3.13.0 / 2026-07-01
This is a Long Term Support LTS release.
- [SECURITY] UI: Bump
sanitize-htmlto fix a cross-site scripting vulnerability (CVE-2026-44990). #18697 - [CHANGE] UI: Third-party npm dependency licenses are now embedded in the Prometheus binary and served at
/assets/third-party-licenses.txt, replacing thenpm_licenses.tar.bz2archive previously shipped in release tarballs and container images. #18997 - [CHANGE] API: Use SHA-256 instead of SHA-1 to generate rule group pagination tokens. #18927
- [CHANGE] HTTP clients: Credentials (Authorization header, basic auth, bearer token, OAuth2, configured headers) are no longer forwarded when following a redirect to a different host; affects scraping, remote read/write, alerting, and service discovery. Via prometheus/common v0.69.0 (CVE-2025-4673 CVE-2023-45289). #18949
- [CHANGE] promtool: Relative file paths in the file passed to
--http.config.fileare now resolved relative to that config file's directory instead of its parent directory. Via prometheus/common v0.69.0. #18949 - [CHANGE] PromQL: Rename the
min()andmax()duration-expression functions (experimental feature flagexperimental-duration-expr) tomin_of()andmax_of()to avoid confusion with theminandmaxaggregate operators. #18687 - [FEATURE] API: Add experimental search endpoints to search metric names, label names, and label values. #18573
- [FEATURE] Discovery/AWS: Add ability to filter RDS instances. #18859
- [FEATURE] PromQL: Add
min_of(a, b)andmax_of(a, b)scalar experimental functions, returning the smaller or larger of two scalar values. #18687 - [FEATURE] PromQL: Add support for smoothed/anchored rate with native histograms. #18564
- [FEATURE] PromQL: Expose per-query
samplesRead(andsamplesReadPerStepwithstats=alland thepromql-per-step-statsfeature flag) in the query stats response, and add theprometheus_engine_query_samples_read_totalengine counter.samplesReadreflects storage I/O distinct fromtotalQueryableSamples, which counts samples loaded into the evaluator (and so over-counts when a sample is reused across multiple range-vector windows). #18081 - [FEATURE] Scrape: Add
__convert_classic_histograms_to_nhcb__internal label to allow per-target override ofconvert_classic_histograms_to_nhcbscrape configuration via relabeling. #18840 - [FEATURE] TSDB: Add
storage.tsdb.chunk_encoding.floatsconfiguration field to select float chunk encoding (xororxor2) at runtime, independently of the--enable-feature=xor2-encodingflag. #18769 - [FEATURE] remote_write: Add Certificate support for ingesting data into an Azure Monitor Workspace. #18217
- [FEATURE] Scrape: Add
__always_scrape_classic_histograms__and__scrape_native_histograms__internal labels to allow per-target override of thealways_scrape_classic_histogramsandscrape_native_histogramsscrape configuration via relabeling. #18929 - [ENHANCEMENT] Release: Container images are now also published to the GitHub Container Registry (ghcr.io). #18791
- [ENHANCEMENT] PromQL: Prettify
fill_left(x) fill_right(x)asfill(x)when both fill values are equal. #18851 - [ENHANCEMENT] UI: Improve autocompletion after closing a function bracket. #18894
- [PERF] Labels: Add case-insensitive prefix matching to speed up evaluation of long case-insensitive regular expressions (up to ~2x faster). #18540
- [PERF] TSDB: Reduce per-sample overhead in chunk population, speeding up affected queries by ~12-15% in benchmarks. #18699
- [PERF] TSDB: Eliminate unnecessary heap allocations in the V2 histogram WAL decoder, reducing allocations by up to 50% and memory by up to 10% for deployments using native histograms with created-timestamp storage enabled (
--enable-feature=created-timestamp-zero-ingestion). #18813 - [BUGFIX] Discovery/AWS: Fix failure when processing an AWS RDS cluster without instances. #18845
- [BUGFIX] Fix race condition in initTime that could cause ErrOutOfBounds. #18629
- [BUGFIX] PromQL: A range query whose
endwas not aligned tostepcaused subqueries inside it to evaluate past the parent's last actual step, inflatingpeakSamplesin the query stats and against thequery.max-sampleslimit, and wasting storage I/O reading samples that were never used in the result. #18081 - [BUGFIX] PromQL: A range query containing an at-modifier-unsafe function over a range-vector with an
@modifier (e.g.predict_linear(metric[60s] @ T, X)) silently under-countedtotalQueryableSamplesfor steps after step 0. #18081 - [BUGFIX] PromQL: Fix
fill_left/fill_rightproducing missing samples in range queries when usinggroup_left/group_right. #18850 - [BUGFIX] PromQL: Fix for resets() and changes() in anchored range extenders with histograms. #18906
- [BUGFIX] PromQL: Fix panic on
1[5m] smoothedand similar expressions when extended range selectors are enabled. #18764 - [BUGFIX] PromQL: Fix panic when a
smoothedinstant vector selector produces no samples for a series. #18943 - [BUGFIX] PromQL: Fix panic when using a parenthesised plain number as an offset (e.g.
