• Do not panic when doing a dumpless upgrade on empty indexes with configured embeddings by @Kerollmops in https://github.com/meilisearch/meilisearch/pull/6102

Full Changelog: https://github.com/meilisearch/meilisearch/compare/v1.32.1...v1.32.2

For new features, improvements, and bug fixes released in v8.5.5 for TiDB, see TiDB v8.5.5 release notes.

See the difference from the issue perspective:

QuestDB 9.3.1 follows the major 9.3.0 release, focusing on stability, correctness, and performance refinements based on early feedback and production usage.

This release delivers important fixes across joins, views, and checkpointing, alongside continued performance improvements on hot SQL execution paths.

Window functions now support arithmetic expressions directly, allowing analytical queries to compute derived values inline without requiring subqueries or post-processing:

SELECT
  symbol,
  price,
  price - lag(price) OVER (PARTITION BY symbol ORDER BY ts) AS delta
FROM trades

This simplifies common patterns such as calculating deltas, ratios, and scaled values within window definitions.

The tables() system view now exposes two additional columns:

• table_min_timestamp
• table_max_timestamp

These columns provide quick visibility into the temporal bounds of each table, useful for diagnostics, retention checks, and operational tooling.

The ksum() function now works as a window function, using the Kahan summation algorithm for improved floating-point precision. This complements the existing ksum() aggregate function by enabling its use in window contexts:

-- Cumulative sum with reduced floating-point error
SELECT ksum(price) OVER (ORDER BY ts ROWS UNBOUNDED PRECEDING) FROM trades;

-- Sliding window
SELECT ksum(price) OVER (ORDER BY ts ROWS BETWEEN 3 PRECEDING AND CURRENT ROW) FROM trades;

-- Partitioned
SELECT ksum(price) OVER (PARTITION BY symbol) FROM trades;

All standard window frame types are supported: ROWS, RANGE, partitioned, unbounded, and sliding windows.

Parquet exports via the HTTP /exp endpoint now stream directly from page frames, eliminating intermediate temporary tables. This reduces memory overhead and improves export throughput for large result sets.

Parallel query execution has been optimized to reduce garbage generation on hot paths. This lowers GC pressure and improves throughput and tail latency under sustained analytical workloads.

Queries where columns reference other columns now avoid redundant expression evaluation. This improves performance for wide projections and queries with multiple derived columns.

• Fixed an error when using WINDOW JOIN (introduced in 9.3.0) with ORDER BY ts DESC.
• Fixed a crash in ASOF JOIN queries when the ON clause mixes SYMBOL and non-symbol columns.
• Fixed transient "file does not exist" errors that could surface during query execution.

• Fixed an issue where views (introduced in 9.3.0) could become suspended after being altered.
• Fixed a rare bug that could write invalid data into a materialized view under specific conditions.

• Fixed checkpoint restore logic by removing phantom table directories left on disk.
• Fixed a rare issue where process memory was not fully released on Linux when jemalloc is enabled.

Thanks to everyone who reported issues, shared production feedback, and contributed fixes and improvements. Your input continues to shape QuestDB's reliability and performance.

For questions or feedback, please join us on Slack or Discourse, and check the full changelog on GitHub for detailed PR information.

• feat(sql): implement ksum() window function with Kahan summation by @bluestreak01 in https://github.com/questdb/questdb/pull/6642
• perf(core): streaming parquet export by @kafka1991 in https://github.com/questdb/questdb/pull/6300
• feat(sql): implement arithmetic with window functions by @bluestreak01 in https://github.com/questdb/questdb/pull/6626
• fix(sql): WINDOW JOIN with ORDER BY ts DESC returns error by @puzpuzpuz in https://github.com/questdb/questdb/pull/6624
• fix(core): fix checkpoint restore by removing phantom tables directories from disk by @ideoma in https://github.com/questdb/questdb/pull/6614
• perf(sql): reduce garbage generated on parallel query hot path by @puzpuzpuz in https://github.com/questdb/questdb/pull/6597
• fix(sql): fix view metadata race conditions on replica by @bluestreak01 in https://github.com/questdb/questdb/pull/6627
• fix(core): fix for view becomes suspended after it is altered by @glasstiger in https://github.com/questdb/questdb/pull/6623
• fix(core): fix rare bug that can potentially write invalid data in mat view by @ideoma in https://github.com/questdb/questdb/pull/6628
• perf(sql): reduce repeated expression execution when a column is referenced by other columns by @kafka1991 in https://github.com/questdb/questdb/pull/6093
• fix(core): fix transient file does not exist error in queries by @ideoma in https://github.com/questdb/questdb/pull/6629
• fix(sql): fix ASOF JOIN crash when ON clause has symbol and other columns by @jerrinot in https://github.com/questdb/questdb/pull/6634
• fix(core): process memory may not be released on Linux when jemalloc is enabled by @puzpuzpuz in https://github.com/questdb/questdb/pull/6619
• feat(sql): add table_min_ and table_max_timestamp columns to tables() view by @bluestreak01 in https://github.com/questdb/questdb/pull/6630

Full Changelog: https://github.com/questdb/questdb/compare/9.3.0...9.3.1

Introduce a MEILI_EXPERIMENTAL_DISABLE_FID_BASED_DATABASES_CLEANUP env var to opt out of the field ID-based database cleanup when upgrading a Meilisearch <1.32.0.

