• Misc

  • fix(http): check delete request errors before auth by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9784
  • chore(weed/storage/needle): prune unused test functions by @alrs in https://github.com/seaweedfs/seaweedfs/pull/9812
  • [test] update docker image for s3test by @kmlebedev in https://github.com/seaweedfs/seaweedfs/pull/9811
  • security: hot-reload JWT signing keys on SIGHUP by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9826
  • ip.bind: bind outbound connections to the configured address by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9834
  • s3: actually bind outbound connections when -ip.bind is set by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9849
  • operation: index VidCache by map instead of slice by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9853
  • rust release: fix large-disk/normal binary overwrite + publish md5 checksums by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9862

• Volume Server

  • [CheckDisk]: implement disk health detection by @MilanFun in https://github.com/seaweedfs/seaweedfs/pull/9560
  • fix(needle): use discovered file content type by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9851
  • ec placement: spread EC shards evenly across machines, not onto the lowest-id one by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9855
  • Treat co-located volume servers as one fault domain when balancing and allocating by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9854
  • ec.balance: verify shard landed on destination before deleting the source by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9858

• Admin Server and Worker

  • fix(admin): make scheduler pruning lane-aware by @ahalaun in https://github.com/seaweedfs/seaweedfs/pull/9790
  • admin: show S3 servers under Cluster by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9847
  • worker: drop ec.balance from the default admin script by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9848
  • admin: default -dataDir to "." so maintenance task state persists across restarts by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9856
  • admin/maintenance: reload in-flight tasks on startup instead of discarding them by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9857

• S3 API

  • fix(s3/lifecycle): report success to admin via JobCompleted by @ahalaun in https://github.com/seaweedfs/seaweedfs/pull/9787
  • fix(s3api): authorize DeleteObjects per key so object-scoped policies match by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9793
  • fix(s3api): keep ListBucket resource ARN at bucket level by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9792
  • test(s3/iam): scope ListBucket isolation via s3:prefix condition by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9805
  • fix(iam): implement CreatePolicyVersion for managed policies by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9795
  • fix(iam): return a valid user ARN from CreateUser and GetUser by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9794
  • s3: route object reads to the key's owner filer by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9806
  • s3: defer a recently-unreachable owner that is also the current filer by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9808
  • s3: keep dynamic IAM live when -iam.config is set by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9817
  • s3: return BucketAlreadyOwnedByYou when recreating your own bucket by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9822
  • fix(s3api): standardize ETag calculation in copy handlers by @phucnguyen261199 in https://github.com/seaweedfs/seaweedfs/pull/9829
  • s3: make lifecycle TTL fast path per-bucket opt-in by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9825
  • filer: replicate RECOMPUTE_LATEST pointer updates to peers by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9840
  • s3: rescan .versions when the cached latest pointer is missing on a list by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9841
  • s3: list directory key objects in versioned bucket version listings by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9842
  • test(s3): deref Object.Size in versioned list assertion by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9843
  • test(s3): make the whole versioning suite pass and gate it in CI by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9844
  • s3: collapse suspended-versioning deletes onto one null marker by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9845
  • test(s3): address review feedback on the versioning suite by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9846
  • fix(s3api): require space in v2 auth prefix by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9852
  • fix(s3api): reject zero default retention years by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9860

• FUSE mount

  • fix(mount): don't strand a directory cached-but-empty when an eviction races a rebuild by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9791

• Filer

  • fix(log_buffer): re-check buffer before bailing with ResumeFromDiskError by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9804
  • filer: bound TraverseBfsMetadata memory by queuing directory paths by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9814
  • filer: stream persisted log files when serving metadata subscriptions by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9821
  • filer: keep S3 list order byte-lexicographic regardless of SQL name column collation by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9824
  • fix: handle meta backup offset errors safely by @7y-9 in https://github.com/seaweedfs/seaweedfs/pull/9818
  • feat(filer.backup): -initialSnapshot re-seeds a reinitialized destination by @kisow in https://github.com/seaweedfs/seaweedfs/pull/9828

• sFTPd

  • sftpd: support SSH user certificates signed by a trusted CA by @FabianHardt in https://github.com/seaweedfs/seaweedfs/pull/9815