foo offset -(5)). #18768 - [BUGFIX] promtool: Fix panic when parsing exposition text containing empty braces
{}. Via prometheus/common v0.69.0. #18949 - [BUGFIX] Promtool: Fix
check healthyandcheck readywhen--urlends with a trailing slash. #18854 - [BUGFIX] Rules: Close PromQL query after each rule evaluation to ensure resources are released. #18733
- [BUGFIX] Scaleway SD: Resolve VPC/IPAM-only instances that have no legacy
private_iporpublic_ipfield, but do have private NICs attached. #18772 - [BUGFIX] TSDB: Do not leak head series when an integer histogram append is rejected (e.g. out-of-order). #18838
- [BUGFIX] UI: Escape label values offered by PromQL autocomplete. #18658
- [BUGFIX] TSDB: Fix chunk snapshot encoding for EncXOR2 chunks, preventing corruption on TSDB restart when EncXOR2-encoded series were present. #18739
- [BUGFIX] TSDB: Store a millisecond timestamp (not a WAL segment number) in walExpiries when a series is evicted via CompactStaleHead/CompactSelectedSeries, so the series's label record is correctly retained in the next WAL checkpoint and replays cleanly. #18847
- [BUGFIX] TSDB: Prevent loss of samples at the chunk-range boundary when CompactSelectedSeries (and CompactStaleHead) evict the series — the per-slice compaction loop now runs one more iteration so the boundary timestamp is captured in a block before the in-memory copy is removed. #18849
2.28.2 (2026-06-30)
This release contains bug fixes since the 2.28.1 release. We recommend that you upgrade at the next available opportunity.
Bugfixes
- #10126 Fix
bgw_job_stat_historymigration for 2.28.1 - #10133 Fix
chunk_constraintmigration - #10137 Fix column ordering on
first/last-based sparse indexes - #10164 Automatically drop incompatible smallint bloom filters when upgrading instead of stopping the upgrade
Thanks
- @juantxorena for reporting an issue with update script for 2.28.1
- @rusha1333 for reporting an issue when upgrading to 2.28.1
v3.6.18
- Resolve
FilterConstraints once and key theisConstrainedcache byClassby @gavinbunney in https://github.com/Netflix/zuul/pull/2158 - Add single-pass
setAlltoHeadersthat preserves multi-valued headers by @gavinbunney in https://github.com/Netflix/zuul/pull/2157
Full Changelog: https://github.com/Netflix/zuul/compare/v3.6.17...v3.6.18
v1.39.1
- #19077
buildCreate tarballs correctly - #19070
inputs.opcuaClose session on stop to prevent reload leak - #19159
inputs.opcuaSkip client certificate on unsecured None channel - #19076
inputs.openweathermapRemove calls to deprecated v2.5 group API - #19167
inputs.smartctlParse stdout only to avoid corrupting JSON - #19093
inputs.tailPrevent panic when closing tailers under load - #19067
inputs.tempUse non-blocking read for hwmon temperatures - #19126
inputs.vsphereFix missing vSAN overall_health metric - #19074
processors.parserHandle metrics without inner timestamp correctly - #19129
migrationsAdd migration for inputs.aerospike - #19121
migrationsAdd migration for inputs.kafka_consumer connection_strategy option - #19122
migrationsAdd migration for inputs.openstack server_diagnotics option - #19133
migrationsAdd migration for inputs.openweathermap query_style option - #19117
migrationsAdd migration for inputs.tail from_beginning option - #19128
migrationsAdd migration for outputs.amon
- #19138
depsBump actions/checkout from 6 to 7 - #19065
depsBump cloud.google.com/go/storage from 1.62.2 to 1.62.3 - #19058
depsBump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.21.1 to 1.22.0 - #19106
depsBump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.1 to 1.14.0 - #19059
depsBump github.com/IBM/sarama from 1.50.1 to 1.50.2 - #19110
