• feat(obs): improve metrics coverage and dashboard performance by @houseme in https://github.com/rustfs/rustfs/pull/2682
• chore(deps): update flake.lock by @houseme in https://github.com/rustfs/rustfs/pull/2683
• test(utils): cover disk-check env alias precedence by @overtrue in https://github.com/rustfs/rustfs/pull/2684
• fix(admin): map IAM not found errors to 404 by @GatewayJ in https://github.com/rustfs/rustfs/pull/2685
• feat: add console-managed audit and notify module switches by @houseme in https://github.com/rustfs/rustfs/pull/2690
• perf(memory): add reclaim signals and cache controls by @houseme in https://github.com/rustfs/rustfs/pull/2689
• test(server): cover default module switch source by @overtrue in https://github.com/rustfs/rustfs/pull/2697
• build(deps): bump the dependencies group with 2 updates by @dependabot[bot] in https://github.com/rustfs/rustfs/pull/2694
• fix(replication): fan out single-bucket rules to all targets by @weisd in https://github.com/rustfs/rustfs/pull/2701
• fix(iam): propagate cache miss load failures by @GatewayJ in https://github.com/rustfs/rustfs/pull/2692
• fix(replication): prevent target state loss across buckets by @weisd in https://github.com/rustfs/rustfs/pull/2704
• fix(ilm): harden signer failures and guard remote tier delete storms by @houseme in https://github.com/rustfs/rustfs/pull/2706
• fix: honor bucket-scoped ListBucket policies with s3:prefix by @overtrue in https://github.com/rustfs/rustfs/pull/2707
• fix(ecstore): log walk failures in IAM listing path by @GatewayJ in https://github.com/rustfs/rustfs/pull/2705
• build(deps): bump the dependencies group with 2 updates by @houseme in https://github.com/rustfs/rustfs/pull/2709
• fix(iam): preserve portable IAM storage and derived auth by @weisd in https://github.com/rustfs/rustfs/pull/2713
• fix(storage): avoid faulting local drives on transient timeouts by @weisd in https://github.com/rustfs/rustfs/pull/2714
• fix(lifecycle): prevent eager date-expiry deletion on config update by @houseme in https://github.com/rustfs/rustfs/pull/2708
• fix(policy): allow AssumeRole in system policies by @cxymds in https://github.com/rustfs/rustfs/pull/2718
• fix(obs): disable profiling export by default and fix Helm env name by @houseme in https://github.com/rustfs/rustfs/pull/2719
• fix(webdav): decode URL-encoded filenames in path parsing by @giter in https://github.com/rustfs/rustfs/pull/2722
• fix(policy): preserve gateway ListBucket resources by @overtrue in https://github.com/rustfs/rustfs/pull/2710
• test(signer): cover header fallback helpers by @overtrue in https://github.com/rustfs/rustfs/pull/2711
• fix(window): Compatible with Windows Path by @reatang in https://github.com/rustfs/rustfs/pull/2691
• fix(helm): only render rollingUpdate when strategy type is RollingUpdate by @rafaelperoco in https://github.com/rustfs/rustfs/pull/2728
• chore: update version from alpha to beta by @majinghe in https://github.com/rustfs/rustfs/pull/2720
• test(get): reject range with part number by @RamakrishnaChilaka in https://github.com/rustfs/rustfs/pull/2725

• @giter made their first contribution in https://github.com/rustfs/rustfs/pull/2722
• @rafaelperoco made their first contribution in https://github.com/rustfs/rustfs/pull/2728

Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-alpha.99...v1.0.0-beta.1

This release contains bug fixes since the 2.26.3 release. We recommend that you upgrade at the next available opportunity.

Bugfixes

• #9360 Sanitize DT_NOBEGIN next_start to recover jobs stuck after primary failover
• #9515 Fix now() constification for continuous aggregate queries
• #9550 Fix out of memory when propagating ALTER TABLE to many chunks
• #9605 Fix InstrStartNode called twice in a row
• #9607 Fix use-after-free of PlaceHolderVar.phrels in cached ChunkAppend plans
• #9612 Fix PlaceHolderVar error in runtime chunk exclusion
• #9614 Remove stale hypertable entries during upgrade
• #9615 Fix segfault with transition tables after column drop
• #9616 Use DROP CASCADE for trigger removal
• #9623 Error when querying compressed chunks under Apache license
• #9625 Make timescaledb_post_restore() reliably restart background workers in a single call
• #9639 Fix lost orderby sparse index
• #9646 Replace ERRCODE_INTERNAL_ERROR on user-reachable error paths
• #9652 Add Error on missing custom job function in ts_bgw_job_get_funci
• #9655 Fix data corruption when merging chunks with different compression settings
• #9654 Fix sort_transform crash with hypertable on nullable side of outer join
• #9656 Fix concurrent merge of compressed chunks dropping the new heap
• #9641 Fix COPY path with transition tables after column drop
• #9660 Fix incremental continuous aggregate refresh so that extend_last_bucket only applies to the boundary batch
• #9674 Fix segmentby crash in cagg invalidation tracking

