Release v2.12.1

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.3 (#7428)

Dependencies

• github.com/google/go-tpm v0.9.6 (#7374)
• github.com/nats-io/nats.go v1.46.0 (#7374)
• golang.org/x/crypto v0.43.0 (#7423)
• golang.org/x/sys v0.37.0 (#7423)
• golang.org/x/time v0.14.0 (#7423)

Added

General

• The NewServerFromConfig function has been added to the embedded server API for parsing an external configuration file when ConfigFile is supplied (#7364)
• WebSocket leafnode connections can now use a HTTP proxy by specifying proxy settings in the leafnode remotes (#7242)
• The write_deadline option in the cluster, leafnode and gateway config blocks allows configuring write deadlines on a finger-grained basis (#7405)

Improved

Monitoring

• The jsz monitoring endpoint can now report leader counts (#7429)

JetStream

• The store lock is no longer held while searching for TTL expiry tasks, improving performance (#7344)
• Removing a message from the TTL state is now faster (#7344)
• The filestore no longer performs heap allocations for hash checks (#7345)
• The filestore now reuses pooled write cache allocations more efficiently (#7346)
• Meta snapshot performance for a very large number of assets has been improved after a regression in v2.11.9 (#7350)
• Sequence-from-timestamp lookups, such as those using opt_start_time on consumers or start_time on message get requests, now use a binary search for improved lookup performance (#7357)
• Scheduled messages are now deactivated properly when followed up with another message on the same subject without a schedule (#7366)
• Meta snapshots are no longer taken on every stream removal (#7373)
• Filestore cache lookups can now return early for empty blocks (#7381)
• Filestore meta files are now written using temporary staging, avoiding accidental truncation on crashes (#7388)
• Atomic batch publish now supports deduplication with the Nats-Msg-Id header (#7391)
• Cache-specific log lines in the filestore have been improved (#7396)
• Log lines and errors related to offline/unsupported assets are now clearer (#7416, #7425)

Fixed

General

• Fixed the exit code when receiving a SIGTERM signal immediately after startup (#7367)
• The $SYS.REQ.CLAIMS.DELETE endpoint now correctly strips headers, like the $SYS.REQ.CLAIMS.UPDATE endpoint already does (#7413)
• Log lines generated when reloading trusted proxies now report the correct keys (#7427)

JetStream

• Batch check now uses the correct subject instead of the last subject that does the commit (#7342)
• Removed messages with a per-message TTL are now removed from the TTL state immediately (#7344)
• Fixed a bug where TTL state was recovered on startup with subject delete markers enabled, that message expiry would not start as expected (#7344)
• Expiring messages from the filestore no longer leaks timers and expires at the correct time (#7344)
• Fixed a bug where scheduled messages would not trigger correctly after recovery (#7347)
• Deleting a non-existent sequence on a stream no longer results in a cluster reset and leadership election (#7348)
• Subject tree intersection now correctly handles overlapping literals and partial wildcards, i.e. stream.A and stream.*.A, fixing some consumer or message get filters (#7349)
• A data race when checking all JetStream limits has been fixed (#7356)
• Raft will no longer trigger a reset of the clustered state due to a stream snapshot timeout (#7293)
• Atomic batches now reject unsupported commits (#7368)
• Race conditions and potential panics fixed in the handling of some JetStream API handlers (#7380)
• The filestore no longer loses tombstones when using secure erase (#7384)
• The filestore no longer loses the last sequence when recovering blocks containing only tombstones (#7384)
• The filestore now correctly cleans up empty blocks when selecting the next first block (#7384)
• The filestore now correctly obeys sync_always for writing TTL and scheduling state files (#7385)
• The filestore will now correctly expire a cache when the wrong sequence is found (#7396)
• Fixed a data race on a wait group when mirroring streams (#7395)
• Skipped message sequences are now checked for ordering before apply, fixing a potential stream desync on catchups (#7400)
• Skipped message sequences now correctly detect gaps from erased message slots, fixing potential cache issues, slow reads and issues with catchups (#7399, #7401)
• Raft groups now report peer activity more consistently, fixing some cases where asset info and monitoring endpoints may report misleading values after leader changes (#7402)
• Raft groups will no longer permit truncations from unexpected catchup entries if the catchup is completed (#7424)
• The filestore will now correctly release locks when erasing messages returns an error (#7431)

