Download page What's new highlights

• API: Add missing scope check on dashboards #116888, @Proximyst
• Avatar: Require sign-in, remove queue, respect timeout #116893, @macabu
• ElasticSearch: Update annotation time-range properties #115566, @aangelisc
• Explore: Reset legend when a new query is run #116590, @ifrost
• Go: Update to 1.25.6 #116396, @macabu

• Alerting: Fix a race condition panic in ResetStateByRuleUID #115680, @alexander-akhmetov
• Alerting: Fix data source recording rules editor #116303, @soniaAguilarPeiron

Download page What's new highlights

• API: Add missing scope check on dashboards #116889, @Proximyst
• Avatar: Require sign-in, remove queue, respect timeout #116895, @macabu
• Docs: Clarify section title for repeating rows and tabs #115345, @imatwawana
• ElasticSearch: Update annotation time-range properties #115565, @aangelisc
• Explore: Reset legend when a new query is run #116589, @ifrost
• Go: Update to 1.25.6 #116399, @macabu

• Alerting: Fix a race condition panic in ResetStateByRuleUID #115694, @alexander-akhmetov

Download page What's new highlights

• API: Add missing scope check on dashboards #116890, @Proximyst
• Avatar: Require sign-in, remove queue, respect timeout #116896, @macabu
• Go: Update to 1.25.6 #116400, @macabu

• Alerting: Fix a race condition panic in ResetStateByRuleUID #115693, @alexander-akhmetov

Download page What's new highlights

• API: Add missing scope check on dashboards #116892, @Proximyst
• Avatar: Require sign-in, remove queue, respect timeout #116897, @macabu
• Go: Update to 1.25.6 #116401, @macabu

• Alerting: Fix a race condition panic in ResetStateByRuleUID #115692, @alexander-akhmetov

This patch fixes an accidental breaking change in v1.34.1 where Meilisearch would not start with a configuration file if experimental_allowed_ip_networks was not defined.

• Meilisearch Cloud users do not need to update as they were not affected by this regression
• We recommend that OSS users upgrade to v1.34.2

Full Changelog: https://github.com/meilisearch/meilisearch/compare/v1.34.1...v1.34.2

OpenSSL 3.0.19 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

• Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467)

• Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160)

• Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418)

• Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419)

• Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420)

• Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function. (CVE-2025-69421)

• Fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795)

• Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796)

OpenSSL 3.3.6 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

• Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467)

• Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID. (CVE-2025-15468)

• Fixed TLS 1.3 CompressedCertificate excessive memory allocation. (CVE-2025-66199)

• Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160)

• Fixed Unauthenticated/unencrypted trailing bytes with low-level OC function calls. (CVE-2025-69418)

• Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419)

• Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420)

• Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function. (CVE-2025-69421)

• Fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795)

• Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796)

Download page What's new highlights

• API: Add missing scope check on dashboards #116894, @Proximyst
• Avatar: Require sign-in, remove queue, respect timeout #116898, @macabu
• Go: Update to 1.25.6 #116402, @macabu

• Alerting: Fix a race condition panic in ResetStateByRuleUID #115691, @alexander-akhmetov

OpenSSL 3.4.4 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

• Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. (CVE-2025-11187)

• Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467)

• Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID. (CVE-2025-15468)

• Fixed TLS 1.3 CompressedCertificate excessive memory allocation. (CVE-2025-66199)

• Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160)

• Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418)

• Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419)

• Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420)

• Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function. (CVE-2025-69421)

• Fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795)

• Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796)