did not commit. In jail, he starts to dream about leaving the country and starting a new life. He escapes from prison but things don't go as planned...\ngenres: DramaCrimeComedy\nposter: https://image.tmdb.org/t/p/w500/ojDg0PGvs6R9xYFodRct2kdI6wC.jpg\nrelease_date: 593395200\n"
}
- Rendering a document from an index on an inline document template
request
// POST /render-template
{
"template": {
"kind": "inlineDocumentTemplate",
"inline": "You can pass templates inline as well: nice to test them! {{doc.id}}"
},
"input": {
"kind": "indexDocument",
"indexUid": "movies",
"id": "2"
}
response
{
"template": "You can pass templates inline as well: nice to test them! {{doc.id}}",
"rendered": "You can pass templates inline as well: nice to test them! 2"
}
- Rendering an inline document on an inline indexing fragment
request
// POST /render-template
{
"template": {
"kind": "inlineFragment",
"inline": {
"json_maps": "supported for fragments",
"any_string": "is in liquid format: {{doc.test}}"
}
},
"input": {
"kind": "inlineDocument",
"inline": {
"test": true
}
}
}
response
{
"template": {
"json_maps": "supported for fragments",
"any_string": "is in liquid format: {{doc.test}}"
},
"rendered": {
"json_maps": "supported for fragments",
"any_string": "is in liquid format: true"
}
}
by @ManyTheFish in https://github.com/meilisearch/meilisearch/pull/6446
Foreign filters are meant to be used in a retrieval context (search, get document...), but all the actions related to writing or modifying a document could have several unexpected behaviors if foreign filters are accepted. We prefer forbidding the usage of this feature on the writing routes.
The following routes do not support Foreign-filter anymore:
- Edit documents by function: POST
/indexes/{index_uid}/documents/edit - Delete documents by filter: POST
/indexes/{index_uid}/documents/delete - Export to a remote Meilisearch: POST
/export
Additional change: we now ensure that the experimental features are checked when parsing a filter
- Support prefix search on words registered in the disableOnAttributes and disableOnNumbers settings by @antcybersec in https://github.com/meilisearch/meilisearch/pull/6432
- Add missing logs in search performance details @ManyTheFish in https://github.com/meilisearch/meilisearch/pull/6457
- Ensure the index map budget is a multiplier of the OS page size by @genisis0x in https://github.com/meilisearch/meilisearch/pull/6454
- Reduce risk of vulnerability exploits on GHA by @curquiza in https://github.com/meilisearch/meilisearch/pull/6451
- Replace the
queueDocumentsFetchexperimental feature withdisableDocumentsFetchQueueconverting the feature from an opt-in to an opt-out By @ManyTheFish in https://github.com/meilisearch/meilisearch/pull/6456 - Bump and removes unused dependencies by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6444
- Fix Ollama embeddings changes to fix CI tests by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6450
❤️ Thanks again to @genisis0x and @antcybersec
4.35
-
FUSE
- fix(command): preserve fuse option after writers by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9972
- test: add FUSE database load/durability/perf benchmark by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9980
- mount: tolerance-window write pattern detection for concurrent writeback by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9984
- fix(mount): keep a deferred local create from vanishing when its dir is rebuilt by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9991
- fix(mount): pin rebuild entries by their own inode, not inodeToPath by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9993
- mount: fix deadlock reading an uncached remote-mounted file by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9995
- mount: cache supplementary group IDs for non-root access performance by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10008
- fix(mount): run entry invalidations off the meta-cache apply loop by @kisow in https://github.com/seaweedfs/seaweedfs/pull/10002
- feat(mount): attach Content-MD5 to chunk uploads by @kisow in https://github.com/seaweedfs/seaweedfs/pull/10016
-
Misc
- security.toml: document WEED_ env override for jwt signing keys by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9981
- SECURITY.md: require working repro and trust-boundary impact by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9990
- mq(kafka): don't drop an existing topic when auto-create races by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9998
- Fix typo in SeaweedFS Filer description by @dantetemplar in https://github.com/seaweedfs/seaweedfs/pull/10009
- Logs typos by @m-sementsov in https://github.com/seaweedfs/seaweedfs/pull/10018
- feat: add Prometheus metrics for replication operations by @rushikesh90 in https://github.com/seaweedfs/seaweedfs/pull/10006
- install.sh: fix stale --version example (v3.93 -> 4.34) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10025
- feat: add Prometheus metric for volume creation operations by @rushikesh90 in https://github.com/seaweedfs/seaweedfs/pull/10026
- stats: define metric subsystems as constants by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10027
-
Filer
- filer: tolerance-window read pattern detection for concurrent readahead by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9983
- filer: skip COLLATE "C" list fallback on CockroachDB by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10015
-
Shell