Complete Changes

v2.12.0...v2.12.1

Release v2.12.1-RC.5

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.2

Dependencies

• golang.org/x/crypto v0.43.0 (#7423)
• golang.org/x/sys v0.37.0 (#7423)
• golang.org/x/time v0.14.0 (#7423)

Improved

JetStream

• Log lines and errors related to offline/unsupported assets are now clearer (#7416, #7425)

Fixed

JetStream

• The Raft layer will no longer permit truncations from unexpected catchup entries if the catchup is completed (#7424)

Complete Changes

v2.12.1-RC.4...v2.12.1-RC.5

Release v2.12.1-RC.4

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.2 (#7404)

Added

General

• The write_deadline option in the cluster, leafnode and gateway config blocks allows configuring write deadlines on a finger-grained basis (#7405)

Fixed

General

• The $SYS.REQ.CLAIMS.DELETE endpoint now correctly strips headers, like the $SYS.REQ.CLAIMS.UPDATE endpoint already does (#7413)

JetStream

• Skipped message sequences are now checked for ordering before apply, fixing a potential stream desync on catchups (#7400)
• Skipped message sequences now correctly detect gaps from erased message slots, fixing potential cache issues, slow reads and issues with catchups (#7399, #7401)
• Raft groups now report peer activity more consistently, fixing some cases where asset info and monitoring endpoints may report misleading values after leader changes (#7402)

Complete Changes

v2.12.1-RC.3...v2.12.1-RC.4

Release v2.12.1-RC.3

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.1

Improved

JetStream

• Cache-specific log lines in the filestore have been improved (#7396)

Fixed

JetStream

• The filestore will now correctly expire a cache when the wrong sequence is found (#7396)
• Fixed a data race on a wait group when mirroring streams (#7395)

Complete Changes

v2.12.1-RC.2...v2.12.1-RC.3

Release v2.12.1-RC.2

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.1

Dependencies

• github.com/google/go-tpm v0.9.6 (#7374)
• github.com/nats-io/nats.go v1.46.0 (#7374)

Added

General

• The NewServerFromConfig function has been added to the embedded server API for parsing an external configuration file when ConfigFile is supplied (#7364)
• WebSocket leafnode connections can now use a HTTP proxy by specifying proxy settings in the leafnode remotes (#7242, thanks to @danbailey1000)

Improved

JetStream

• Meta snapshots are no longer taken on every stream removal (#7373)
• Filestore cache lookups can now return early for empty blocks (#7381)
• Filestore meta files are now written using temporary staging, avoiding accidental truncation on crashes (#7388)
• Atomic batch publish now supports deduplication with the Nats-Msg-Id header (#7391)

Fixed

JetStream

• Race conditions and potential panics fixed in the handling of some JetStream API handlers (#7380)
• The filestore no longer loses tombstones when using secure erase (#7384)
• The filestore no longer loses the last sequence when recovering blocks containing only tombstones (#7384)
• The filestore now correctly cleans up empty blocks when selecting the next first block (#7384)
• The filestore now correctly obeys sync_always for writing TTL and scheduling state files (#7385)

Complete Changes

v2.12.1-RC.1...v2.12.1-RC.2

Release v2.11.10

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

• 1.24.7

Dependencies

• golang.org/x/crypto v0.42.0 (#7320)
• github.com/google/go-tpm v0.9.6 (#7376)
• github.com/nats-io/nats.go v1.46.1 (#7377)

Improved

General

• Statistics for gateways, routes and leaf connections are now correctly omitted from accstatsz responses if empty (#7300)

