52 minutes ago
nginx

release-1.30.4

nginx-1.30.4 stable version has been released, with fixes for buffer overflow vulnerability when using map with regex (CVE-2026-42533), memory disclosure vulnerability when using ngx_http_slice_module (CVE-2026-60005), and use-after-free vulnerability when using ngx_http_ssi_module (CVE-2026-56434).

See official CHANGES-1.30 on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

Full Changelog: https://github.com/nginx/nginx/compare/release-1.30.3...release-1.30.4

2 hours ago
nginx

release-1.31.3

nginx-1.31.3 mainline version has been released, with fixes for buffer overflow vulnerability when using map with regex (CVE-2026-42533), memory disclosure vulnerability when using ngx_http_slice_module (CVE-2026-60005), and use-after-free vulnerability when using ngx_http_ssi_module (CVE-2026-56434).

See official CHANGES on nginx.org.

Below is a release summary generated by GitHub.

What's Changed

New Contributors

Full Changelog: https://github.com/nginx/nginx/compare/release-1.31.2...release-1.31.3

7 hours ago
rustfs

1.0.0-beta.9

What's Changed

RustFS 1.0.0-beta.9 focuses on hardening the storage engine, S3 compatibility, table catalog support, runtime observability, security posture, and CI/release reliability. This summary condenses the full beta.8...beta.9 change set while preserving the contributor credits below.

Storage, ECStore, and GET Path

  • Hardened ECStore object reads/writes, listings, metadata updates, delete rollback, heal cleanup, and crash-consistency boundaries across degraded, multipart, and directory-marker cases.
  • Improved large-object and GET-path behavior with codec-streaming rollout controls, bitrot path cleanup, short-body/truncation detection, pooled shard reuse, hedged slow shard reads, fewer setup fanouts, and safer legacy fallback handling.
  • Added and refined io_uring read support behind runtime probes/rollout gates, including per-disk probe cache, degradation latch, O_DIRECT preservation, fd cache invariants, page-cache reclaim, and rustfs-uring updates.
  • Tightened object data cache correctness: write-unique keys, invalidation/fill race fixes, bounded memory admission, clear/drain stability, admin visibility, benchmarks, and Grafana coverage.
  • Improved capacity accounting and filesystem probing, including symlinked scan roots, safe env defaults, Linux filesystem magic mapping, and drive stall budgets for walks.

S3, Replication, Lifecycle, and Admin

  • Improved S3 API compatibility with flexible multipart checksums, content disposition on GET, native additional checksum support, virtual-hosted-style 501 guidance, stronger SigV4 negative coverage, and AWS-aligned object-lock overwrite tests.
  • Hardened replication and site-replication flows: bidirectional sync/backfill, MRF persistence, target refresh after peer edits, multipart fanout integrity, loopback coverage, version deletion convergence, service account sync, custom TLS peers, and outbound checksum consistency.
  • Made lifecycle/tiering recovery safer with recoverable tier cleanup, persisted remote-tier delete journal tasks, expire/GET race coverage, lifecycle debug acceleration for tests, and gated s3-tests lifecycle lanes.
  • Strengthened admin behavior for auth, server info, metrics auth, account info quotas, datausage live refresh, heal runtime state, site-replication import notifications, and external OIDC redirects.

Security and Correctness

  • Added or reinforced authorization and input-safety fixes across remote target listing, FTP handlers, metrics, admin auth, service-account deletion, JSON ingress, signed headers, SSE-C nonce persistence, local SSE-S3 fallback, KMS local key storage, outbound egress guards, Docker credential handling, log cleaner symlink safety, and GHSA regression tests.
  • Fixed correctness issues around incomplete object streams, DARE truncation, peer-health counting, storage error mapping, CommonPrefix merging, metadata early-stop quorum, rollback warnings, and background task cancellation.
  • Added adversarial validation policy/playbooks and removed agent-generated planning docs from version control.

Table Catalog and Iceberg

  • Expanded S3 Tables/Iceberg support with REST commit compatibility, exists endpoints, scoped credentials, data-plane policy bridge, protected ref metadata, production surfaces, refs/views semantics, external catalog sync, backing migration contracts, vendor compatibility profiles, maintenance workers, reachability cleanup, row-level conflict hardening, PyIceberg live smoke coverage, and conformance evidence.

