Apache Superset is a modern, enterprise-ready business intelligence web application

Release 2.4.0.Beta1 Fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira

    Release Notes - Undertow - Version 2.4.0.Beta1

• [UNDERTOW-2464] - Create a default constant for UndertowOptions.DECODE_URL
• [UNDERTOW-2465] - Fix UndertowOptions.URL_CHARSET Javadoc
• [UNDERTOW-2466] - Create a default constant for UndertowOptions.ALWAYS_SET_KEEP_ALIVE
• [UNDERTOW-2467] - Create a default constant for UndertowOptions.ALWAYS_SET_DATE
• [UNDERTOW-2484] - Create a default constant for UndertowOptions.HTTP2_PADDING_SIZE
• [UNDERTOW-2491] - Create a default constant for UndertowOptions.SSL_USER_CIPHER_SUITES_ORDER
• [UNDERTOW-2492] - Create a default constant for UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL
• [UNDERTOW-2494] - Create a default constant for UndertowOptions.QUEUED_FRAMES_HIGH_WATER_MARK
• [UNDERTOW-2495] - Create a default constant for UndertowOptions.QUEUED_FRAMES_LOW_WATER_MARK

• [UNDERTOW-1881] - Add a new exchange attribute for SSL/TLS protocol version
• [UNDERTOW-2010] - Provide method to invalidate all paths in CachingResourceManager
• [UNDERTOW-2242] - Add UndertowOptions.ALLOW_ID_LESS_MATRIX_PARAMETERS
• [UNDERTOW-2319] - Move io.undertow.multipart.minsize property to UndertowOptions
• [UNDERTOW-2553] - Add rewriteHostHeader to ModCluster
• [UNDERTOW-2580] - Support SameSite and custom cookie attributes
• [UNDERTOW-2696] - Allow PathHandler to check for registered prefixes
• [UNDERTOW-2706] - Add UndertowOptions_WEB_SOCKETS_READ_TIMEOUT

• [UNDERTOW-1794] - DefaultAccessLogReceiver violates Closeable contract
• [UNDERTOW-2157] - UndertowOutputStream.transferFrom appears to have a broken signature
• [UNDERTOW-2194] - Cookie parsing/assembling does not work 100% correctly.
• [UNDERTOW-2269] - Encode Query string on forward/include and properly handle merging
• [UNDERTOW-2377] - CVE-2024-3884 CVE-2024-4027 OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
• [UNDERTOW-2421] - ServletSessionConfig is missing support for arbitrary cookie attributes
• [UNDERTOW-2582] - ServerWebSocketContainer keeps reference to CLs
• [UNDERTOW-2588] - Undertow response can still break in case of Java 17 TLSv1.3 NewSessionTicket
• [UNDERTOW-2590] - Support "rspauth" in Digest auth header
• [UNDERTOW-2605] - FixedLengthStreamSourceConduit does not clean up ReadTimeoutStreamSourceConduit after an exact Content-Length read
• [UNDERTOW-2609] - Previous fixes in the handling of decoded characters in query requests reflect in getQueryString of APIs
• [UNDERTOW-2656] - CVE-2025-12543 Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
• [UNDERTOW-2662] - Quoted cookie versions cannot be parsed correctly
• [UNDERTOW-2674] - Wrong codes sent on WebSocket connection close
• [UNDERTOW-2676] - Do not set merged query parameters for includes and forwards on the exchange, only the request
• [UNDERTOW-2677] - MultipartParserDefinition overrides max entity size already set and configured from other sources
• [UNDERTOW-2686] - HttpSession.Accessor can throw ISE if session identifier has since changed
• [UNDERTOW-2710] - Some pom.xml files reference the removed undertow-servlet and undertow-websockets-jsr modules

• [UNDERTOW-2103] - Enable open ssl building in CI
• [UNDERTOW-2684] - Add SessionManager.isDistributed()

• [UNDERTOW-2690] - Update MULTIPART_MAX_ENTITY_SIZE javadoc to reflect current default behavior

• [UNDERTOW-2644] - Upgrade wildfly openssl to 2.2.5.Final

• [UNDERTOW-2231] - Test Flakiness occurs for io.undertow.server.handlers.proxy.LoadBalancingProxyTestCase#testLoadSharedWithServerShutdown
• [UNDERTOW-2335] - Add an example of the PredicatesHandler and specifically the predicate handler parser

• Update netty to 4.2.10.Final by @gavinbunney in https://github.com/Netflix/zuul/pull/2073