JetStream

• Stream assignment check has been simplified (#7290)
• Additional guards prevent panics when loading corrupted messages from the filestore (#7299)
• The store lock is no longer held while searching for TTL expiry tasks, improving performance (#7344)
• Removing a message from the TTL state is now faster (#7344)
• The filestore no longer performs heap allocations for hash checks (#7345)
• Meta snapshot performance for a very large number of assets has been improved after a regression in v2.11.9 (#7350)
• Sequence-from-timestamp lookups, such as those using opt_start_time on consumers or start_time on message get requests, now use a binary search for improved lookup performance (#7357)
• JetStream API requests are always handled from the worker pool, improving the semantics of the API request queue and logging when requests take too long (#7125)
• JetStream will no longer perform a metalayer snapshot on every stream removal request, reducing API pauses and improving meta performance (#7373)

Fixed

General

• Fixed the exit code when receiving a SIGTERM signal immediately after startup (#7367)

JetStream

• Fixed a use-after-free bug and a buffer reclamation issue in the filestore flusher (#7295)
• Direct get requests now correctly skip over deleted messages if the starting sequence is itself deleted (#7291)
• The Raft layer now strictly enforces that non-leaders cannot send append entries (#7297)
• The filestore now correctly handles recovering filestore blocks with out-of-order sequences from disk corruption (#7303, #7304)
• The filestore now produces more useful error messages when disk corruption is detected (#7305)
• Removed messages with a per-message TTL are now removed from the TTL state immediately (#7344)
• Fixed a bug where TTL state was recovered on startup with subject delete markers enabled, that message expiry would not start as expected (#7344)
• Expiring messages from the filestore no longer leaks timers and expires at the correct time (#7344)
• Deleting a non-existent sequence on a stream no longer results in a cluster reset and leadership election (#7348)
• Subject tree intersection now correctly handles overlapping literals and partial wildcards, i.e. stream.A and stream.*.A, fixing some consumer or message get filters (#7349)
• A data race when checking all JetStream limits has been fixed (#7356)
• Raft will no longer trigger a reset of the clustered state due to a stream snapshot timeout (#7293)

Complete Changes

v2.11.9...v2.11.10

Release v2.12.1-RC.1

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.1

Improved

JetStream

• The store lock is no longer held while searching for TTL expiry tasks, improving performance (#7344)
• Removing a message from the TTL state is now faster (#7344)
• The filestore no longer performs heap allocations for hash checks (#7345)
• The filestore now reuses pooled write cache allocations more efficiently (#7346)
• Meta snapshot performance for a very large number of assets has been improved after a regression in v2.12.0 (#7350)
• Sequence-from-timestamp lookups, such as those using opt_start_time on consumers or start_time on message get requests, now use a binary search for improved lookup performance (#7357)
• Scheduled messages are now deactivated properly when followed up with another message on the same subject without a schedule (#7366)

Fixed

General

• Fixed the exit code when receiving a SIGTERM signal immediately after startup (#7367)

JetStream

• Batch check now uses the correct subject instead of the last subject that does the commit (#7342)
• Removed messages with a per-message TTL are now removed from the TTL state immediately (#7344)
• Fixed a bug where TTL state was recovered on startup with subject delete markers enabled, that message expiry would not start as expected (#7344)
• Expiring messages from the filestore no longer leaks timers and expires at the correct time (#7344)
• Fixed a bug where scheduled messages would not trigger correctly after recovery (#7347)
• Deleting a non-existent sequence on a stream no longer results in a cluster reset and leadership election (#7348)
• Subject tree intersection now correctly handles overlapping literals and partial wildcards, i.e. stream.A and stream.*.A, fixing some consumer or message get filters (#7349)
• A data race when checking all JetStream limits has been fixed (#7356)
• Raft will no longer trigger a reset of the clustered state due to a stream snapshot timeout (#7293)
• Atomic batches now reject unsupported commits (#7368)

Complete Changes

v2.12.0...v2.12.1-RC.1

Release v2.11.10-RC.1

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

• 1.24.7

Dependencies

• golang.org/x/crypto v0.42.0 (#7320)