• Master

  • fix(master): advance maxVolumeId when registering EC shards by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9827
  • master: grow rack-spanning volumes once per DC, capped at copy_N by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9835
  • vacuum: compact a read-only volume when an explicit volumeId is given by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9861

• Helm Charts

  • fix(helm): suspend bucket versioning for YAML bool false by @lexfrei in https://github.com/seaweedfs/seaweedfs/pull/9836
  • fix(helm): deduplicate all-in-one extra environment variables by @lexfrei in https://github.com/seaweedfs/seaweedfs/pull/9837

• @ahalaun made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/9790
• @FabianHardt made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/9815
• @lexfrei made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/9836

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.31...4.32

https://fluentbit.io/announcements/v5.0.7/

• release: update to 5.0.7 by @github-actions[bot] in https://github.com/fluent/fluent-bit/pull/11834
• http_server: serialize worker teardown to prevent race conditions by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11845
• http_server: fix libevent crash on connection drop by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11843
• out_chronicle: Support label and namespace mapping by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11836
• tests: internal: fuzzers: avoid destroying active input fuzzer tasks by @edsiper in https://github.com/fluent/fluent-bit/pull/11850
• config_format: fix YAML variant cleanup on parser errors by @edsiper in https://github.com/fluent/fluent-bit/pull/11857
• avro: Handle int64 values correctly by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11883
• tests: runtime: Stabilize out_lib test case by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11888
• in_elasticsearch: check map size before accessing first entry by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11856
• snappy: fix OOB reads in framed data parser by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11855
• zstd: add 100 MB decompression size limit by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11854
• in_mqtt: fix OOB read from hardcoded remaining length overhead by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11853
• in_collectd: reject parts with length < 4 and fix null-terminator OOB by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11849
• in_forward: validate array size before accessing message mode fields by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11851
• in_syslog: fix integer overflow in octet-counting length parser by @TristanInSec in https://github.com/fluent/fluent-bit/pull/11852
• out_stackdriver: fix multiple memory leaks and potential corruption by @baizhenyu in https://github.com/fluent/fluent-bit/pull/11879
• CODEOWNERS: remove @braydonk and @jefferbrecht by @braydonk in https://github.com/fluent/fluent-bit/pull/11909
• time: time_tz: Handle conversion rules of windows and IANA tzinfo by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11903
• storage: discard checksum corrupt chunks on startup by @edsiper in https://github.com/fluent/fluent-bit/pull/11886
• parser: Add IANA time_zone support for native timestamps by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11913
• workflows: pin all actions to SHA by @patrick-stephens in https://github.com/fluent/fluent-bit/pull/11908
• out_kinesis_streams: increase PUT_RECORDS_PAYLOAD_SIZE to 10MB by @ShelbyZ in https://github.com/fluent/fluent-bit/pull/11848
• in_stdin: support stdin plugin on windows by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11821
• in_ebpf: Implement dns trace by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11735
• out_s3: Provide options for inactive chunks behavior by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11816
• oauth: out_http: add user-agent option for oauth by @rja5 in https://github.com/fluent/fluent-bit/pull/11830
• in_tail: fix offset_key value multiplied by 8 on Windows 64-bit by @zshuang0316 in https://github.com/fluent/fluent-bit/pull/11893
• http_client_http2: bracket IPv6 authority hosts by @edsiper in https://github.com/fluent/fluent-bit/pull/11922

• @TristanInSec made their first contribution in https://github.com/fluent/fluent-bit/pull/11856
• @rja5 made their first contribution in https://github.com/fluent/fluent-bit/pull/11830

Full Changelog: https://github.com/fluent/fluent-bit/compare/v5.0.6...v5.0.7

OpenCV 5.0.0 released!

OpenCV 5.0.0 overview: https://opencv.org/opencv-5 OpenCV 4.x -> 5.x migration guide: https://github.com/opencv/opencv/wiki/OpenCV-4-to-5-migration

🔒 Security

• Bound default HTTP/2 server limits to mitigate memory exhaustion.
• Upgrade Rustls-related dev-dependencies to address rustls-webpki security advisories.

