nginx-1.29.6 mainline version has been released, featuring sticky sessions support for upstreams.

See official CHANGES on nginx.org.

Below is a release summary generated by GitHub.

• Version bump. by @arut in https://github.com/nginx/nginx/pull/1120
• Proxy: fixed HTTP/2 upstream with caching enabled. by @hongzhidao in https://github.com/nginx/nginx/pull/1119
• Fixed separator in parsing header lines with multiple values. by @VadimZhestikov in https://github.com/nginx/nginx/pull/1056
• SCGI: fixed passing CONTENT_LENGTH in unbuffered mode. by @pluknet in https://github.com/nginx/nginx/pull/1118
• Mp4: validate sync sample values in stss atom. by @CodeByMoriarty in https://github.com/nginx/nginx/pull/1147
• Resolver: fixed off-by-one read in ngx_resolver_copy(). by @arut in https://github.com/nginx/nginx/pull/1152
• QUIC Stateless Reset improvements by @pluknet in https://github.com/nginx/nginx/pull/1151
• QUIC: fixed bpf compilation with newer Linux kernels. by @arut in https://github.com/nginx/nginx/pull/215
• Updating welcome page with links and more details. by @buulam in https://github.com/nginx/nginx/pull/1138
• QUIC: worker-bound stateless reset tokens. by @arut in https://github.com/nginx/nginx/pull/1159
• QUIC: handle compat keylog callback errors by @lukefr09 in https://github.com/nginx/nginx/pull/1155
• Added an option to skip the F5 CLA workflow. by @alessfg in https://github.com/nginx/nginx/pull/1153
• IMAP bugfixes. by @pluknet in https://github.com/nginx/nginx/pull/1161
• Upstream: added sticky sessions support for upstreams. by @bavshin-f5 in https://github.com/nginx/nginx/pull/1167
• nginx-1.29.6 changes by @pluknet in https://github.com/nginx/nginx/pull/1177

• @VadimZhestikov made their first contribution in https://github.com/nginx/nginx/pull/1056
• @CodeByMoriarty made their first contribution in https://github.com/nginx/nginx/pull/1147
• @buulam made their first contribution in https://github.com/nginx/nginx/pull/1138
• @lukefr09 made their first contribution in https://github.com/nginx/nginx/pull/1155

Full Changelog: https://github.com/nginx/nginx/compare/release-1.29.5...release-1.29.6

OpenSSL 4.0.0-alpha1 is a feature release adding significant new functionality to OpenSSL.

This release incorporates the following potentially significant or incompatible changes:

• Removed extra leading '00:' when printing key data such as an RSA modulus in hexadecimal format where the first (most significant) byte is >= 0x80.

• Standardized the width of hexadecimal dumps to 24 bytes for signatures (to stay within the 80 characters limit) and 16 bytes for everything else.

• Lower bounds checks are now enforced when using PKCS5_PBKDF2_HMAC API with FIPS provider.

• Added AKID verification checks when X509_V_FLAG_X509_STRICT is set.

• Augmented CRL verification process with several additional checks.

• libcrypto no longer cleans up globally allocated data via atexit().

• OPENSSL_cleanup() now runs in a global destructor, or not at all by default.

• ASN1_STRING has been made opaque.

• Signatures of numerous API functions, including those that are related to X509 processing, are changed to include const qualifiers for argument and return types, where suitable.

• Deprecated X509_cmp_time(), X509_cmp_current_time(), and X509_cmp_timeframe() in favor of X509_check_certificate_times().

• Removed support for the SSLv2 Client Hello.

• Removed support for SSLv3. SSLv3 has been deprecated since 2015, and OpenSSL had it disabled by default since version 1.1.0 (2016).

• Removed support for engines. The no-engine build option and the OPENSSL_NO_ENGINE macro are always present.

• Support of deprecated elliptic curves in TLS according to RFC 8422 was disabled at compile-time by default. To enable it, use the enable-tls-deprecated-ec configuration option.

• Removed c_rehash script tool. Use openssl rehash instead.

• Removed the deprecated msie-hack option from the openssl ca command.

• Removed BIO_f_reliable() implementation without replacement. It was broken since 3.0 release without any complaints.

• Removed deprecated functions ERR_get_state(), ERR_remove_state() and ERR_remove_thread_state(). The ERR_STATE object is now always opaque.

• Dropped darwin-i386{,-cc} and darwin-ppc{,64}{,-cc} targets from Configurations.