Improved

General

• Statistics for gateways, routes and leaf connections are now correctly omitted from accstatsz responses if empty (#7300)

JetStream

• Stream assignment check has been simplified (#7290)
• Additional guards prevent panics when loading corrupted messages from the filestore (#7299)
• The store lock is no longer held while searching for TTL expiry tasks, improving performance (#7344)
• Removing a message from the TTL state is now faster (#7344)
• The filestore no longer performs heap allocations for hash checks (#7345)
• Meta snapshot performance for a very large number of assets has been improved after a regression in v2.11.9 (#7350)
• Sequence-from-timestamp lookups, such as those using opt_start_time on consumers or start_time on message get requests, now use a binary search for improved lookup performance (#7357)

Fixed

General

• Fixed the exit code when receiving a SIGTERM signal immediately after startup (#7367)

JetStream

• Fixed a use-after-free bug and a buffer reclamation issue in the filestore flusher (#7295)
• Direct get requests now correctly skip over deleted messages if the starting sequence is itself deleted (#7291)
• The Raft layer now strictly enforces that non-leaders cannot send append entries (#7297)
• The filestore now correctly handles recovering filestore blocks with out-of-order sequences from disk corruption (#7303, #7304)
• The filestore now produces more useful error messages when disk corruption is detected (#7305)
• Removed messages with a per-message TTL are now removed from the TTL state immediately (#7344)
• Fixed a bug where TTL state was recovered on startup with subject delete markers enabled, that message expiry would not start as expected (#7344)
• Expiring messages from the filestore no longer leaks timers and expires at the correct time (#7344)
• Deleting a non-existent sequence on a stream no longer results in a cluster reset and leadership election (#7348)
• Subject tree intersection now correctly handles overlapping literals and partial wildcards, i.e. stream.A and stream.*.A, fixing some consumer or message get filters (#7349)
• A data race when checking all JetStream limits has been fixed (#7356)
• Raft will no longer trigger a reset of the clustered state due to a stream snapshot timeout (#7293)

Complete Changes

v2.11.9...v2.11.10-RC.1

Release v2.12.0

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.1 (#7273)

Added

General

• Exponential backoff on route/gateway reconnection attempts (#7042, #7048)
• Added allow_insecure_cipher_suites configuration option to tls block, as insecure ciphers are now disabled by default (#7144)
• Added X25519MLKEM768 option to the TLS curve preferences (#7280)
• No responders errors from the server now include the original subject in the Nats-Subject header (#5250)
• Added exact_match field to the filtering of various monitoring endpoints for server name, host or cluster matching (#7260)

JetStream

• Atomic batch publishes (#6966, #7057, #7060, #7085, #7090, #7091, #7119, #7152, #7175, #7274, #7294, #7313, #7314, #7311, #7316, #7321, #7322, #7327, #7330)
  • Stage-and-commit style batches for JetStream message publishes with normal consistency checks
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md
• Counter streams (#6973, #6988, #7081, #7118)
  • Counters are incremented or decremented by publishing to the stream with Nats-Incr headers, with full aggregate consistency over sources and mirrors
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-49.md
• Prioritised mode for consumer priority groups (#7113)
  • Allows for low-latency switching between clients based on the priority set
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-42.md
• Support for trusted proxies (#7153)
  • Allows enforcing that connections arrive via a NATS protocol-aware proxy
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-55.md
• Added the ability to promote mirrors to normal streams by removing the mirror configuration (#7171)
  • This allows a mirror to take over operation if the original stream is lost, for example in a disaster recovery scenario
  • This operation cannot be undone and also requires configuring the stream subjects to continue operation
• Added delayed message scheduling (#7170, #7245, #7319)
  • Implements single schedule messages using the Nats-Schedule-TTL message header
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Added support for offline assets (#7158)
  • Streams and consumers from a higher API version or using unsupported features (i.e. after a downgrade) will be marked as offline to prevent corruption
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-44.md
• Added partition(n) for deterministic hash-based partitioning and random(n) for non-deterministic random partitioning to subject transforms (#6950)
• Added the ability to specify the required API level in JetStream API requests with the Nats-Required-Api-Level request header (#7157)
• Added the ability for streams to opt into async writes (#7315, #7323)
• Add server_metadata block to server config, allowing arbitrary key-pairs to be set on a per-server basis, similar to stream/consumer metadata (#6935)
• Support for empty votes, which improves how the Raft election logic handles nodes that have lost their stable storage and attempt to rejoin the cluster regardless (#7038)
• Added "leader_since" to the stream and consumer info responses (#7189)