Thanks

• @GetsuDer and @WeiJie-JL for reporting an error with timescaledb and extensions using Explain
• @igor2x for reporting a problem when trying to query compressed data with the Apache license
• @ivaaaan for reporting an issue with constraint pushdown in continuous aggregate queries
• @patstrom for reporting a segfault with transition table triggers after dropping a column
• @patstrom for reporting an out-of-memory error when dropping constraints
• @pcayen for reporting an issue with GROUP BY ROLLUP on views over hypertables

Upgrade urgency LOW: This is the second release candidate of Valkey 9.1.0.

• Revert strict TLS certificate validation at config load as it is a breaking change, deferred to next major version (#3572)

• Do the failover immediately if the replica is the best ranked replica by @enjoy-binbin (#2227)
• Add cluster-config-save-behavior option to control nodes.conf save behavior by @enjoy-binbin (#3372)
• Lua scripting engine is now statically linked by default instead of dynamically linked by @eifrah-aws (#3392)
• Module command result callback addition by @martinrvisser (#2936)

• Redesign IO threading communication model with lock-free queues (8-17% throughput gain) by @akashkgit (#3324)
• Increase embedded string threshold from 64 to 128 bytes (30% GET throughput gain) by @Nikhil-Manglore (#3397)
• ARM NEON SIMD optimization for pvFind() in vset.c (2-3x speedup) by @ahmadbelb (#3033)
• Optimize WATCH duplicate key check from O(N) to O(1) using per-db hashtable by @enjoy-binbin (#3360)
• Optimize CLUSTERSCAN MATCH so that it uses a specific slot if given by @nmvk (#3380)
• Improve COB memory tracking with copy avoidance by @dvkashapov (#3306)

• Fix valkey-cli --cluster del-node for unreachable nodes by @yang-z-o (#3209)
• Enhance cluster stale packet detection to prevent sub-replica and empty primary by @zhijun42 (#2811)
• Big endian bitmap byte order mismatch fix by @nmvk (#3401)
• Fix slot-migration-max-failover-repl-bytes unable to accept -1 by @enjoy-binbin (#3443)
• Fix config rewrite producing negative values for unsigned memory configs by @enjoy-binbin (#3440)
• Fix HPERSIST RESP protocol violation on wrong-type key by @madolson (#3516)
• Fix lua-enable-insecure-api default value cannot be changed to yes by @enjoy-binbin (#3548)

Full Changelog: https://github.com/valkey-io/valkey/compare/9.1.0-rc1...9.1.0-rc2

Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.15.html

Downloads: https://elastic.co/downloads/beats Release notes: https://www.elastic.co/guide/en/beats/libbeat/8.19/release-notes-8.19.15.html

This is the third Milestone of Redis 8.8 in Redis Open Source.

Milestones are non-feature-complete pre-releases. Pre-releases are not suitable for production use.

Redis 8.8 introduces new features and performance improvements.

• Ubuntu 22.04 (Jammy Jellyfish), 24.04 (Noble Numbat), 26.04 (Resolute Raccoon)
• Rocky Linux 8.10, 9.7, 10.1
• AlmaLinux 8.10, 9.7, 10.1
• Debian 12.13 (Bookworm), Debian 13.4 (Trixie)
• Alpine 3.23
• macOS 14.8.4 (Sonoma), 15.7.4 (Sequoia), 26.3 (Tahoe) - for both Intel and ARM

• #14958 Subkey notification for hash fields - field-level notifications
• RediSearch/RediSearch#8227 FT.HYBRID KNN clause: new argument to request fewer candidates per shard
• RediSearch/RediSearch#8060 FT.PROFILE HYBRID: profiling support for FT.HYBRID