This release adds the following new features:

• Support for Encrypted Client Hello (ECH, RFC 9849). See doc/designs/ech-api.md for details.

• Support for RFC 8998, signature algorithm sm2sig_sm3, key exchange group curveSM2, and [tls-hybrid-sm2-mlkem] post-quantum group curveSM2MLKEM768.

• cSHAKE function support as per SP 800-185.

• "ML-DSA-MU" digest algorithm support.

• Support for SNMP KDF and SRTP KDF.

• FIPS self tests can now be deferred and run as needed when installing the FIPS module with the -defer_tests option of the openssl fipsinstall command.

• Support for using either static or dynamic VC runtime linkage on Windows.

• Support for negotiated FFDHE key exchange in TLS 1.2 in accordance with RFC 7919.

• Heml Charts

  • Add before-hook-creation delete policy to bucket-hook Job by @screspod in https://github.com/seaweedfs/seaweedfs/pull/8519
  • Fix YAML parse error in post-install-bucket-hook template by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8523
  • Update helm for support on OpenShift to have data replication and replicas for master,filer and volume by @Surote in https://github.com/seaweedfs/seaweedfs/pull/8543
  • helm: add s3.tlsSecret for custom S3 HTTPS certificate by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8582

• Admin UI and Worker

  • admin: remove Alpha badge and unused Metrics/Logs menu items by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8525
  • plugin worker: support job type categories (all, default, heavy) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8547
  • admin: fix mobile sidebar menu inaccessible in portrait mode by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8556
  • admin: expose per-job-type detection interval in plugin UI by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8552
  • admin: remove Scheduler Settings cards from plugin UI by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8558
  • fix: volume balance detection returns multiple tasks per run by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8559
  • admin: fix access key creation UX by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8579
  • admin/balance: fix Max Volumes display and balancer source selection by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8583
  • fix: paginate bucket listing in Admin UI to show all buckets by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8585
  • Batch volume balance: run multiple moves per job by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8561

• S3 API

  • s3api: add IAM policy fallback authorization tests by @SrikanthBhandary in https://github.com/seaweedfs/seaweedfs/pull/8518
  • s3api: cache parsed IAM policy engines for fallback auth by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8526
  • s3api: fix static IAM policy enforcement after reload by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8532
  • Places the CommonResponse struct at the end of all IAM responses. by @asegs in https://github.com/seaweedfs/seaweedfs/pull/8537
  • s3/iam: reuse one request id per request by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8538
  • s3: use url.PathUnescape for X-Amz-Copy-Source header by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8545

• S3 Table Bucket

  • Add iceberg_maintenance plugin worker handler (Phase 1) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8501
  • fix: ListObjectVersions interleave Version and DeleteMarker in sort order by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8567
  • iam: add IAM group management by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8560

• Volume Server

  • ec: fall back to data dir when ecx file not found in idx dir by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8541

• FUSE Mount

  • mount: make metadata cache rebuilds snapshot-consistent by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8531

• Misc

  • ci: build _full and _large_disk_full images for arm64 by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8548
  • weed/server: fix dropped error by @alrs in https://github.com/seaweedfs/seaweedfs/pull/8584

• Filer Sync

  • filer.sync: add exponential backoff on unexpected EOF during replication by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8557

• Master

  • master: return 503/Unavailable during topology warmup after leader change by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8529

• @screspod made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/8519
• @SrikanthBhandary made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/8518
• @asegs made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/8537

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.15...4.16

• Heml Charts

  • Add before-hook-creation delete policy to bucket-hook Job by @screspod in https://github.com/seaweedfs/seaweedfs/pull/8519
  • Fix YAML parse error in post-install-bucket-hook template by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8523
  • Update helm for support on OpenShift to have data replication and replicas for master,filer and volume by @Surote in https://github.com/seaweedfs/seaweedfs/pull/8543
  • helm: add s3.tlsSecret for custom S3 HTTPS certificate by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8582

• Admin UI and Worker

  • admin: remove Alpha badge and unused Metrics/Logs menu items by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8525
  • plugin worker: support job type categories (all, default, heavy) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8547
  • admin: fix mobile sidebar menu inaccessible in portrait mode by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8556
  • admin: expose per-job-type detection interval in plugin UI by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8552
  • admin: remove Scheduler Settings cards from plugin UI by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8558
  • fix: volume balance detection returns multiple tasks per run by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8559
  • admin: fix access key creation UX by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8579
  • admin/balance: fix Max Volumes display and balancer source selection by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8583
  • fix: paginate bucket listing in Admin UI to show all buckets by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8585
  • Batch volume balance: run multiple moves per job by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8561