⚙️ Miscellaneous Tasks

• Pin tracing dependencies to preserve Rust 1.84 compatibility.
• Use cargo check for MSRV verification instead of compiling dev-dependencies during tests.
• Update the Semgrep OSS scanning workflow.
• Use valid paths in header serialization tests.
• Gate HTTP/1 CONNECT tests on patched HTTP/1 support.

Update urgency: HIGH: There are critical bugs that may affect a subset of users.

• #15175, RediSearch/RediSearch#9262 Redis fails to start on AArch64
• #15163 MULTI queue memory incorrect memory accounting
• #14581 Rare server hang at shutdown
• #14545 ACL: AOF loading fails if ACL rules are changed and don't allow some commands in MULTI-EXEC
• #14537 SCAN: restore original filter order (revert change introduced in 8.2)
• #14816 setModuleEnumConfig() passing prefixed name to module callbacks
• #14659 ACL: Key-pattern bypass in MSETEX
• #14623 Streams: XTRIM/XADD with approx mode (~) don’t delete entries for DELREF/ACKED strategies
• #14552 Streams: Incorrect behavior when using XDELEX...ACKEDafterXGROUP DESTROY`
• #14848 Crash during command processing on replicas performing full synchronization
• #15188 cluster-announce-ip rejecting hostnames (regression)
• #14667, #14886 Potential TCP stalls/deadlocks
• RediSearch/RediSearch#9484 Shard crash during background index scan of JSON documents with vector fields on Active-Active (CRDT) databases (MOD-15542)
• RediSearch/RediSearch#9635 Severe latency spikes and shard unresponsiveness when EXPIRE or EXPIREAT operations run concurrently with queries on large indexes (MOD-14930)

Update urgency: HIGH: There are critical bugs that may affect a subset of users.

• #15175, RediSearch/RediSearch#9262 Redis fails to start on AArch64
• #15163 MULTI queue memory incorrect memory accounting
• #15115 Under-copy in the Lua debugger
• #15094 Cluster crash when CLIENT KILL unsubscribes SSUBSCRIBE client inside EXEC
• #14963 XREADGROUP: consumer replication inconsistency
• #14934 Client output buffer memory tracking not accounting for copy-avoided bulk string references
• #14970 Sentinel config injection via SENTINEL SET
• #14982 SCAN commands: integer overflow in COUNT parameter
• #15073 CLIENT TRACKING: self-overlap returning non-zero loop index
• #15059 Use-after-free
• #15037 XINFO STREAM: wrong value in the per-slot memory tracking
• #15034, #15081 Issues processing corrupt RDB data
• #15021 HEXPIRE: overflow on fields count
• #14942 Fix COMMAND GETKEYS for PFMERGE with no source keys
• #15188 cluster-announce-ip rejecting hostnames (regression)
• #14667, #14886 Potential TCP stalls/deadlocks
• RediSearch/RediSearch#9484 Shard crash during background index scan of JSON documents with vector fields on Active-Active (CRDT) databases (MOD-15542)
• RediSearch/RediSearch#9635 Severe latency spikes and shard unresponsiveness when EXPIRE or EXPIREAT operations run concurrently with queries on large indexes (MOD-14930)

Update urgency: HIGH: There are critical bugs that may affect a subset of users.

• #15175, RediSearch/RediSearch#9262 Redis fails to start on AArch64
• #14537 SCAN: restore original filter order (revert change introduced in 8.2)
• #14816 setModuleEnumConfig() passing prefixed name to module callbacks
• #14623 Streams: XTRIM/XADD with approx mode (~) don’t delete entries for DELREF/ACKED strategies
• #14552 Streams: Incorrect behavior when using XDELEX...ACKEDafterXGROUP DESTROY`
• #14420 Shutdown blocked client not being properly reset after shutdown cancellation
• #14415 Potential crash in lookupKey() when executing_client is NULL
• #14417 CLUSTER FORGET - heap-buffer-overflow
• #15188 cluster-announce-ip rejecting hostnames (regression)
• #14667, #14886 Potential TCP stalls/deadlocks
• RediSearch/RediSearch#9484 Shard crash during background index scan of JSON documents with vector fields on Active-Active (CRDT) databases (MOD-15542)
• RediSearch/RediSearch#9635 Severe latency spikes and shard unresponsiveness when EXPIRE or EXPIREAT operations run concurrently with queries on large indexes (MOD-14930)