- shell: show remote storage name/key in volume.list output by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9987
- fix(shell): return fs.verify topology errors by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9982
-
Volume Server
- storage: register tier backends at the binary composition root by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9989
- volume: remove ec.bitrotChecksum and ec.bitrotBlockSizeMB flags by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10000
- volume: validate remote S3 endpoints in FetchAndWriteNeedle (Rust) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10001
- volume: detect phantom volumes held open as deleted FDs by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10011
-
Master
- use Leader() instead of MaybeLeader() in SendHeartbeat by @giftz in https://github.com/seaweedfs/seaweedfs/pull/10029
-
S3 API
- s3: bound streaming remote-cache wait so large cold GetObject returns 503, not a hang by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9988
- s3api: add optional request interceptor to circuit breaker by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9994
- s3: improve TTFB for large remote objects by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10010
- fix(s3): verify SigV2 using percent-encoded path for Unicode object keys by @sergey-zinchenko in https://github.com/seaweedfs/seaweedfs/pull/10022
-
Helm Charts
- helm: reject emptyDir for volume idx, and rebuild a missing idx on restart by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10005
-
Admin Server and Worker
- admin: surface user inline policies in object store user details by @msk-psp in https://github.com/seaweedfs/seaweedfs/pull/10013
-
Mini
- mini: resolve admin credentials from security.toml and env vars by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/10021
- @dantetemplar made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10009
- @sergey-zinchenko made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/10022
Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.34...4.35
v25.3.6
- ci: remove labeler and simplify change detection by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9751
- test: align GraphQL health check retries with gRPC pattern by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9752
- build(jemalloc): patch jemalloc 5.3.1 source for libstdc++ 16+ ABI removal by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9740
- dgraphtest: add WithStartupArg for arbitrary Alpha flags by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9741
- test: poll for HNSW index readiness instead of fixed sleeps by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9739
- fix: S390x compatibility by @navaneeswar1011 in https://github.com/dgraph-io/dgraph/pull/9746
- fix(security): compare poorman's auth token in constant time by @alhudz in https://github.com/dgraph-io/dgraph/pull/9736
- edgraph: add AlterNoAuth for trusted in-process schema callers by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9748
- x,edgraph,worker: add a reserved-namespace plugin registry by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9753
- x,edgraph: harden reserved-namespace registration and value-lock delete coverage by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9754
- alpha: add public extensibility hooks for the gRPC server and CLI flags by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9742
- @navaneeswar1011 made their first contribution in https://github.com/dgraph-io/dgraph/pull/9746
- @alhudz made their first contribution in https://github.com/dgraph-io/dgraph/pull/9736
Full Changelog: https://github.com/dgraph-io/dgraph/compare/v25.3.5...v25.3.6
v25.3.6
- ci: remove labeler and simplify change detection by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9751
- test: align GraphQL health check retries with gRPC pattern by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9752
- build(jemalloc): patch jemalloc 5.3.1 source for libstdc++ 16+ ABI removal by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9740
- dgraphtest: add WithStartupArg for arbitrary Alpha flags by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9741
- test: poll for HNSW index readiness instead of fixed sleeps by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9739
- fix: S390x compatibility by @navaneeswar1011 in https://github.com/dgraph-io/dgraph/pull/9746
- fix(security): compare poorman's auth token in constant time by @alhudz in https://github.com/dgraph-io/dgraph/pull/9736
- edgraph: add AlterNoAuth for trusted in-process schema callers by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9748
- x,edgraph,worker: add a reserved-namespace plugin registry by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9753
- x,edgraph: harden reserved-namespace registration and value-lock delete coverage by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9754
- alpha: add public extensibility hooks for the gRPC server and CLI flags by @matthewmcneely in https://github.com/dgraph-io/dgraph/pull/9742
- @navaneeswar1011 made their first contribution in https://github.com/dgraph-io/dgraph/pull/9746
- @alhudz made their first contribution in https://github.com/dgraph-io/dgraph/pull/9736
Full Changelog: https://github.com/dgraph-io/dgraph/compare/v25.3.5...v25.3.6
v3.6.15
- Re-fix 1xx handling by @matthoffman in https://github.com/Netflix/zuul/pull/2149
Full Changelog: https://github.com/Netflix/zuul/compare/v3.6.14...v3.6.15
2026-06-18, Version 26.3.1 (Current), @aduh95
This is a security release.