depsBump github.com/IBM/sarama from 1.50.2 to 1.50.3 - #19102
depsBump github.com/SAP/go-hdb from 1.16.11 to 1.16.12 - #19057
depsBump github.com/aws/smithy-go from 1.27.0 to 1.27.2 - #19060
depsBump github.com/gopacket/gopacket from 1.6.0 to 1.6.1 - #19142
depsBump github.com/gopcua/opcua from 0.8.0 to 0.9.0 - #19064
depsBump github.com/jedib0t/go-pretty/v6 from 6.7.10 to 6.8.0 - #19108
depsBump github.com/jedib0t/go-pretty/v6 from 6.8.0 to 6.8.1 - #19150
depsBump github.com/moby/moby/api from 1.54.2 to 1.55.0 - #19149
depsBump github.com/moby/moby/client from 0.4.1 to 0.5.0 - #19053
depsBump github.com/pion/dtls/v3 from 3.1.3 to 3.1.4 - #19115
depsBump github.com/prometheus-community/pro-bing from 0.8.0 to 0.9.0 - #19147
depsBump github.com/prometheus/common from 0.68.1 to 0.69.0 - #19141
depsBump github.com/rabbitmq/amqp091-go from 1.11.0 to 1.12.0 - #19170
depsBump github.com/rclone/rclone from 1.69.3 to 1.74.1-0.20260628215305-6bbc28cf02dc - #19109
depsBump github.com/redis/go-redis/v9 from 9.20.0 to 9.20.1 - #19148
depsBump github.com/redis/go-redis/v9 from 9.20.1 to 9.21.0 - #19152
depsBump github.com/testcontainers/testcontainers-go/modules/azure from 0.42.0 to 0.43.0 - #19143
depsBump github.com/testcontainers/testcontainers-go/modules/kafka from 0.42.0 to 0.43.0 - #19144
depsBump github.com/testcontainers/testcontainers-go/modules/vault from 0.42.0 to 0.43.0 - #19111
depsBump go.opentelemetry.io/collector/pdata from 1.59.0 to 1.60.0 - #19054
depsBump go.step.sm/crypto from 0.81.1 to 0.82.0 - #19104
depsBump go.step.sm/crypto from 0.82.0 to 0.83.0 - #19061
depsBump golang.org/x/crypto from 0.52.0 to 0.53.0 - #19055
depsBump golang.org/x/mod from 0.36.0 to 0.37.0 - #19056
depsBump golang.org/x/sync from 0.20.0 to 0.21.0 - #19066
depsBump golang.org/x/sys from 0.45.0 to 0.46.0 - #19063
depsBump golang.org/x/term from 0.43.0 to 0.44.0 - #19062
depsBump golang.org/x/text from 0.37.0 to 0.38.0 - #19107
depsBump golang.org/x/tools from 0.45.0 to 0.46.0 - #19101
depsBump google.golang.org/api from 0.283.0 to 0.284.0 - #19145
depsBump google.golang.org/api from 0.284.0 to 0.286.0 - #19103
depsBump k8s.io/api from 0.36.1 to 0.36.2 - #19113
depsBump k8s.io/client-go from 0.36.1 to 0.36.2 - #19052
depsBump modernc.org/sqlite from 1.51.0 to 1.52.0 - #19151
depsBump modernc.org/sqlite from 1.52.0 to 1.53.0 - #19105
depsBump software.sslmate.com/src/go-pkcs12 from 0.7.1 to 0.7.2 - #19139
depsBump super-linter/super-linter from 8.6.0 to 8.7.0 - #19051
depsBump the aws-sdk-go-v2 group across 1 directory with 11 updates - #19140
depsBump the aws-sdk-go-v2 group with 2 updates - #19100
depsBump the aws-sdk-go-v2 group with 6 updates
| Arch | Platform | Package | SHA256 |
|---|---|---|---|
| arm64 | CentOS | telegraf-1.39.1-1.aarch64.rpm | 0227b00b6295c326f07e3c8e5d463ec045c63526cf6c9cbc13a45dc837700063 |
| armel | CentOS | telegraf-1.39.1-1.armel.rpm | 6712998ae341138c118eacdea1044964a9a29e8fb283c5e4b3bf7d99af5a6352 |
| armv6hl | CentOS | telegraf-1.39.1-1.armv6hl.rpm | 2d406f71c983f6639d7e5ead7b00b52466245624fccc37bfaa89603462c37a4d |
| i386 | CentOS | telegraf-1.39.1-1.i386.rpm | 7d769ca55c362fc9b841d8a644fd3c129c732c6c2db7c8d556748fb4a137b269 |
| unknown | CentOS | telegraf-1.39.1-1.loongarch64.rpm | e9a9f8591286b41c6d61af28fd6ff8bd050a1b1bdd54b52cca6e862ee7eab2dc |
| ppc64le | CentOS | telegraf-1.39.1-1.ppc64le.rpm | 846a6480d333bb3dd0bdb11c6bbe674a839136e488cde7510dff978edf77a988 |
| riscv64 | CentOS | telegraf-1.39.1-1.riscv64.rpm | 9653bb7adca7919c8b9b94d8f322c26c71635face57e12ed4a8276a78f0a2f11 |
| s390x | CentOS | telegraf-1.39.1-1.s390x.rpm | 5df8a1dd1ac77ea253cc2ca99ff1fbf6aed995da09362af3ae213fbbad5a4438 |