Leafnodes

• Added the ability to isolate leafnode subject interest propagation with the hub-side isolate_leafnode_interest configuration option, suppressing east-west traffic and reducing subscription overheads when there are many leafnodes (#7238, #7243, #7277)
• Added disabled option for leafnode remotes, with support for reloading from the config at runtime (#7054)

Changed

General

• WebSocket and MQTT clients no longer use TCP keepalives (#7329)

JetStream

• The JetStream API level has been increased to 2 (#6969)
• The API surface is now in strict mode by default, erroring if unknown fields are provided in the request body (#7049)
• Replicated streams will now default to async flush as long as sync: always is not configured (#7018, #7163)
• The default value for max_buffered_msgs has been increased by 10x to 100,000 messages (#6633)

Improved

General

• When logging closed connections, the remote is now logged if known, making it easier to identify where route/gateway/leafnode connections have dropped (#7077)
• Client-specific log lines now include the account and user if known (#7079)

JetStream

• Raft nodes will no longer respond success to catchup messages and will ignore responses if not leader, fixing some potential stream desync scenarios (#6944)
• Replicated streams can now be created even if some of the replica nodes are offline (#7075)
• The storage type is now logged when logging resource limits exceeded (#7076)
• JetStream API requests are always handled from the worker pool, improving the semantics of the API request queue and logging when requests take too long (#7125)
• Filestore in-memory caches now use weak pointers and can respond to garbage collector (GC) pressure, which should help to avoid a number of possible out-of-memory scenarios (#7180)
• Filestore buffer reuse has been fixed (#7295)
• Raft will no longer send any append entries in a known non-leader state (#7297)
• Improved recovery of filestore blocks with unexpected sequence ordering (#7303, #7304, #7305)
• Filestore fixes to improve write correctness, particularly when combined with async mode (#7318, #7331)

Leafnodes

• Leafnode connections without auth no longer unexpectedly connect to the global account (#7116)

Fixed

JetStream

• Improved validation for stream/consumer configs (#7134)
• An error will now be correctly surfaced when the Nats-Expected-Last-Subject-Sequence-Subject header is supplied but the accompanying Nats-Expected-Last-Subject-Sequence header is not (#7196)

OCSP

• URL encoding of OCSP requests should now be RFC4648-compliant (#7184)

Complete Changes

v2.11.0...v2.12.0

Release v2.12.0-RC.6

Changelog

This release also contains all changes up to and including v2.11.9.

Go Version

• 1.25.1 (#7273)

Added

General

• Exponential backoff on route/gateway reconnection attempts (#7042, #7048)
• Added allow_insecure_cipher_suites configuration option to tls block, as insecure ciphers are now disabled by default (#7144)
• Added X25519MLKEM768 option to the TLS curve preferences (#7280)
• No responders errors from the server now include the original subject in the Nats-Subject header (#5250)
• Added exact_match field to the filtering of various monitoring endpoints for server name, host or cluster matching (#7260)