• S3 API

  • s3api: add IAM policy fallback authorization tests by @SrikanthBhandary in https://github.com/seaweedfs/seaweedfs/pull/8518
  • s3api: cache parsed IAM policy engines for fallback auth by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8526
  • s3api: fix static IAM policy enforcement after reload by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8532
  • Places the CommonResponse struct at the end of all IAM responses. by @asegs in https://github.com/seaweedfs/seaweedfs/pull/8537
  • s3/iam: reuse one request id per request by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8538
  • s3: use url.PathUnescape for X-Amz-Copy-Source header by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8545

• S3 Table Bucket

  • Add iceberg_maintenance plugin worker handler (Phase 1) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8501
  • fix: ListObjectVersions interleave Version and DeleteMarker in sort order by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8567
  • iam: add IAM group management by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8560

• Volume Server

  • ec: fall back to data dir when ecx file not found in idx dir by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8541

• FUSE Mount

  • mount: make metadata cache rebuilds snapshot-consistent by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8531

• Misc

  • ci: build _full and _large_disk_full images for arm64 by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8548
  • weed/server: fix dropped error by @alrs in https://github.com/seaweedfs/seaweedfs/pull/8584

• Filer Sync

  • filer.sync: add exponential backoff on unexpected EOF during replication by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8557

• Master

  • master: return 503/Unavailable during topology warmup after leader change by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8529

• @screspod made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/8519
• @SrikanthBhandary made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/8518
• @asegs made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/8537

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.15...4.16

• PR #17961 makes the strict environment variable handling the default! In case you need the old behavior you can opt-out using the --non-strict-env-handling flag.

• #18183 inputs.sip Add plugin
• #18223 outputs.influxdb_v3 Add plugin

• #18086 agent Optimise disk buffer strategy
• #18232 common.opcua Add string configuration option for node ID
• #18411 common.opcua Add support for datetime arrays
• #18181 inputs.docker Implement startup error behavior options
• #18425 inputs.gnmi Allow to emit delete metrics
• #18466 inputs.mqtt_consumer Add option for maximum reconnect interval
• #18063 inputs.mysql Add replication latency fields
• #18117 inputs.mysql Add wsrep provider options fields
• #18272 inputs.mysql Support encryption algorithm statistics if present
• #18134 inputs.nftables Monitor set element counts
• #18246 inputs.nftables Support named counters
• #18259 inputs.statsd Add support for Datadog service checks
• #18393 outputs.health Add option for setting default status
• #18415 outputs.heartbeat Add logging information
• #17577 outputs.heartbeat Add status evaluation
• #18305 outputs.influxdb_v2 Add trace logging for write request timing
• #18422 outputs.mongodb Allow writing metrics in batches
• #17997 outputs.opentelemetry Support http protocol
• #18337 outputs.redistimeseries Add option to expire values
• #18339 outputs.stackdriver Add credentials file support for stackdriver output plugin
• #18341 prometheus Add UTF-8 metric and label name sanitization

• #18429 common.opcua Use configured timestamp format for datetime arrays
• #18381 inputs.fibaro Handle numeric value2 field from HC3 devices
• #18424 inputs.http Close gzip request body on early failures
• #18412 inputs.internet_speed Fix server_id_include filter logic
• #18452 inputs.mqtt_consumer Rely on paho auto-reconnect to restore message flow after network disruption
• #18392 inputs.opcua_listener Prevent panic on events with empty fields
• #18387 inputs.smart Include NVMe SMART data in smart_device measurement
• #18416 outputs.influxdb Prevent goroutine leak on gzip write failure
• #18418 outputs.opentelemetry Prevent goroutine leak on gzip write failure

