• Ensure Transfer-Encoding is not allowed on HTTP/1.0 requests by @gavinbunney in https://github.com/Netflix/zuul/pull/2125

Full Changelog: https://github.com/Netflix/zuul/compare/v3.6.0...v3.6.1

Nacos 3.2.1 is a patch release focused on critical bug fixes and feature enhancements for issues discovered in 3.2.0. This release delivers significant improvements to AI Registry functionality, database compatibility, security, and console user experience.

Key highlights include:

• AI Registry Maturity: Complete Prompt lifecycle management with UI, A2A AgentCard v1 protocol support, skill bizTag filtering, and resource spec storage for MCP servers
• Security Enhancements: Fixed LDAP authentication bypass vulnerability, added OIDC/OAuth2 SSO login support for both consoles
• Database Compatibility: Comprehensive PostgreSQL, Oracle, MySQL, and Derby fixes including deterministic pagination and schema timestamp issues
• Dependency Upgrades: Spring Boot 3.5.13, MCP SDK 0.17.0, and log4j-core 2.25.4
• Concurrency & Reliability: Eliminated race conditions in AI publish pipeline, naming module, client failover, and config export operations
• Console UX: Fixed configuration editing errors, namespace ID validation, batch import, token expiry handling, and UI bugs in both legacy and next consoles

• [#14621] A2A Registry 1.0 adapter with unified and normalized supported interfaces in agent card handling
• [#14796] Add MCP server resource specification support
• [#14807] Add Prompt lifecycle management UI for both legacy and next consoles
• [#14809] Enhance AI resource list APIs with filters and ordering support
• [#14847] Support AI resource subtype parsing in authentication plugin
• [#14895] Support filtering skills by bizTag in list API and console UI
• [#14794] Support force-publish skills for admin user

• [#14743] Close CallableStatement in DerbySnapshotOperation to prevent JDBC resource leak
• [#14750] Fix check-then-act race condition in FailoverReactor.isFailoverSwitch
• [#14751] Fix check-then-act race conditions on ConcurrentHashMap in naming module
• [#14784] Validate input parameters in ops controller forms for better security
• [#14806] Improve cluster metrics aggregation completeness signal in v3 API
• [#14818] Improve cluster metrics aggregation completeness signal in v3 API
• [#14822] Extract duplicated logic from SkillOperationServiceImpl and AgentSpecOperationServiceImpl into AiResourceManager and VersionUtils
• [#14834] Upgrade UI dependencies for both legacy and next consoles
• [#14873] Add config option to enable or disable visibility plugin
• [#14883] Add default scope resolution for new resource creation in visibility plugin
• [#14884] Standardize pipeline API and fix legacy console UI bugs
• [#14893] Add copilot feature toggle and redesign plugin management layout
• [#14927] Fix TOCTOU race condition and thread leak in ClientWorker.ensureSyncExecutor()
• [#14928] Fix TOCTOU race condition in removeSubscriberIndexes causing data loss