Download Kong 3.9.2 and run it now:

https://konghq.com/install/ Docker Image

Links:

3.9.2 Changelog

• ci(build): enable cross-compilation for macOS x86_64 target by @houseme in https://github.com/rustfs/rustfs/pull/3125
• fix(sse): handle case-insensitive encryption metadata by @overtrue in https://github.com/rustfs/rustfs/pull/3127
• feat(targets): support Kafka SASL auth by @marshawcoco in https://github.com/rustfs/rustfs/pull/3128
• fix(scanner): support PBS subfolder alert threshold by @marshawcoco in https://github.com/rustfs/rustfs/pull/3129
• fix(s3): preserve listing pagination parity by @weisd in https://github.com/rustfs/rustfs/pull/3117
• perf: reduce spawn_blocking contention in PUT path by @overtrue in https://github.com/rustfs/rustfs/pull/3132
• chore(deps): update flake.lock by @houseme in https://github.com/rustfs/rustfs/pull/3139
• test(targets): cover Kafka check SASL validation by @overtrue in https://github.com/rustfs/rustfs/pull/3136
• fix(heal): normalize completed root heal state by @marshawcoco in https://github.com/rustfs/rustfs/pull/3140
• fix(scanner): reduce single-disk scanner churn by @marshawcoco in https://github.com/rustfs/rustfs/pull/3135
• feat(admin): restore config admin compatibility by @houseme in https://github.com/rustfs/rustfs/pull/3133
• chore(agents): add Rust code quality rules and skill by @overtrue in https://github.com/rustfs/rustfs/pull/3144
• docs: update security advisory lessons by @overtrue in https://github.com/rustfs/rustfs/pull/3143
• fix(rebalance): require target goal before completion by @marshawcoco in https://github.com/rustfs/rustfs/pull/3141
• feat(scanner): add scanner budgets and progress metrics by @marshawcoco in https://github.com/rustfs/rustfs/pull/3145
• test(admin): add route registration coverage for config admin APIs by @houseme in https://github.com/rustfs/rustfs/pull/3148
• fix(scanner,data-usage): fix add() logic inversion and usize underflow in reduce_children_of by @overtrue in https://github.com/rustfs/rustfs/pull/3142
• feat(scanner): expose cycle observability controls by @marshawcoco in https://github.com/rustfs/rustfs/pull/3147
• fix(ecstore): tighten object copy rename handling by @GatewayJ in https://github.com/rustfs/rustfs/pull/3131
• fix(io-core,signer): replace unwrap() with proper error handling by @overtrue in https://github.com/rustfs/rustfs/pull/3150
• fix(ecstore): optimize ObjectInfo clone and fix critical TODOs by @overtrue in https://github.com/rustfs/rustfs/pull/3149
• chore(action): add self-host runner support. by @majinghe in https://github.com/rustfs/rustfs/pull/3155
• chore(deps): bump the dependencies group with 6 updates by @dependabot[bot] in https://github.com/rustfs/rustfs/pull/3151
• feat(scanner): expose cycle progress metrics by @marshawcoco in https://github.com/rustfs/rustfs/pull/3152
• feat: Helm chart support extra volumes by @CptOfEvilMinions in https://github.com/rustfs/rustfs/pull/2982
• fix(windows): handle zfs volume paths by @cxymds in https://github.com/rustfs/rustfs/pull/3157
• feat(scanner): expand scanner observability metrics by @marshawcoco in https://github.com/rustfs/rustfs/pull/3159
• fix: window error by @reatang in https://github.com/rustfs/rustfs/pull/3167
• fix(rio): map truncated put bodies to incompletebody by @houseme in https://github.com/rustfs/rustfs/pull/3168
• fix(admin): prefer explicit TLS for site replication endpoint by @cxymds in https://github.com/rustfs/rustfs/pull/3171
• ci: isolate s3 test runner state by @overtrue in https://github.com/rustfs/rustfs/pull/3180
• docs(table): add S3 table concept model by @marshawcoco in https://github.com/rustfs/rustfs/pull/3172