• #18436 deps Bump cloud.google.com/go/bigquery from 1.73.1 to 1.74.0
• #18444 deps Bump github.com/IBM/sarama from 1.46.3 to 1.47.0
• #18449 deps Bump github.com/SAP/go-hdb from 1.15.0 to 1.15.1
• #18398 deps Bump github.com/antchfx/xpath from 1.3.5 to 1.3.6
• #18442 deps Bump github.com/aws/smithy-go from 1.24.1 to 1.24.2
• #18400 deps Bump github.com/hashicorp/consul/api from 1.33.2 to 1.33.3
• #18438 deps Bump github.com/hashicorp/consul/api from 1.33.3 to 1.33.4
• #18446 deps Bump github.com/lxc/incus/v6 from 6.21.0 to 6.22.0
• #18441 deps Bump github.com/microsoft/go-mssqldb from 1.9.6 to 1.9.8
• #18404 deps Bump github.com/nats-io/nats.go from 1.48.0 to 1.49.0
• #18439 deps Bump github.com/prometheus/procfs from 0.19.2 to 0.20.1
• #18440 deps Bump github.com/shirou/gopsutil/v4 from 4.26.1 to 4.26.2
• #18402 deps Bump github.com/vmware/govmomi from 0.52.0 to 0.53.0
• #18399 deps Bump go.step.sm/crypto from 0.76.0 to 0.76.2
• #18450 deps Bump golang.org/x/net from 0.50.0 to 0.51.0
• #18437 deps Bump google.golang.org/api from 0.266.0 to 0.269.0
• #18448 deps Bump k8s.io/api from 0.35.1 to 0.35.2
• #18447 deps Bump k8s.io/apimachinery from 0.35.1 to 0.35.2
• #18443 deps Bump k8s.io/client-go from 0.35.1 to 0.35.2
• #18403 deps Bump modernc.org/sqlite from 1.45.0 to 1.46.1
• #18397 deps Bump the aws-sdk-go-v2 group with 11 updates
• #18435 deps Bump the aws-sdk-go-v2 group with 2 updates
• #18396 deps Bump tj-actions/changed-files from 47.0.2 to 47.0.4