| amd64 | CentOS | telegraf-1.39.1-1.x86_64.rpm | 8775538460f86e1ae86a47eb92a92932d1b8949c888d0171df4d8b0534145e73 |
| amd64 | macOS | telegraf-1.39.1_darwin_amd64.dmg | 3b61fcb0abac52d8f915ff900b2c504f2a99fd9dc58a2589f533d611f6d6ff4d |
| amd64 | macOS | telegraf-1.39.1_darwin_amd64.tar.gz | 653c8a4b5afe66b0a6223952853de9f4d9ad4387b62858248fcad1ff4021e060 |
| arm64 | macOS | telegraf-1.39.1_darwin_arm64.dmg | 7af3ca693daae87e4503a3c083421aa465d0b19c6496897067c9d4576111f73f |
| arm64 | macOS | telegraf-1.39.1_darwin_arm64.tar.gz | cb0be878c76cf64d26da63ef77f9fa683ede2b1a79bcbfcbfed836bad16200e0 |
| amd64 | FreeBSD | telegraf-1.39.1_freebsd_amd64.tar.gz | 2f40b1437f9d5c8fad9dee5a92bfa009cfaa3bca190fd4d0dd9f04b92edde480 |
| armv7 | FreeBSD | telegraf-1.39.1_freebsd_armv7.tar.gz | 9c783609bf52cfd953c4a155c7cdfcad59a017f52bf2e26f65e347e0bee9c2a4 |
| i386 | FreeBSD | telegraf-1.39.1_freebsd_i386.tar.gz | 9ef64acc37845695649d6be44fe12dbfbe74497dd827ee670f22df1b6a21a972 |
| amd64 | Linux | telegraf-1.39.1_linux_amd64.tar.gz | d9194fb73fadc18f88d7d6649a2e018168028bedec1fdbc5fb655aaed120647a |
| arm64 | Linux | telegraf-1.39.1_linux_arm64.tar.gz | ed46395c24c47f8360db9d1f0c8684640368879d2aa7fc41e6fe0f8a878990cd |
| armel | Linux | telegraf-1.39.1_linux_armel.tar.gz | f8fb3be1b1c624d50fb7be413ef6d3103204f9bfafcd52010f58ed735438cd63 |
| armhf | Linux | telegraf-1.39.1_linux_armhf.tar.gz | b1daeb9c99e09e8683d565342b01c499cb3b01cdb9ade9289e61e1bc4e506056 |
| i386 | Linux | telegraf-1.39.1_linux_i386.tar.gz | c6093db4012af8d5ca8fff1a12050145f05b211b2ad60dd58d877e3e8c0829ba |
| loong64 | Linux | telegraf-1.39.1_linux_loong64.tar.gz | 9bcccfd681f2ff74e8479f4a018b3423746708de04b33dfb83542bf3a7a938ac |
| mips | Linux | telegraf-1.39.1_linux_mips.tar.gz | 7d9653004e986c57e91cff13dd6d6ce9d81c2f203e7077d42b70df0e947c60e0 |
| mipsel | Linux | telegraf-1.39.1_linux_mipsel.tar.gz | 8aa3aebb3f5cc955357b466e06624cb0e58fddb54525eca7c3bd78097460f832 |
| ppc64le | Linux | telegraf-1.39.1_linux_ppc64le.tar.gz | d85c385598c4af762f28bc8e93cf1a363b344d6e2dd55bc5d79485f7028b7bef |
| riscv64 | Linux | telegraf-1.39.1_linux_riscv64.tar.gz | 2d5295e141d33f17bd35aa542e4502d7ccfe3cdb7b6b6b7c58e9102b77aa97fd |
| s390x | Linux | telegraf-1.39.1_linux_s390x.tar.gz | 82fc2623e9922377c37a4fc5acc061c40981ce7db35100b06c829ea5306d440b |
| amd64 | Windows | telegraf-1.39.1_windows_amd64.zip | b68a1cd98c933d02fc5c1adcc2c0e1f19078e692dd47c47cdc122e552cb3b465 |
| arm64 | Windows | telegraf-1.39.1_windows_arm64.zip | 0d452cf167a6f1c2d82b27b52c4cdd9783aa342925c6138091da0dc5a7438d57 |
| i386 | Windows | telegraf-1.39.1_windows_i386.zip | 5bd9dd501cc3599ec355609b72ba0d2d3f92731f45b33f4bd44be041d1b367f0 |
| amd64 | Debian | telegraf_1.39.1-1_amd64.deb | 77b5b6490c77fbfe30e167ae30e2114cb4f5cf62d74bf90f2c668a927407ddeb |
| arm64 | Debian | telegraf_1.39.1-1_arm64.deb | 9f7ddb24af4b6f38f3e4b58e756acee68d1935d4b82a43a77d44b1e6394f9da6 |
| armel | Debian | telegraf_1.39.1-1_armel.deb | b306ef24bae07bd5fe0946e377df626a3bb7da44484ff1d967a707de5dd8b30d |
| armhf | Debian | telegraf_1.39.1-1_armhf.deb | d62db1a030915ece62f67ea70e02b97bad20fd88c5b271905112c435d7754f31 |
| i386 | Debian | telegraf_1.39.1-1_i386.deb | 6265821fb15d3dd3f4227688a69d9faf7b3406e0c0fa318434282a1c9e4673f5 |
| loong64 | Debian | telegraf_1.39.1-1_loong64.deb | 02bebca10a38a110d737e1927eee9b5dbe929521cd8198b0622506f27a95b682 |
| mips | Debian | telegraf_1.39.1-1_mips.deb | 78ce55ed2106e4a0eceb379a4e665b7565a9f969209ff15065a224783866b8bd |
| mipsel | Debian | telegraf_1.39.1-1_mipsel.deb | 11c3fb7cf072ca91f7549229bfc890d2188aad41453d00dba8697f11ca599b82 |
| ppc64el | Debian | telegraf_1.39.1-1_ppc64el.deb | e0553610cd8e9446a75844ac347513424aa9a60dbecf804f5d9cb065a15c3c73 |