Runtime, Config, Extensions, and Observability

  • Continued the InstanceContext/AppContext migration across startup, storage, IAM, admin, ECStore, runtime services, bucket metadata, embedded servers, per-server contexts, and optional runtime boundaries.
  • Added runtime capability, workload admission, memory/allocator/metrics controller status, extension/ops-profiler schemas, plugin/sidecar policy gates, and embedded multi-server support.
  • Reduced logging and telemetry noise while improving request IDs, redaction, OTLP/local output consistency, dial9 opt-in telemetry, runtime event governance, API boundary events, retention/durability, and warning rate limits.
  • Added NATS JetStream publish support for notify/audit targets, SFTP macOS/Windows support and docs, Helm multi-pool capacity expansion, and Docker/cluster startup hardening.

Performance

  • Improved PUT, GET, EC decode, multipart sync, object cache, metrics, report collection, and large-object first-byte latency paths.
  • Removed avoidable hot-path work such as repeated env reads, unnecessary metric-handle lookup, per-emission allocations, percentile sorting on per-IO paths, extra shard zeroing/copying, and blocking filesystem work in async paths.

Testing, CI, and Release

  • Expanded e2e, property, fuzz, table-catalog, lifecycle, replication, admin-auth, cache, ECStore, filemeta, parser, erasure, path-validator, and MinIO/SSE interop coverage.
  • Stabilized nextest profiles, quarantine policy, migration-critical count guards, e2e smoke lanes, weekly s3tests, Mint and perf pipelines, scheduled CI alerts, cargo-deny supply-chain checks, SBOM/provenance assets, release image scans, secret-scanning exclusions, and stable Rust toolchain usage.
  • Updated docs for scanner/runtime controls, SFTP operations, object data cache boundaries, testing pyramid, e2e contributor workflow, security advisory lessons, Makefile/CONTRIBUTING verification gates, and Podman instructions.

Notable External Contributions

  • Site replication fixes and replication startup behavior by @abdullahnah92.
  • SFTP platform support and NATS JetStream target support by @simon-escapecode.
  • Table catalog/IAM/metadata compatibility work by @GatewayJ.
  • ECStore, lifecycle, logging, replication, and admin fixes by @cxymds, @reatang, @RamakrishnaChilaka, and @majinghe.
  • Docs, CLI, Helm, and observability fixes from @w4hf, @Tirka, @Rohmilchkaese, @Littlew0od, and others.

Scale of This Release

  • 1,200+ merged PR entries condensed into this summary.
  • Largest areas: ECStore/storage, replication, table catalog, observability, runtime context migration, security hardening, and CI/test reliability.

New Contributors

Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.8...1.0.0-beta.9

17 hours ago
rustfs

1.0.0-beta.9

What's Changed

RustFS 1.0.0-beta.9 focuses on hardening the storage engine, S3 compatibility, table catalog support, runtime observability, security posture, and CI/release reliability. This summary condenses the full beta.8...beta.9 change set while preserving the contributor credits below.

Storage, ECStore, and GET Path

  • Hardened ECStore object reads/writes, listings, metadata updates, delete rollback, heal cleanup, and crash-consistency boundaries across degraded, multipart, and directory-marker cases.
  • Improved large-object and GET-path behavior with codec-streaming rollout controls, bitrot path cleanup, short-body/truncation detection, pooled shard reuse, hedged slow shard reads, fewer setup fanouts, and safer legacy fallback handling.
  • Added and refined io_uring read support behind runtime probes/rollout gates, including per-disk probe cache, degradation latch, O_DIRECT preservation, fd cache invariants, page-cache reclaim, and rustfs-uring updates.
  • Tightened object data cache correctness: write-unique keys, invalidation/fill race fixes, bounded memory admission, clear/drain stability, admin visibility, benchmarks, and Grafana coverage.
  • Improved capacity accounting and filesystem probing, including symlinked scan roots, safe env defaults, Linux filesystem magic mapping, and drive stall budgets for walks.

S3, Replication, Lifecycle, and Admin

  • Improved S3 API compatibility with flexible multipart checksums, content disposition on GET, native additional checksum support, virtual-hosted-style 501 guidance, stronger SigV4 negative coverage, and AWS-aligned object-lock overwrite tests.
  • Hardened replication and site-replication flows: bidirectional sync/backfill, MRF persistence, target refresh after peer edits, multipart fanout integrity, loopback coverage, version deletion convergence, service account sync, custom TLS peers, and outbound checksum consistency.
  • Made lifecycle/tiering recovery safer with recoverable tier cleanup, persisted remote-tier delete journal tasks, expire/GET race coverage, lifecycle debug acceleration for tests, and gated s3-tests lifecycle lanes.
  • Strengthened admin behavior for auth, server info, metrics auth, account info quotas, datausage live refresh, heal runtime state, site-replication import notifications, and external OIDC redirects.