Arch	Platform	Package	SHA256
arm64	CentOS	telegraf-1.38.0-1.aarch64.rpm	e91286dccf858f849946c0a9eaa2115e16a0795c3fc2eae9eb16d42603d46f68
armel	CentOS	telegraf-1.38.0-1.armel.rpm	49b487c04e76015926321429c80d25af2e104634a62e6390aeedcae1f731f4bd
armv6hl	CentOS	telegraf-1.38.0-1.armv6hl.rpm	20cd2ab12965fbc71d7d30ed7379d30b013267e681d942a2229efa4d2754b85f
i386	CentOS	telegraf-1.38.0-1.i386.rpm	0c7e00541cb77ff571a8b72df820fb8f4221f5afbd54a327a3ccc293997ab919
unknown	CentOS	telegraf-1.38.0-1.loongarch64.rpm	8a1d07f632e5e03035cac5c00b9360a3bd27ed964f5bb3a1cb74884ebd5e7237
ppc64le	CentOS	telegraf-1.38.0-1.ppc64le.rpm	64c678190d487feca6b30397834c4e79922b691a50b4115581556d65e475f884
riscv64	CentOS	telegraf-1.38.0-1.riscv64.rpm	d9f9f7bc33843149ab58127cc665a0c74ddb225a9ccdcb0955fb7e4a8516bd03
s390x	CentOS	telegraf-1.38.0-1.s390x.rpm	b9c0205710b6d6c58b5569ddb6d3f5f7fe7ad49ed8ecbfa7e4e8cb2cc00ce717
amd64	CentOS	telegraf-1.38.0-1.x86_64.rpm	ca0039cd6db891436e5d58a100d4fe5061f7d343e98426f83de6eb383ac254cb
amd64	macOS	telegraf-1.38.0_darwin_amd64.dmg	ecad3fdcba2a1f7a416b007bb29d5dca6f959b28008385be6a8b481abac9b08f
amd64	macOS	telegraf-1.38.0_darwin_amd64.tar.gz	0c4da188076ca6599e8ca0c9e9882c3437783b9d53888bedb3d128164b5ebfcb
arm64	macOS	telegraf-1.38.0_darwin_arm64.dmg	d144a2390df2a975ee9a05c827137c59a9c24a088e14e8f61a6a50bfaee5f657
arm64	macOS	telegraf-1.38.0_darwin_arm64.tar.gz	55c2866013585003b1e66645fb4e3074f2db35d37d1b78d99e3cf5ac770e24a7
amd64	FreeBSD	telegraf-1.38.0_freebsd_amd64.tar.gz	7a93187b09465d5a3c63dce4cd809639aa772e3b7f5c8676fcddafec0c84cab0
armv7	FreeBSD	telegraf-1.38.0_freebsd_armv7.tar.gz	c0e62dac7ed98dc5156ae2265460d170d3ecaaf147325dd70ed8d4c927a9fdbb
i386	FreeBSD	telegraf-1.38.0_freebsd_i386.tar.gz	73d3026ff220e1b6055d402bfe4a541317c2be4fd91d47c4efe4cab123c9b350
amd64	Linux	telegraf-1.38.0_linux_amd64.tar.gz	57e6d733de44335127c06d9d9099c9dee7307beff992783438ce38b9ba1b8e5e
arm64	Linux	telegraf-1.38.0_linux_arm64.tar.gz	d42aa06b113f15fdc14775a2d1971e31a0adb82a6e0da28e40a17e819ddaeb06
armel	Linux	telegraf-1.38.0_linux_armel.tar.gz	6795ebd9b9bb1cb532af078148e990823ab7ea24d159bedacdeea541c6fb272c
armhf	Linux	telegraf-1.38.0_linux_armhf.tar.gz	583a08ed1d90c0175f2e678d1f76537c80ae8f09c5d7f7432677873ff2146848
i386	Linux	telegraf-1.38.0_linux_i386.tar.gz	0a15f68d2cdcb3bcfd3a6bf6bb42d5842313915576486ccc9405ccb8f858c2f9
loong64	Linux	telegraf-1.38.0_linux_loong64.tar.gz	68ac9b1828830a58e19aeb8434e49f5d0c67659a0fbbe1fe78006dcf836e6082
mips	Linux	telegraf-1.38.0_linux_mips.tar.gz	d0ef72aa304498fc01a940c93bffa176eb4f307c3d9cd45a8cfc1201af20e451
mipsel	Linux	telegraf-1.38.0_linux_mipsel.tar.gz	5ae1377725f996437c780cc6e0e356b6c51638c7c9ae46fd0d50a13f0691a7e7
ppc64le	Linux	telegraf-1.38.0_linux_ppc64le.tar.gz	2a0fcc85002fb0aa8b297a2f302541e91a1e47d0435dc88a041617632d0a6e5e
riscv64	Linux	telegraf-1.38.0_linux_riscv64.tar.gz	5a7ecb61ba8203bf6096bd8bafff22816bdb5e98541324fd3871a7d32a9d5729
s390x	Linux	telegraf-1.38.0_linux_s390x.tar.gz	51c3aeb926e8af4691de80bbde654d81fc7c66b8d80f2358ec435789e173d7db
amd64	Windows	telegraf-1.38.0_windows_amd64.zip	93fb6f81d576775b8fa4371aeb5728fd360f97ee0c54ffb035fcde3c82c25020
arm64	Windows	telegraf-1.38.0_windows_arm64.zip	57ad4ceaf10f39a6fa1810d321f69d4ddf4536bf021beb7f43c188e0eb5355d0
i386	Windows	telegraf-1.38.0_windows_i386.zip	baf4cbbbad8ff390ef010b9a32c185d01020d8187aa971fa3093130174a6eb08
amd64	Debian	telegraf_1.38.0-1_amd64.deb	5592d60959811a217915f1a3f8a610441af039e8cc79dccd5238abbd72e31dab
arm64	Debian	telegraf_1.38.0-1_arm64.deb	3fcd10a26ce8ce471ac31c70c29e0e10299f121a46f7d8466a79da808a5f1b39
armel	Debian	telegraf_1.38.0-1_armel.deb	9d4090a691bf41cf3199bb11a700f1280b3f43a47038a24e1a3432fbe7d822fd
armhf	Debian	telegraf_1.38.0-1_armhf.deb	d674202858e6a5cfb4f7bf400781f589751d9df87f4785f3d6b31868e5c18664
i386	Debian	telegraf_1.38.0-1_i386.deb	57a6a8434a38912ccc25cfe40f12519d58811ba51e8a1fad60bb45f571373d63
loong64	Debian	telegraf_1.38.0-1_loong64.deb	93ce06935d48833bc83a406a38ea5bf53e9f0113efe3e51e10f67c4485de52f9
mips	Debian	telegraf_1.38.0-1_mips.deb	0aead1037e0fdf3083e1aaadb9abe7b1aad946404311aa9d6e07ba3cb5a1a291
mipsel	Debian	telegraf_1.38.0-1_mipsel.deb	7999c58f5176c801d47824b8341be9db965f2bc1d79d33c741854cbdba3aa8de
ppc64el	Debian	telegraf_1.38.0-1_ppc64el.deb	2e875e6038dd4ce9bf81ee086280cad9b56de67c4020e38efdebc40152c79c00
riscv64	Debian	telegraf_1.38.0-1_riscv64.deb	86ffd3376991a54b0ac8adbe5fb9d1aa354bf4b02208778316d52452d252223d
s390x	Debian	telegraf_1.38.0-1_s390x.deb	54733c72faf6237b83da95d1954fe979e36566548bcf535b27961cb76315d18f