- (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
- (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
- (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
- (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
- (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
- (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
- (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
- (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
- (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
- (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
- (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) – Low
- [
98fbc89211] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878 - [
110840f2c7] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890 - [
8d36d522b2] - deps: update undici to 8.5.0 (Node.js GitHub Bot) #63903 - [
2e6d03993a] - deps: update undici to 8.4.0 (Node.js GitHub Bot) #63779 - [
5a17d5b07a] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #63820 - [
362725d4e5] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #63820 - [
bd1214ab01] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868 - [
bc0b53813e] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846 - [
87d847bc70] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855 - [
9308084fcb] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867 - [
a67dd46891] - (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) nodejs-private/node-private#885 - [
7057c3f16c] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873 - [
6bc17a6b51] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870 - [
c8668beff8] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854 - [
d1be630415] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854 - [
a14c158bb3] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857 - [
ebda73470d] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869
2026-06-18, Version 24.17.0 'Krypton' (LTS), @aduh95
This is a security release.
- (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
- (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
- (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
- (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
- (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
- (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
- (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
- (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
- (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
- (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
- (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
- [
9e4dfc7bba] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878 - [
cb2aed980c] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890 - [
a8a0d12875] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #62891 - [
66e6203c1c] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #62891 - [
dd627ced27] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #63820 - [
684bae568f] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #63820 - [
3a631e7f83] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #62656 - [
cf44df3996] - deps: update undici to 7.28.0 (Node.js GitHub Bot) #63703 - [
138c70294b] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868 - [
be7e719c3f] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846 - [
cc7c11b4d1] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855 - [
9224427b92] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867 - [
cf85d54839] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873 - [
a1bbc24f96] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870 - [
e3723ff2d6] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854 - [
a77af4867b] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854 - [
31beb4f707] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857 - [
8e75c73f91] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869
2026-06-18, Version 22.23.0 'Jod' (LTS), @aduh95
This is a security release.
- (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
- (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
- (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
- (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
- (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
- (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
- (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
- (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
- (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
- (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
- (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
- [
38b4c5ed51] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878 - [
ad8a10c1bb] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890 - [
ca825a87cc] - deps: update undici to 6.27.0 (aduh95) #63711 - [
a1a5bb9683] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #62891 - [
0f48583512] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #62891 - [
38c869fc05] - deps: update nghttp2 to 1.68.0 (nodejs-github-bot) #61136 - [
290667c84f] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #59790 - [
c9f3da76aa] - deps: update nghttp2 to 1.66.0 (Node.js GitHub Bot) #58786 - [
60890be563] - deps: update nghttp2 to 1.65.0 (Node.js GitHub Bot) #57269 - [
5024c7d5d8] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #63820 - [
7f4eb5af2e] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #63820 - [
ebb4ec78a8] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #62656 - [
5763d40826] - deps: update llhttp to 9.4.1 (Node.js GitHub Bot) #63045 - [
c551a51d0c] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868 - [
0a22d40180] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846 - [
c79968e108] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855 - [
0c37bff2ff] - http2: fix DEP0194 message (KaKa) #58669 - [
ea5dc6b529] - (SEMVER-MAJOR) http2: remove support for priority signaling (Matteo Collina) #58293 - [
9b6af26132] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867 - [
28dcd38864] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873 - [
2f62693801] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870 - [
1662a3ea09] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854 - [
718d5d0e2c] - test: skiptest-fs-utimes-y2K38on armv7 (Richard Lau) #63836 - [
041185b61f] - test: skip test-cluster-dgram-reuse on AIX 7.3 (Stewart X Addison) #62238 - [
fd890ba01d] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854 - [
39d1d09684] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857 - [
2197a47144] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869
superset-helm-chart-0.16.2
Apache Superset is a modern, enterprise-ready business intelligence web application
release-1.30.3
nginx-1.30.3 stable version has been released, with fixes for buffer overflow vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module (CVE-2026-42055), and buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-48142).
See official CHANGES-1.30 on nginx.org.
Below is a release summary generated by GitHub.
- Nginx 1.30.3 with security fixes by @arut in https://github.com/nginx/nginx/pull/1475
Full Changelog: https://github.com/nginx/nginx/compare/release-1.30.2...release-1.30.3
{ "template": /* templateTarget object */, "input": /* inputTarget object or null */ }