• ci: use hosted runners for light jobs by @overtrue in https://github.com/rustfs/rustfs/pull/3181
• ci: restore ubicloud runners for heavy jobs by @overtrue in https://github.com/rustfs/rustfs/pull/3183
• fix(helm): add apiVersion and kind to PersistentVolumeClaim metadata by @rudxde in https://github.com/rustfs/rustfs/pull/3170
• fix(ci): stabilize Rust setup action by @overtrue in https://github.com/rustfs/rustfs/pull/3163
• fix(lock): align distributed acquisition retries by @overtrue in https://github.com/rustfs/rustfs/pull/3177
• feat(ecstore): add object lock diagnostics by @houseme in https://github.com/rustfs/rustfs/pull/3178
• fix(object-lock): allow locked objects to receive new versions by @marshawcoco in https://github.com/rustfs/rustfs/pull/3179
• feat(scanner): add cycle budget observability by @marshawcoco in https://github.com/rustfs/rustfs/pull/3166
• fix(admin): normalize empty admin GET content length by @GatewayJ in https://github.com/rustfs/rustfs/pull/3160
• chore(release): prepare 1.0.0-beta.7 by @houseme in https://github.com/rustfs/rustfs/pull/3184
• feat(table): add catalog boundary primitives by @marshawcoco in https://github.com/rustfs/rustfs/pull/3173
• feat(oidc): add HIDE_FROM_UI option to exclude providers from console login by @kharkevich in https://github.com/rustfs/rustfs/pull/3162
• fix(ecstore): retry transient walk dir stream errors by @houseme in https://github.com/rustfs/rustfs/pull/3194
• fix: prioritize manual heal queue admission by @marshawcoco in https://github.com/rustfs/rustfs/pull/3192
• feat(scanner): add scanner budget progress controls by @marshawcoco in https://github.com/rustfs/rustfs/pull/3185
• fix(iam): prevent transient IAM walk timeout from crashing startup by @houseme in https://github.com/rustfs/rustfs/pull/3188
• feat(policy): add table catalog admin actions by @marshawcoco in https://github.com/rustfs/rustfs/pull/3200
• fix(security): add deny_unknown_fields to deserialization structs by @overtrue in https://github.com/rustfs/rustfs/pull/3198
• fix(notify): normalize lock ordering to prevent deadlock by @overtrue in https://github.com/rustfs/rustfs/pull/3199
• fix(ecstore): remove dead _buf field from Erasure struct by @overtrue in https://github.com/rustfs/rustfs/pull/3196
• perf(signer): reduce String allocations in V4 signing path by @overtrue in https://github.com/rustfs/rustfs/pull/3197
• fix(s3select): validate scan_range protocol and parquet overlap by @GatewayJ in https://github.com/rustfs/rustfs/pull/3176
• feat(helm): add topology spread constraints configuration to StatefulSet by @rudxde in https://github.com/rustfs/rustfs/pull/3187
• feat(table-catalog): add catalog store entry models by @marshawcoco in https://github.com/rustfs/rustfs/pull/3201
• fix(iam): allow colons and dots in STS claim policy names by @kharkevich in https://github.com/rustfs/rustfs/pull/3164
• fix: make ecstore trash cleanup idempotent by @houseme in https://github.com/rustfs/rustfs/pull/3205
• feat(scanner): add runtime scanner controls and status by @marshawcoco in https://github.com/rustfs/rustfs/pull/3203

• @CptOfEvilMinions made their first contribution in https://github.com/rustfs/rustfs/pull/2982
• @rudxde made their first contribution in https://github.com/rustfs/rustfs/pull/3170

Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-beta.6...1.0.0-beta.7

• update netty to v4.2.15 by @matthoffman in https://github.com/Netflix/zuul/pull/2142
• Fix reentrant double responses on origin errors by @gavinbunney in https://github.com/Netflix/zuul/pull/2139

• @matthoffman made their first contribution in https://github.com/Netflix/zuul/pull/2142

Full Changelog: https://github.com/Netflix/zuul/compare/v3.6.9...v3.6.10