Download page What's new highlights

• Go: Update to 1.25.8 #119694, @macabu
• Rendering: Add support for custom CA certs in Image Renderer #118910, @mrevutskyi

• Dashboards: Fix start parameter in list versions API for K8s backend #119397, @MissingRoberto

Download page What's new highlights

• AccessControl: Invalidate scope resolver cache on datasource deletion #118741, @mihai-turdean
• Go: Update to 1.25.8 #119693, @macabu
• Rendering: Add support for custom CA certs in Image Renderer #118859, @mrevutskyi

• AccessControl: Fix test utility for datasource deletion permissions cleanup (Enterprise)
• Alerting: Change scope for testing new receivers to use supported resource type. #118495, @yuri-tceretian
• Alerting: Fix CollateAlertRuleGroup migration for MariaDB compatibility #119028, @alexander-akhmetov

Download page What's new highlights

• Go: Update to 1.25.8 #119696, @macabu
• Rendering: Add support for custom CA certs in Image Renderer #118911, @mrevutskyi

• Dashboards: Fix start parameter in list versions API for K8s backend #119398, @MissingRoberto

• Fixed CVE-2026-24734 and CVE-2025-66614 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15076
• Fixed CVE-2025-7783, CVE-2026-26996 and CVE-2026-26960 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15079
• Fixed CVE-2026-27903 and CVE-2026-27904 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15109
• Added SSRF protection (must be enabled with SSRF_PROTECTION_ENABLED env) by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15123
• Fixed CWE-770 in Jackson Core (GHSA-72hv-8253-57qq) by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15124
• Fixed CVE-2026-27970 and CVE-2026-2391 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15128
• Fixed CVE-2026-2781, CVE-2026-25646, CVE-2026-21945 and CVE-2026-21932 for Docker images by @ViacheslavKlimov and @smatvienko-tb

• Angular 20 migration by @ikulikov in https://github.com/thingsboard/thingsboard/pull/14944

• Fixed getTimeseries API (/{entityType}/{entityId}/values/timeseries) by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/15054
• Added Cassandra result set byte-size limit by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15058
• Fixed TBEL script execution failures on repeated runs by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15078
• Fixed blocking JPA queries on access-validator single thread by @dskarzh in https://github.com/thingsboard/thingsboard/pull/15101
• Fixed preservation of rule node execution counter in delay and deduplication nodes by @dskarzh in https://github.com/thingsboard/thingsboard/pull/15100
• Improved Apple OAuth2 mapper and refactored OAuth2 client validation by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15120
• Fixed infinite loop when rule chain input node forwards to its own rule chain by @smatvienko-tb in https://github.com/thingsboard/thingsboard/pull/15102
• Made max WS message size configurable by @DmytroKhylko in https://github.com/thingsboard/thingsboard/pull/15116

• Fixed Redirect Url encoding by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14985
• Fixed loading and placement of Material icons by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14959
• Fixed Popover placement for Marker, Polygon and Circle overlay config by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14978
• Fixed adaptive in mail server configuration by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15018
• Fixed Range and Bar chart limits setup by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14964
• Fixed RGBA and HSLA inputs in color picker by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15031
• Fixed Entity key autocomplete change check by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15080
• Fixed a race condition causing the toast component by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15071
• Fixed a race condition when init image map by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15097
• Fixed default timewindow config in widget editor page by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15108
• Removed pattern validation from name field on CF by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15142
• Updated Ukrainian locale by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15096
• Extend modules map: moment-timezone, canvas-gauges and ngx-hm-carousel added by @ChantsovaEkaterina in https://github.com/thingsboard/thingsboard/pull/15130

• Fixed Sparkplug BIRTH message validation for metrics with empty string values by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14760

• Event-sourced propagation for admin settings by @volodymyr-babak in https://github.com/thingsboard/thingsboard/pull/15050

Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.3.0.1...v4.3.1

Download page What's new highlights

• Go: Update to 1.25.8 #119701, @macabu
• Rendering: Add support for custom CA certs in Image Renderer #118912, @mrevutskyi