Security and Correctness

  • Added or reinforced authorization and input-safety fixes across remote target listing, FTP handlers, metrics, admin auth, service-account deletion, JSON ingress, signed headers, SSE-C nonce persistence, local SSE-S3 fallback, KMS local key storage, outbound egress guards, Docker credential handling, log cleaner symlink safety, and GHSA regression tests.
  • Fixed correctness issues around incomplete object streams, DARE truncation, peer-health counting, storage error mapping, CommonPrefix merging, metadata early-stop quorum, rollback warnings, and background task cancellation.
  • Added adversarial validation policy/playbooks and removed agent-generated planning docs from version control.

Table Catalog and Iceberg

  • Expanded S3 Tables/Iceberg support with REST commit compatibility, exists endpoints, scoped credentials, data-plane policy bridge, protected ref metadata, production surfaces, refs/views semantics, external catalog sync, backing migration contracts, vendor compatibility profiles, maintenance workers, reachability cleanup, row-level conflict hardening, PyIceberg live smoke coverage, and conformance evidence.

Runtime, Config, Extensions, and Observability

  • Continued the InstanceContext/AppContext migration across startup, storage, IAM, admin, ECStore, runtime services, bucket metadata, embedded servers, per-server contexts, and optional runtime boundaries.
  • Added runtime capability, workload admission, memory/allocator/metrics controller status, extension/ops-profiler schemas, plugin/sidecar policy gates, and embedded multi-server support.
  • Reduced logging and telemetry noise while improving request IDs, redaction, OTLP/local output consistency, dial9 opt-in telemetry, runtime event governance, API boundary events, retention/durability, and warning rate limits.
  • Added NATS JetStream publish support for notify/audit targets, SFTP macOS/Windows support and docs, Helm multi-pool capacity expansion, and Docker/cluster startup hardening.

Performance

  • Improved PUT, GET, EC decode, multipart sync, object cache, metrics, report collection, and large-object first-byte latency paths.
  • Removed avoidable hot-path work such as repeated env reads, unnecessary metric-handle lookup, per-emission allocations, percentile sorting on per-IO paths, extra shard zeroing/copying, and blocking filesystem work in async paths.

Testing, CI, and Release

  • Expanded e2e, property, fuzz, table-catalog, lifecycle, replication, admin-auth, cache, ECStore, filemeta, parser, erasure, path-validator, and MinIO/SSE interop coverage.
  • Stabilized nextest profiles, quarantine policy, migration-critical count guards, e2e smoke lanes, weekly s3tests, Mint and perf pipelines, scheduled CI alerts, cargo-deny supply-chain checks, SBOM/provenance assets, release image scans, secret-scanning exclusions, and stable Rust toolchain usage.
  • Updated docs for scanner/runtime controls, SFTP operations, object data cache boundaries, testing pyramid, e2e contributor workflow, security advisory lessons, Makefile/CONTRIBUTING verification gates, and Podman instructions.

Notable External Contributions

  • Site replication fixes and replication startup behavior by @abdullahnah92.
  • SFTP platform support and NATS JetStream target support by @simon-escapecode.
  • Table catalog/IAM/metadata compatibility work by @GatewayJ.
  • ECStore, lifecycle, logging, replication, and admin fixes by @cxymds, @reatang, @RamakrishnaChilaka, and @majinghe.
  • Docs, CLI, Helm, and observability fixes from @w4hf, @Tirka, @Rohmilchkaese, @Littlew0od, and others.

Scale of This Release

  • 1,200+ merged PR entries condensed into this summary.
  • Largest areas: ECStore/storage, replication, table catalog, observability, runtime context migration, security hardening, and CI/test reliability.

New Contributors

Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.8...1.0.0-beta.9

1 days ago
nacos

2.5.3 (Jul 14th, 2026)

Nacos 2.5.3 is mainly a bugfix, security, and experience-improvement release for the 2.x series.

This release focuses on:

  • Compatible security dependency upgrades for the v2.x JDK 8 baseline.
  • Client stability and logging improvements.
  • Config namespace isolation fixes.
  • Server-side request validation improvements.

It also keeps incompatible major dependency lines out of v2.x, such as Spring Boot 3, Spring Framework 6, and other JDK 17+ only upgrades.


Detailed changes in this release:

Feature

No major feature changes.

Enhancement/Refactor

[#12323] Improve Logback packagingData behavior by making it configurable through nacos.logback.packagingData with default false, and upgrade the external Logback adapter to 1.1.5.

BugFix

[#13940] Fix continuous class unloading during Nacos Client Log4j2 configuration reload by using safe Log4j2 initialization.

[#14423] Fix missing exceptions when form parameters exceed the configured Tomcat request size limit.