• #15034, #15081 Issues processing corrupt RDB data
• #15059 Use-after-free
• #15073 CLIENT TRACKING: self-overlap returning non-zero loop index
• #14982 SCAN commands: integer overflow in COUNT parameter
• #14956 Crash on HSETEX when a field appears more than once and an expiry is specified
• #15015 Change log level for unknown extension types from LL_WARNING to LL_VERBOSE
• #14995 Unnecessary -ERR and \r\n
• RediSearch/RediSearch#8708 Crash when many keys receive expirations under heavy TTL activity
• RediSearch/RediSearch#8774 Coordinator deadlock under mixed FT.SEARCH and FT.AGGREGATE load
• RediSearch/RediSearch#8415 Crash on FT.SEARCH when topology validation fails (for example, some nodes unreachable)
• RediSearch/RediSearch#8322 Crash when indexing negative zero (-0.0)
• RediSearch/RediSearch#8843 HNSW vector index memory growth under high-churn workloads until shard restart
• RediSearch/RediSearch#8396 FILTER returns inconsistent results with multiple indexes sharing field aliases
• RediSearch/RediSearch#8205 FT.HYBRID VSIM RANGE + FILTER incorrectly returns zero results
• RediSearch/RediSearch#8817 Instability and crashes in long-running search cursors during concurrent index updates
• RediSearch/RediSearch#8388 FT.SEARCH fails with “Query requires unavailable slots” after shard restart or failover
• RediSearch/RediSearch#8548 FILTER behavior depends on property order in the expression
• RediSearch/RediSearch#8320 Index FILTER applied inconsistently when documents are missing filtered fields
• RediSearch/RediSearch#8752 Missing blocked-client FAIL timeout mechanism for coordinator-level FT.AGGREGATE
• RediSearch/RediSearch#8657 Missing shard-level FAIL timeout handling for FT.HYBRID queries
• RediSearch/RediSearch#8420 Missing coordinator-level FAIL timeout handling for FT.HYBRID queries
• RediSearch/RediSearch#8335 Legacy shard-level FAIL handling for FT.SEARCH / FT.AGGREGATE
• RediSearch/RediSearch#8191 FT.SEARCH coordinator lacks strict FAIL timeout enforcement

• #15114 Optimize SET key value GET
• #15065, #15118 Scan commands key collection: replace list with append-only pointer vector
• #15061 Widen fast_float_strtod fast path to 17-19 digit mantissas
• RediSearch/RediSearch#8378 Optimize filter expression evaluation: skip indexes not matching the document type (MOD-14064)

• RediSearch/RediSearch#8246 ‘frontend_buffer_size’, ‘HNSW_main_thread_insertion’: metrics for tiered vector indexes (MOD-13819)
• RediSearch/RediSearch#8210 FT.PROFILE: added queue time tracking (MOD-13602)
• RediSearch/RediSearch#8283 INFO: Skip metrics when there are no indices (MOD-13903)
• RediSearch/RediSearch#7417 Add unique error message ids for improved debugging and troubleshooting (MOD-11806)

• RediSearch/RediSearch#8876 ‘search-workers’: change default to 16 (MOD-14486)
• RediSearch/RediSearch#8352 BG_INDEX_SLEEP_DURATION_US: sleep duration during background indexing (MOD-13994)

• Remove decoded path in HttpRequestMessageImpl by @fool1280 in https://github.com/Netflix/zuul/pull/2115

Full Changelog: https://github.com/Netflix/zuul/compare/v3.6.1...v3.6.2

This release fixes mutiple security issues.

We would like to thank the following people for the responsible disclosures:

• Shadowbyte (4c1dr3aper) - Charlie Lewis for the Remote-Read snappy decode vulnerability.

• Brett Gervasoni for the AzureAD OAuth client_secret vulnerability.

• @iiihaiii and @Ngocnn97 for the Old UI XSS vulnerability.

• [SECURITY] AzureAD remote write: Fix OAuth client_secret being exposed in plaintext via /-/config endpoint. GHSA-wg65-39gg-5wfj / CVE-2026-42151 #18590

• [SECURITY] Remote-read: Reject snappy-compressed requests whose declared decoded length exceeds the decode limit. GHSA-8rm2-7qqf-34qm / CVE-2026-42154 #18584

• [SECURITY] UI: Fix stored XSS via unescaped le label values in old UI heatmap chart tick labels. GHSA-fw8g-cg8f-9j28 #18588