• [#14046] Fix ConfigInfoMapperByMySql.findConfigInfoLike4PageFetchRows result accuracy on MySQL
• [#14741] Add ORDER BY to findConfigInfoLike4PageFetchRows for deterministic pagination
• [#14742] Add ORDER BY to findConfigInfo4PageFetchRows for deterministic pagination
• [#14746] Add ORDER BY to remaining MySQL pagination queries for deterministic results
• [#14747] Add ORDER BY to Oracle pagination queries for deterministic results
• [#14748] Add ORDER BY to Derby pagination queries for deterministic results
• [#14764] Fix namespace ID validation issue in new UI when adding custom namespace
• [#14765] Fix configuration file editing error in 3.2 console
• [#14768] Fix /v3/console/ai/mcp/importToolsFromMcp failure due to json-schema-validator dependency conflict
• [#14771] Fix batch import failure in legacy console UI
• [#14775] Add missing OIDC-related configurations to application.properties template
• [#14778] Fix clusterName forced to DEFAULT in v3 HTTP API
• [#14783] Remove downloadSkillZip from AiClientProxy interface and route skill download directly to HTTP client
• [#14786] Eliminate race condition in AI publish pipeline by pre-generating executionId
• [#14810] Fix PostgreSQL schema default timestamp issues causing startup failures
• [#14812] Set default timestamps to current time in Oracle and PostgreSQL schemas
• [#14828] Fix cross-type version contamination when querying ai_resource_version by name
• [#14832] Fix PostgreSQL compatibility issues for AI resource persistence and capacity modules
• [#14836] Fix cross-type version contamination in ai_resource_version queries
• [#14837] Enforce type isolation for ai_resource_version queries
• [#14843] Fix ActionTypes.WRITE to ActionTypes.READ for getting instance detail in InstanceControllerV3
• [#14849] Fix instance detail permission check in InstanceControllerV3
• [#14852] Fix prompt bizTags handling in both legacy and next UIs
• [#14853] Fix login page loop and header when auth is disabled in next console
• [#14856] Redirect to login page on token invalid/expired responses
• [#14862] Fix LDAP authentication bypass via hardcoded credentials in proxy user synchronization
• [#14875] Fix misleading error messages in maintainer-client ParamUtil
• [#14886] Fix legacy console UI bugs and improve robustness
• [#14892] Fix misleading value reporting in maintainer-client when timeout/retry properties are invalid
• [#14908] Fix skill content loss in SkillRemoteHandler#createDraft when passing skillCard as targetVersion
• [#14910] Add null check for optional ids parameter in exportConfigV2
• [#14915] Add null check for metaDataItem in config import
• [#14917] Reject login with LDAP-prefixed usernames to prevent auth bypass
• [#14947] Fix exception when adding Prompt page in console

• [#14782] Upgrade MCP SDK to 0.17.0 to resolve json-schema-validator conflict
• [#14834] Upgrade UI dependencies (both legacy and next consoles)
• [#14910] Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4
• [#14955] Upgrade Spring Boot from 3.4.10 to 3.5.13

Action Required: This release includes critical fixes for PostgreSQL, Oracle, MySQL, and Derby schemas, particularly around default timestamp values and ORDER BY clauses for deterministic pagination.

Before upgrading:

1. Backup your existing database
2. Apply the updated schema script: conf/schema.sql (for your database type)
3. Restart Nacos server after schema migration

Affected databases:

• PostgreSQL: Default timestamp fixes, AI resource persistence compatibility
• Oracle: Default timestamp fixes
• MySQL: Pagination query accuracy improvements
• Derby: ORDER BY clause additions, JDBC resource leak fixes

Failure to apply schema changes may result in:

• Database startup failures (PostgreSQL)
• Inconsistent pagination results
• JDBC resource leaks
• AI resource version contamination

This release adds OIDC/OAuth2 SSO login support for both legacy and next consoles. To enable:

# OIDC Configuration
nacos.auth.oidc.enabled=true
nacos.auth.oidc.issuer-uri=<your-oidc-issuer-uri>
nacos.auth.oidc.client-id=<your-client-id>
nacos.auth.oidc.client-secret=<your-client-secret>
nacos.auth.oidc.redirect-uri=${domain}/v3/console/login

• AgentCard v1 Protocol: Full support for A2A AgentCard v1 protocol with extended capabilities
• Unified Interfaces: Normalized and validated supported interfaces in agent card handling
• Version Meta API: New API to query agent spec metadata without loading full content

• @CHEN666333-SVG made their first contribution in https://github.com/alibaba/nacos/pull/14818
• @Sunwenzhi58 made their first contribution in https://github.com/alibaba/nacos/pull/14866
• @LiyunZhang10 made their first contribution in https://github.com/alibaba/nacos/pull/14928
• @FatOnionLee made their first contribution in https://github.com/alibaba/nacos/pull/14946

Full Changelog: https://github.com/alibaba/nacos/compare/3.2.0...3.2.1

• Configure Continuation default to netty default by @jguerra in https://github.com/Netflix/zuul/pull/2114
• Add HTTP/1.1 request framing enforcer by @gavinbunney in https://github.com/Netflix/zuul/pull/2124
• Remove unused methods from ProxyUtils by @gavinbunney in https://github.com/Netflix/zuul/pull/2126