| riscv64 | Debian | telegraf_1.39.1-1_riscv64.deb | 2ce05191486ec1336a02134fafb6fe14bfe241155b04e9e444bcc2bd20bbcdd7 |
| s390x | Debian | telegraf_1.39.1-1_s390x.deb | 5b66feb5261bc49f0a6554324b843143b6afb67ca56ce0fb10245ac8b4784ace |
ThingsBoard 4.3.1.3 Release
- Fixed CVE-2026-44705 and CVE-2026-46625 by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15721
- Fixed CVE-2026-45799 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15757
- Fixed CVE-2026-44249, CVE-2026-44250, CVE-2026-44890, CVE-2026-44893, CVE-2026-45292, CVE-2026-45416, CVE-2026-45674, CVE-2026-46340, CVE-2026-47691, CVE-2026-48006, CVE-2026-48059, CVE-2026-50010, CVE-2026-50011 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15795
- Fixed CVE-2026-44705, CVE-2026-50171, CVE-2026-50170, CVE-2026-54267, CVE-2026-54266, CVE-2026-54290, CVE-2026-48779, CVE-2026-54268, CWE-426, CWE-494, CVE-2026-53571, CVE-2026-12143, CVE-2026-9277 by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15799
- Integration with IoT Hub by @ikulikov in https://github.com/thingsboard/thingsboard/pull/15193
- AI models: structured output support for more providers; fix Vertex AI location routing by @dskarzh in https://github.com/thingsboard/thingsboard/pull/15728
- Prevented integer overflow in calculated field SUM output by @volodymyr-babak in https://github.com/thingsboard/thingsboard/pull/15620
- Fixed queue prefix not applied in some cases causing orphaned topics by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/15666
- Fixed RPC call request rule node returning null body by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/15662
- Fixed permission check on alarm comment edit by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/15715
- Hardened device credentials validation by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/15550
- Fixed transport tenant-profile lock convoy under cold-cache reconnect storm by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15744
- Added help pages for html container by @pinkevmladchy in https://github.com/thingsboard/thingsboard/pull/15767
- Fixed Switch Control widget hanging on one-way persistent RPC by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15711
- Fixed no widgets shown in mobile view after state transition from divided layout by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15710
- Fixed change Password button stays disabled when form is filled programmatically by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15701
- Fixed sync highlight overlay scroll on Safari in string-pattern-autocomplete by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15754
- Fixed Advanced Widget Style Editor rendering by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15803
- Fixed dashboard logo stretch at full width by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15800
- Fixed "Confirm exit" dialog appearing when the form was not changed by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15764
- Added handler for WebGL unavailability in map widget by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15640
- Fixed edge event loss for kafka edges during sync by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/15756
Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.3.1.2...v4.3.1.3
ThingsBoard 4.2.2.3 Release
- Fixed CVE-2026-44705 and CVE-2026-46625 by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15721
- Fixed CVE-2026-45799 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15757
- Fixed CVE-2026-44249, CVE-2026-44250, CVE-2026-44890, CVE-2026-44893, CVE-2026-45292, CVE-2026-45416, CVE-2026-45674, CVE-2026-46340, CVE-2026-47691, CVE-2026-48006, CVE-2026-48059, CVE-2026-50010, CVE-2026-50011 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15795