Full Changelog: https://github.com/Netflix/zuul/compare/v3.3.8...v3.3.9

https://fluentbit.io/announcements/v4.2.3/

• release: update to 4.2.3 by @github-actions[bot] in https://github.com/fluent/fluent-bit/pull/11310
• copyright: update year to 2026 by @edsiper in https://github.com/fluent/fluent-bit/pull/11325
• filter_kubernetes: fix parser annotation leak by @erain in https://github.com/fluent/fluent-bit/pull/11333
• github: scripts: commit_linter: Handle bin prefix for fluent-bit.c by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11336
• bin: Handle CONT signal properly under leaks command by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11335
• filter_wasm: Handle group metadata by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11305
• cmake: kafka: fix OAuth Bearer detection on Windows by @bp-cheng in https://github.com/fluent/fluent-bit/pull/11294
• maintenance: update branch and security EOL info by @edsiper in https://github.com/fluent/fluent-bit/pull/11339
• github: scripts: commit_prefix_check: add config format rules on linter by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11346
• readme: update active branch 4.2 by @edsiper in https://github.com/fluent/fluent-bit/pull/11348
• out_opentelemetry: on HTTP/2, read and process gRPC status code by @edsiper in https://github.com/fluent/fluent-bit/pull/11347
• config_format: cf_yaml: Align the behavior of dirname against POSIX [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11363
• filter_log_to_metrics: fix initialization and exception cleanup by @edsiper in https://github.com/fluent/fluent-bit/pull/11428
• out_stackdriver: clean up oauth2 cache lifecycle by @edsiper in https://github.com/fluent/fluent-bit/pull/11429
• filter_kubernetes: Adjust cleanup ordering to avoid use-after-free [4.2 backport] by @ShelbyZ in https://github.com/fluent/fluent-bit/pull/11445
• in_winevtlog: Add text format for event rendering [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11466
• in_tail: Add skipped_lines counter [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11467
• in_splunk: Implement handling remote addr feature [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11465
• aws: switch AWS Endpoints for European Souvereign Cloud [4.2 backport] by @ShelbyZ in https://github.com/fluent/fluent-bit/pull/11423
• plugin_proxy: enable event_type specification for proxy plugins (4.2 Backport) by @jmccormick7 in https://github.com/fluent/fluent-bit/pull/11241
• in_splunk: Plug memory issues [Backport to 4.2] by @cosmo0920 in https://github.com/fluent/fluent-bit/pull/11475

• @bp-cheng made their first contribution in https://github.com/fluent/fluent-bit/pull/11294

Full Changelog: https://github.com/fluent/fluent-bit/compare/v4.2.2...v4.2.3

• Spring Authorization Server fails to start with multiple PasswordEncoder beans #1610

• Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #2277
• Bump io.spring.security.release from 1.0.13 to 1.0.14 #2284
• Bump org.springframework.security:spring-security-bom from 6.5.7 to 6.5.8 #2287
• Bump org.springframework:spring-framework-bom from 6.2.15 to 6.2.16 #2285

This release contains performance improvements and bug fixes since the 2.25.0 release. We recommend that you upgrade at the next available opportunity.

Bugfixes

• https://github.com/timescale/timescaledb/pull/9215 Add missing handling for em_parent to sort_transform
• https://github.com/timescale/timescaledb/pull/9223 Clean up orphaned entries in continuous aggregate invalidaton logs
• https://github.com/timescale/timescaledb/pull/9226 Fix invalidation and batching issues for variable bucket continuous aggregates.
• https://github.com/timescale/timescaledb/pull/9256 Error "record type has no extended hash function" on some queries using a sparse bloom filter index on a column of composite type.
• https://github.com/timescale/timescaledb/pull/9257 Handle type coercion for metadata column equivalence members

Thanks

• @emapple for reporting a crash in a query with nested joins and subqueries

• S3 Table Bucket and Iceberg Catalog

  • s3tables: support multi-level namespaces in parser/admin paths by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8273
  • iceberg: wire pagination for list namespaces/tables REST APIs by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8275
  • iceberg: persist namespace properties for create/get by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8276
  • Iceberg commit reliability: preserve statistics updates and return 409 conflicts by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8277
  • Iceberg: implement stage-create finalize flow (phase 1) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8279
  • s3tables: fix shared table-location bucket mapping collisions by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8286
  • Remove unsupported iceberg rest signing-region from tests and docs by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8289
  • Add RisingWave catalog tests by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8308
  • Fix STS AssumeRole with POST body param by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8320
  • Fix: preserve request body for STS signature verification by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8324
  • Test: Add RisingWave DML verification test by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8317
  • Fix STS temporary credentials to use ASIA prefix instead of AKIA by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8326
  • Fix STS InvalidAccessKeyId and request body consumption issues by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8328