JetStream

• Atomic batch publishes (#6966, #7057, #7060, #7085, #7090, #7091, #7119, #7152, #7175, #7274, #7294, #7313, #7314, #7311, #7316, #7321, #7322, #7327, #7330)
  • Stage-and-commit style batches for JetStream message publishes with normal consistency checks
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md
• Counter streams (#6973, #6988, #7081, #7118)
  • Counters are incremented or decremented by publishing to the stream with Nats-Incr headers, with full aggregate consistency over sources and mirrors
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-49.md
• Prioritised mode for consumer priority groups (#7113)
  • Allows for low-latency switching between clients based on the priority set
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-42.md
• Added no_hdr flag to message get and direct get API endpoints (#6994)
  • Messages returned with this flag set will not contain headers, allowing fast access to e.g. counter values
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-52.md
• Support for trusted proxies (#7153)
  • Allows enforcing that connections arrive via a NATS protocol-aware proxy
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-55.md
• Added the ability to promote mirrors to normal streams by removing the mirror configuration (#7171)
  • This allows a mirror to take over operation if the original stream is lost, for example in a disaster recovery scenario
  • This operation cannot be undone and also requires configuring the stream subjects to continue operation
• Added delayed message scheduling (#7170, #7245, #7319)
  • Implements single schedule messages using the Nats-Schedule-TTL message header
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Added support for offline assets (#7158)
  • Streams and consumers from a higher API version or using unsupported features (i.e. after a downgrade) will be marked as offline to prevent corruption
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-44.md
• Added partition(n) for deterministic hash-based partitioning and random(n) for non-deterministic random partitioning to subject transforms (#6950)
• Added the ability to specify the required API level in JetStream API requests with the Nats-Required-Api-Level request header (#7157)
• Added the ability for streams to opt into async writes (#7315, #7323)
• Add server_metadata block to server config, allowing arbitrary key-pairs to be set on a per-server basis, similar to stream/consumer metadata (#6935)
• Support for empty votes, which improves how the Raft election logic handles nodes that have lost their stable storage and attempt to rejoin the cluster regardless (#7038)
• Added "leader_since" to the stream and consumer info responses (#7189)

Leafnodes

• Added the ability to isolate leafnode subject interest propagation with the hub-side isolate_leafnode_interest configuration option, suppressing east-west traffic and reducing subscription overheads when there are many leafnodes (#7238, #7243, #7277)
• Added disabled option for leafnode remotes, with support for reloading from the config at runtime (#7054)

Changed

General

• WebSocket and MQTT clients no longer use TCP keepalives (#7329)

JetStream

• The JetStream API level has been increased to 2 (#6969)
• The API surface is now in strict mode by default, erroring if unknown fields are provided in the request body (#7049)
• Replicated streams will now default to async flush as long as sync: always is not configured (#7018, #7163)
• The default value for max_buffered_msgs has been increased by 10x to 100,000 messages (#6633)

Improved

General

• When logging closed connections, the remote is now logged if known, making it easier to identify where route/gateway/leafnode connections have dropped (#7077)
• Client-specific log lines now include the account and user if known (#7079)

JetStream

• Raft nodes will no longer respond success to catchup messages and will ignore responses if not leader, fixing some potential stream desync scenarios (#6944)
• Replicated streams can now be created even if some of the replica nodes are offline (#7075)
• The storage type is now logged when logging resource limits exceeded (#7076)
• JetStream API requests are always handled from the worker pool, improving the semantics of the API request queue and logging when requests take too long (#7125)
• Filestore in-memory caches now use weak pointers and can respond to garbage collector (GC) pressure, which should help to avoid a number of possible out-of-memory scenarios (#7180)
• Filestore buffer reuse has been fixed (#7295)
• Raft will no longer send any append entries in a known non-leader state (#7297)
• Improved recovery of filestore blocks with unexpected sequence ordering (#7303, #7304, #7305)
• Filestore fixes to improve write correctness, particularly when combined with async mode (#7318, #7331)

Leafnodes

• Leafnode connections without auth no longer unexpectedly connect to the global account (#7116)

Fixed

JetStream

• Improved validation for stream/consumer configs (#7134)
• An error will now be correctly surfaced when the Nats-Expected-Last-Subject-Sequence-Subject header is supplied but the accompanying Nats-Expected-Last-Subject-Sequence header is not (#7196)

OCSP

• URL encoding of OCSP requests should now be RFC4648-compliant (#7184)

Complete Changes

v2.12.0-RC.5...v2.12.0-RC.6