- Fixed CVE-2026-44705, CVE-2026-50171, CVE-2026-50170, CVE-2026-54267, CVE-2026-54266, CVE-2026-54290, CVE-2026-48779, CVE-2026-54268, CWE-426, CWE-494, CVE-2026-53571, CVE-2026-12143, CVE-2026-9277 by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15799
- Integration with IoT Hub by @ikulikov in https://github.com/thingsboard/thingsboard/pull/15193
- AI models: structured output support for more providers; fix Vertex AI location routing by @dskarzh in https://github.com/thingsboard/thingsboard/pull/15728
- Prevented integer overflow in calculated field SUM output by @volodymyr-babak in https://github.com/thingsboard/thingsboard/pull/15620
- Fixed queue prefix not applied in some cases causing orphaned topics by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/15666
- Fixed RPC call request rule node returning null body by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/15662
- Fixed permission check on alarm comment edit by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/15715
- Hardened device credentials validation by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/15550
- Fixed transport tenant-profile lock convoy under cold-cache reconnect storm by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15744
- Added help pages for html container by @pinkevmladchy in https://github.com/thingsboard/thingsboard/pull/15767
- Fixed Switch Control widget hanging on one-way persistent RPC by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15711
- Fixed no widgets shown in mobile view after state transition from divided layout by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15710
- Fixed change Password button stays disabled when form is filled programmatically by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15701
- Fixed Advanced Widget Style Editor rendering by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15803
- Fixed dashboard logo stretch at full width by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15800
- Added handler for WebGL unavailability in map widget by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15640
- Fixed edge event loss for kafka edges during sync by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/15756
Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.2.2.2...v4.2.2.3
v1.48.3 🫎
-
Fix a rare S3 snapshots bug by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6472
We fixed a rare bug that could appear when using the S3 snapshot system. The bug is a race condition that occurs when we try to recycle internal buffers to reduce memory usage, which can cause an internal error and abort the snapshot upload.
-
Avoid remote search to return the same document twice by @ManyTheFish in https://github.com/meilisearch/meilisearch/pull/6473
When using the remote federated search, Meilisearch was returning the same document twice from different machines. This was due to an internal filter that was not forwarded properly to the remote instances.
- Add missing searchFilterParam to GET chat workspace settings response by @CaroFG in https://github.com/meilisearch/meilisearch/pull/6475
- Split unit tests into separate files (one commit per file) by @0xfandom in https://github.com/meilisearch/meilisearch/pull/6468
- Add missing information from pre-openAPI-migration by @curquiza in https://github.com/meilisearch/meilisearch/pull/6467
Thanks to @0xfandom, who made his first contribution in https://github.com/meilisearch/meilisearch/pull/6468 🎉
Full Changelog: https://github.com/meilisearch/meilisearch/compare/v1.48.2...v1.48.3