• S3 API

  • s3api: fix ListObjectsV2 NextContinuationToken duplication for nested prefix by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8294
  • s3api: return 400 for invalid namespace query in REST table routes by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8296
  • Switch empty-folder cleanup to bucket policy by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8292
  • s3api/policy_engine: use forwarded client IP for aws:SourceIp by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8304
  • fix(s3): lifecycle TTL rules inherit replication and volumeGrowthCount from filer config by @FivegenLLC in https://github.com/seaweedfs/seaweedfs/pull/8321
  • s3api: fix AccessDenied by correctly propagating principal ARN in vended tokens by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8330
  • Add session policy support to IAM by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8338
  • fix(iam): ensure access key status is persisted and defaulted to Active by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8341
  • Add UpdateAccessKey support to IAM API by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8342
  • Fix IAM identity loss on S3 restart migration by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8343
  • STS: Fallback to Caller Identity when RoleArn is missing in AssumeRole by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8345
  • Fix S3 ListObjectsV2 recursion issue by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8347
  • S3: Implement IAM defaults and STS signing key fallback by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8348

• Filer Sync

  • Fix filer.sync retry on stale chunk by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8298
  • filer.sync: support manifest chunks by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8299

• Shell

  • Add weed shell command volumeServer.state to query/update volume server state settings. by @proton-lisandro-pin in https://github.com/seaweedfs/seaweedfs/pull/8271
  • Fix volume.fsck 401 Unauthorized by adding JWT to HTTP delete requests by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8306

• Volume Server

  • Implement local scrubbing for EC volumes. by @proton-lisandro-pin in https://github.com/seaweedfs/seaweedfs/pull/8283
  • Fix file stat collection metric bug for the cluster.status command. by @proton-lisandro-pin in https://github.com/seaweedfs/seaweedfs/pull/8302
  • Have local EC volume scrubbing check needle integrity whenever possible. by @proton-lisandro-pin in https://github.com/seaweedfs/seaweedfs/pull/8334
  • Implement full scrubbing for regular volumes by @proton-lisandro-pin in https://github.com/seaweedfs/seaweedfs/pull/8254
  • Rework volume compaction (a.k.a vacuuming) logic to cleanly support new parameters. by @proton-lisandro-pin in https://github.com/seaweedfs/seaweedfs/pull/8337
  • Fix superblock write error checks on volume compaction. by @proton-lisandro-pin in https://github.com/seaweedfs/seaweedfs/pull/8352
  • Implement full scrubbing for EC volumes by @proton-lisandro-pin in https://github.com/seaweedfs/seaweedfs/pull/8318

• Master

  • pb: fix IPv6 double brackets in ServerAddress formatting by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8329
  • Fix master leader election startup issue by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8340
  • filer: add default log purging to master maintenance scripts by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8359

• Filer

  • Fix LevelDB panic on lazy reload (#8269) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8307

• FUSE mount

  • FUSE mount: fix failed git clone by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8344

• Admin UI

  • admin: fix file browser items-per-page selector by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8291
  • Fix inconsistent admin argument in worker pods by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8316
  • Fix service name in the worker deployment (seaweedfs#8314) by @lukasnor in https://github.com/seaweedfs/seaweedfs/pull/8315

• Misc

  • Fix RocksDB container build compatibility and add manual rocksdb dispatch by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8288
  • ci: move manual container builds to unified release workflow by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8290
  • ci: fix container_release_unified manual dispatch and workflow parsing by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8293
  • Add volume server integration test suite and CI workflow by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8322

• @lukasnor made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/8315
• @FivegenLLC made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/8321

Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.12...4.13

This release is an experimental release that removes the hardcoded set of GOMAXPROCS in the shared main module.

Modern go runtimes (>1.25) intelligently use cgroup to determine optimal number of cores to allocate. Also, this change allows one to actually set the GOMAXPROCS env var (previously the call in the main module would have overridden it).

This release is an experimental release that removes the hardcoded set of GOMAXPROCS in the shared main module.

Modern go runtimes (>1.25) intelligently use cgroup to determine optimal number of cores to allocate. Also, this change allows one to actually set the GOMAXPROCS env var (previously the call in the main module would have overridden it).