Full Changelog: https://github.com/Netflix/zuul/compare/v3.5.8...v3.6.0

• fix(s3): return 304 Not Modified instead of dropping the connection by @sciyoshi in https://github.com/rustfs/rustfs/pull/2627
• refactor: update binary field types and conversions in RPC and protofiles by @reatang in https://github.com/rustfs/rustfs/pull/2619
• fix(security): redact target debug logs and remove eval-based bench hook by @houseme in https://github.com/rustfs/rustfs/pull/2637
• fix(lock): prevent stale distributed object locks by @weisd in https://github.com/rustfs/rustfs/pull/2633
• fix: prevent object lock retention race by @weisd in https://github.com/rustfs/rustfs/pull/2634
• test(targets): cover target config redaction by @overtrue in https://github.com/rustfs/rustfs/pull/2638
• fix(storage): list prefix children behind marker objects by @weisd in https://github.com/rustfs/rustfs/pull/2643
• fix(admin): authorize cross-user ListServiceAccount with ListServiceAccount by @loverustfs in https://github.com/rustfs/rustfs/pull/2640

• @sciyoshi made their first contribution in https://github.com/rustfs/rustfs/pull/2627

Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-alpha.97...1.0.0-alpha.98

Address CVEs CVE-2026-41327, CVE-2026-41328, CVE-2026-41492

Full Changelog: https://github.com/dgraph-io/dgraph/compare/v24.1.7...v24.1.8

• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by @dependabot[bot] in https://github.com/dgraph-io/dgraph/pull/9682
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 by @dependabot[bot] in https://github.com/dgraph-io/dgraph/pull/9681
• fix: address CVEs: CVE-2026-41327, CVE-2026-41328, CVE-2026-41492

Full Changelog: https://github.com/dgraph-io/dgraph/compare/v25.3.2...v25.3.3

• fix(lifecycle): correct delete replication fanout by @cxymds in https://github.com/rustfs/rustfs/pull/2609
• feat(targets): add NATS and Pulsar target support by @houseme in https://github.com/rustfs/rustfs/pull/2618
• fix(madmin): restore server_info msgpack compatibility across mixed nodes by @houseme in https://github.com/rustfs/rustfs/pull/2621
• test: cover NATS and Pulsar config validation by @overtrue in https://github.com/rustfs/rustfs/pull/2623
• fix: some expect error by @likewu in https://github.com/rustfs/rustfs/pull/2622
• feat: add OTHER_AUDIENCES config by @ateijelo in https://github.com/rustfs/rustfs/pull/2605
• feat(storage): wire capacity/object perf tuning and add batch benchmark runners by @houseme in https://github.com/rustfs/rustfs/pull/2628
• feat: add support for external/existing certificate issuer by @majinghe in https://github.com/rustfs/rustfs/pull/2631
• fix(scanner): avoid stalls after abandoned child listings by @weisd in https://github.com/rustfs/rustfs/pull/2632

• @ateijelo made their first contribution in https://github.com/rustfs/rustfs/pull/2605

Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-alpha.96...1.0.0-alpha.97

• Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #2290
• Bump io.spring.security.release from 1.0.14 to 1.0.15 #2305
• Bump org.springframework.security:spring-security-bom from 6.5.8 to 6.5.9 #2304
• Bump org.springframework.security:spring-security-bom from 6.5.9 to 6.5.10 #2329
• Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #2303
• Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18 #2328
• Release 1.5.7 #2288

• #18519 agent Allow overriding collection_jitter with 0s on a per-input basis
• #18719 inputs.docker List all containers so non-running states are gathered
• #18686 inputs.nftables Handle plain string elements in set unmarshalling
• #18717 inputs.opcua_listener Skip nodes failing monitored-item creation
• #18684 inputs.opcua_listener Wrap error correctly in subscribe client
• #18640 inputs.turbostat Skip repeated headers with different whitespace
• #18641 parsers.influx Prevent panic due to nil metric on invalid input