by @ManyTheFish in https://github.com/meilisearch/meilisearch/pull/6096

Full Changelog: https://github.com/meilisearch/meilisearch/compare/v1.32.0...v1.32.1

This is a security release.

lib:

• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) https://github.com/nodejs-private/node-private/pull/802
• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) https://github.com/nodejs-private/node-private/pull/797 lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) https://github.com/nodejs-private/node-private/pull/760 src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) https://github.com/nodejs-private/node-private/pull/773 src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) https://github.com/nodejs-private/node-private/pull/759 tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) https://github.com/nodejs-private/node-private/pull/796

• [8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997
• [97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792
• [14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
• [1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

This is a security release.

lib:

• (CVE-2025-59465) add TLSSocket default error handler
• (CVE-2025-55132) disable futimes when permission model is enabled lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle tls:
• (CVE-2026-21637) route callback exceptions through error handlers

• [6badf4e6f4] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997
• [37509c3ff0] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#791
• [eb8e41f8db] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [ebbf942a83] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
• [6b4849583a] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [ddadc31f09] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [d4d9f3915f] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [25d6799df6] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

This is a security release.

lib:

• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) https://github.com/nodejs-private/node-private/pull/797
• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) https://github.com/nodejs-private/node-private/pull/748 lib,permission:
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) https://github.com/nodejs-private/node-private/pull/760 src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) https://github.com/nodejs-private/node-private/pull/773 src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) https://github.com/nodejs-private/node-private/pull/759 tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) https://github.com/nodejs-private/node-private/pull/796

• [2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997
• [3e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #61283
• [4ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
• [89adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
• [7302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [20075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [20591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796

This is a security release.

lib:

• (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) https://github.com/nodejs-private/node-private/pull/750 permission:
• (CVE-2026-21636) add network check on pipe_wrap connect (RafaelGSS) https://github.com/nodejs-private/node-private/pull/784
• (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) https://github.com/nodejs-private/node-private/pull/760
• (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) https://github.com/nodejs-private/node-private/pull/748 src:
• (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) https://github.com/nodejs-private/node-private/pull/773 src,lib:
• (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) https://github.com/nodejs-private/node-private/pull/759 tls:
• (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) https://github.com/nodejs-private/node-private/pull/790

• [a6a74b89a7] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997
• [5100614e26] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #61283
• [f0a8916887] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#750
• [b4b887c5f7] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
• [26be208039] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
• [bdf5873d44] - (CVE-2026-21636) permission: add network check on pipe_wrap connect (RafaelGSS) nodejs-private/node-private#784
• [0578e3e921] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
• [4d6b55a6d1] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#759
• [c357a39e14] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#790

Release 2.3.21.Final fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira

    Release Notes - Undertow - Version 2.3.21.Final

• [UNDERTOW-2490] - Improve the documentation of UndertowOptions.HTTP_HEADERS_CACHE_SIZE / DEFAULT_HTTP_HEADERS_CACHE_SIZE

• [UNDERTOW-2580] - Support SameSite and custom cookie attributes

• [UNDERTOW-1359] - HTTP2 - java.lang.IllegalStateException: UT000091: Buffer has already been freed
• [UNDERTOW-1561] - ServletContext.getResourcePaths() omits Resources that are not available directly on the file system
• [UNDERTOW-2157] - UndertowOutputStream.transferFrom appears to have a broken signature
• [UNDERTOW-2165] - READ_TIMEOUT is not taken into account in HTTP2 listener
• [UNDERTOW-2269] - Encode Query string on forward/include and properly handle merging
• [UNDERTOW-2377] - CVE-2024-3884 CVE-2024-4027 OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
• [UNDERTOW-2421] - ServletSessionConfig is missing support for arbitrary cookie attributes
• [UNDERTOW-2534] - ClassLoader of deployed websockets application leaks to XnioWorker
• [UNDERTOW-2582] - ServerWebSocketContainer keeps reference to CLs
• [UNDERTOW-2591] - SSEHandler header Connection is set to close
• [UNDERTOW-2605] - FixedLengthStreamSourceConduit does not clean up ReadTimeoutStreamSourceConduit after an exact Content-Length read
• [UNDERTOW-2609] - Previous fixes in the handling of decoded characters in query requests reflect in getQueryString of APIs
• [UNDERTOW-2656] - CVE-2025-12543 Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
• [UNDERTOW-2662] - Quoted cookie versions cannot be parsed correctly
• [UNDERTOW-2668] - ServletRelativePathAttribute switch to %U from %R and return absolute path
• [UNDERTOW-2674] - Wrong codes sent on WebSocket connection close
• [UNDERTOW-2675] - Make Undertow compatible with RFC6265

• [UNDERTOW-2103] - Enable open ssl building in CI
• [UNDERTOW-2653] - Add back servlets and websockets-jsr to Ci

• [UNDERTOW-2644] - Upgrade wildfly openssl to 2.2.5.Final

• [UNDERTOW-2231] - Test Flakiness occurs for io.undertow.server.handlers.proxy.LoadBalancingProxyTestCase#testLoadSharedWithServerShutdown
• [UNDERTOW-2638] - Process all buffers in ChunkedStreamSinkConduit.write(ByteBuffer[], int, int)
• [UNDERTOW-2643] - At ServletOutputStreamImpl.close remove the conversion of int to String