[#15437] Fix client shutdown thread leaks and executor creation race conditions in ConfigRpcTransportClient and related client components.

[#15497] Fix Config namespace isolation for ID-based export, batch delete, and clone operations, and enforce source namespace read permission for clone requests.

Dependencies

[#13998][#14859] Upgrade embedded Tomcat to 9.0.118 to address known Tomcat CVEs.

[#15025][#15451] Upgrade compatible v2.x dependencies, including Jackson to 2.18.9, gRPC Java to 1.75.0, and Spring Security to 5.8.16, while preserving the JDK 8 baseline.


Java Version Requirements

Module Java Required
Nacos-Server / Nacos-Console Java 8
Nacos-Client Java 8

New Contributors

Full Changelog: https://github.com/alibaba/nacos/compare/2.5.2...2.5.3

4 days ago
superset

superset-helm-chart-0.20.0

Apache Superset is a modern, enterprise-ready business intelligence web application

5 days ago
prometheus

3.13.1 / 2026-07-10

This is a bugfix release for 3.13 LTS.

  • [BUGFIX] TSDB: Fix the head-chunk cache returning samples from the wrong chunk, or spurious not-found errors, to range queries after head-chunk truncation. #19134
5 days ago
milvus

milvus-2.6.20

Release note is coming soon...

5 days ago
seaweedfs

4.39

What's Changed

Seaweed Volume (Rust)

  • async, buffered writes in VolumeEcShardsCopy (#10237)
  • fix orphan purge against the rust volume server (#10289)

Volume (Go)

  • keep tier-uploaded volume reporting to master after volume.tier.upload (#10259)
  • clear remote flag when tiering a volume back to local (#10262)
  • reload a remote-tiered volume without re-entering the data lock (#10266)
  • parallelize under-replicated volume copies (#10275)
  • rank by physical disk usage (#10271)

Filer

  • keep the internal .system folder out of the per-bucket store path (#10248)
  • require JWT authorization on TUS upload endpoints (#10249)
  • cut metadata-subscription allocation churn (#10260)
  • share one log-buffer window snapshot across all subscriber reads (#10267)

S3

  • optimize encodePath memory allocations (#10252)
  • fail over routed object writes when the owner filer is unreachable (#10251)
  • keep empty-folder cleanup out of the multipart .uploads staging tree (#10273)
  • tear down the emptied .versions directory on last-version delete (#10278)
  • keep listing when empty directories fill the listing window (#10280)
  • measure quota usage by logical size (#10274)
  • verify SigV4 against each plausible reverse-proxy host (#10284)

Mount

  • re-assign to a live volume when a write can't land (#10239)

IAM

  • surface OIDC groups and roles into the STS session request context for resource-policy ABAC (#10263)

Java Client

  • HTTP Basic Auth for filer behind an Nginx reverse proxy (#10258)
  • fail cleanly when a chunk read returns short or empty data (#10269)

Shell & Admin

  • print markVolumeWritable/markVolumeReadonly based on the writable flag (#10283)
  • stop holding the shell admin lock across whole scheduler batches (#10290)

Topology & Balancer

  • share replica selection between shell and workers (#10276)

Other

  • reduce mem alloc while building str in refract (#10261)
  • cap the shared-snapshot race test's heap in log_buffer (#10281)
  • dropped test error in weed/worker/tasks/balance (#10291)
  • merge filer service annotations to avoid duplicate keys in Helm (#10293)

Dependencies

  • google.golang.org/api 0.278.0 → 0.287.0 (#10246)
  • github.com/Azure/azure-sdk-for-go/sdk/storage/azblob 1.7.0 → 1.8.0 (#10245)
  • github.com/aws/aws-sdk-go-v2/credentials 1.19.24 → 1.19.26 (#10243)
  • github.com/go-redsync/redsync/v4 4.16.0 → 4.17.0 (#10244)
  • github.com/ydb-platform/ydb-go-sdk-auth-environ 0.5.1 → 0.5.2 (#10240)
  • docker/setup-qemu-action 4.1.0 → 4.2.0 (#10242)
  • docker/login-action 4.2.0 → 4.4.0 (#10241)
  • golang.org/x/crypto 0.45.0 → 0.52.0 in /test/sftp (#10264)
  • golang.org/x/crypto 0.51.0 → 0.52.0 in /test/kafka/kafka-client-loadtest (#10265)

New Contributors

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.38...4.39

6 days ago
prometheus

3.5.5 / 2026-07-09

This release is built with Go 1.25.12 and fixes a security issue in a UI dependency.

  • [SECURITY] UI: Bump sanitize-html to v2.17.5 to fix CVE-2026-53606. #19060