• #18633 deps Bump cloud.google.com/go/bigquery from 1.74.0 to 1.75.0
• #18706 deps Bump cloud.google.com/go/bigquery from 1.75.0 to 1.76.0
• #18657 deps Bump cloud.google.com/go/monitoring from 1.24.3 to 1.25.0
• #18703 deps Bump cloud.google.com/go/monitoring from 1.25.0 to 1.26.0
• #18658 deps Bump cloud.google.com/go/pubsub/v2 from 2.5.0 to 2.5.1
• #18664 deps Bump cloud.google.com/go/storage from 1.61.3 to 1.62.0
• #18662 deps Bump github.com/ClickHouse/clickhouse-go/v2 from 2.43.0 to 2.44.0
• #18705 deps Bump github.com/ClickHouse/clickhouse-go/v2 from 2.44.0 to 2.45.0
• #18636 deps Bump github.com/Mellanox/rdmamap from 1.1.0 to 1.2.0
• #18656 deps Bump github.com/SAP/go-hdb from 1.16.2 to 1.16.3
• #18714 deps Bump github.com/SAP/go-hdb from 1.16.3 to 1.16.5
• #18639 deps Bump github.com/antchfx/jsonquery from 1.3.6 to 1.3.7
• #18695 deps Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.296.2 to 1.297.0 in the aws-sdk-go-v2 group
• #18669 deps Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.71.0 to 1.97.3
• #18655 deps Bump github.com/aws/smithy-go from 1.24.2 to 1.24.3
• #18630 deps Bump github.com/emiago/sipgo from 1.2.1 to 1.3.0
• #18649 deps Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
• #18710 deps Bump github.com/google/cel-go from 0.27.0 to 0.28.0
• #18696 deps Bump github.com/gophercloud/gophercloud/v2 from 2.11.1 to 2.12.0
• #18644 deps Bump github.com/gotestyourself/gotestsum from 1.10.1 to 1.13.0
• #18632 deps Bump github.com/hashicorp/consul/api from 1.33.4 to 1.33.7
• #18638 deps Bump github.com/hashicorp/vault/api/auth/approle from 0.11.0 to 0.12.0
• #18666 deps Bump github.com/jedib0t/go-pretty/v6 from 6.7.8 to 6.7.9
• #18716 deps Bump github.com/leodido/go-syslog/v4 from 4.3.0 to 4.4.0
• #18637 deps Bump github.com/nats-io/nats.go from 1.49.0 to 1.50.0
• #18715 deps Bump github.com/prometheus/prometheus from 0.310.0 to 0.311.2
• #18654 deps Bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3
• #18697 deps Bump github.com/snowflakedb/gosnowflake from 1.19.0 to 1.19.1
• #18479 deps Bump github.com/tdrn-org/go-nsdp from 0.5.0 to 0.5.1
• #18631 deps Bump github.com/tdrn-org/go-tr064 from 0.2.3 to 0.2.4
• #18701 deps Bump github.com/testcontainers/testcontainers-go from 0.41.0 to 0.42.0
• #18667 deps Bump github.com/vertica/vertica-sql-go from 1.3.5 to 1.3.6
• #18659 deps Bump go.opentelemetry.io/collector/pdata from 1.54.0 to 1.55.0
• #18665 deps Bump go.step.sm/crypto from 0.77.1 to 0.77.2
• #18698 deps Bump golang.org/x/tools from 0.43.0 to 0.44.0
• #18634 deps Bump google.golang.org/api from 0.272.0 to 0.273.0
• #18661 deps Bump google.golang.org/api from 0.273.0 to 0.274.0
• #18663 deps Bump google.golang.org/grpc from 1.79.3 to 1.80.0
• #18635 deps Bump modernc.org/sqlite from 1.47.0 to 1.48.0
• #18660 deps Bump modernc.org/sqlite from 1.48.0 to 1.48.1
• #18711 deps Bump modernc.org/sqlite from 1.48.1 to 1.48.2
• #18652 deps Bump super-linter/super-linter from 8.5.0 to 8.6.0
• #18629 deps Bump the aws-sdk-go-v2 group with 11 updates
• #18653 deps Bump the aws-sdk-go-v2 group with 5 updates

• fix(replication): clean targets when deleting config by @overtrue in https://github.com/rustfs/rustfs/pull/2599
• test(s3): promote passing compatibility cases by @overtrue in https://github.com/rustfs/rustfs/pull/2600
• test: cover S3 error XML body compatibility by @overtrue in https://github.com/rustfs/rustfs/pull/2606

Full Changelog: https://github.com/rustfs/rustfs/compare/1.0.0-alpha.95...1.0.0-alpha.96