Skip to content

Releases: nats-io/nats-server

Release v2.11.2-RC.1

17 Apr 17:50
v2.11.2-RC.1
297c4dd
Compare
Choose a tag to compare
Release v2.11.2-RC.1 Pre-release
Pre-release

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

  • 1.24.2

Dependencies

  • github.com/nats-io/nats.go v1.41.2 (#6805)
  • github.com/nats-io/nkeys v0.4.11 (#6805)

Added

General

  • Support for a default sentinel JWT, which is used in operator mode when none is specified, has been added making it possible to have default users (#6577)
  • New TraceHeaders option to ensure that trace logging only emits headers and not message payloads (#6638)

JetStream

  • Subject delete markers are now placed for messages that have aged out due to their TTL and not just because of the MaxAge policy (#6741)

Improved

General

  • The publish permissions cache should now remain under the max allowed size more aggressively with improved pruning (#6674)
  • It is now possible with service imports to import the same subject from multiple different accounts (#6704)
  • Updating an account claim with a reduced max connection count no longer causes internal clients to be closed, fixing cases where JetStream assets could become unavailable (#6785)
  • GOMAXPROCS and GOMEMLIMIT are now reported in both statsz and varz (#6791)
  • Improved tls_timeout configuration parsing consistency between authorization and timeout (#6731)
  • Allow servers with different pool sizes when using multiple routes, simplifying configuration changes and rolling updates (#6676)

JetStream

  • Improved purge performance, particularly for KV PurgeDeletes calls, with optimised code paths for finding last sequences and reducing allocations (#6801)
  • Improved replicated asset creation performance by campaigning for group leadership more quickly (#6697)
  • Improved the debug log message when resetting a group WAL after failing to truncate (#6705)
  • Improved checking for streams that overlap with JS API or system subjects, so that badly-configured streams should not be able to break the API (#6786)

Fixed

General

  • Fix a possible panic when a subject transform has missing tokens (#6612)
  • Fix a possible panic when adding dedicated routes during a configuration reload (#6668)
  • Data race when shutting down eventing has been resolved (#6620)
  • A deadlock when updating account claims with service imports/exports has now been fixed (#6726)
  • The jsz monitoring endpoint now correctly paginates with offset (#6794)
  • Parsing the cluster_traffic option at startup no longer results in a panic if the account has not loaded yet (#6733)

JetStream

  • Fix clustered consumer consistency problems by waiting for delivered state to reach quorum before delivering new messages, resolving issues where acknowledged messages could be redelivered after a consumer leader change
    • NOTE: This may negatively impact the throughput of replicated consumers. R1 consumers, consumers with AckNone ack policy and ordered consumers are not affected and may be more suitable for high-speed processing
  • JetStream is no longer incorrectly disabled when specifying --js and --store_dir on the command line and then issuing a configuration reload (#6609)
  • Correctly remove messages from an interest-based stream when using AckAll consumers (#6587)
  • Preserve the first sequence when rebuilding state due to invalid checksums with no remaining messages (#6647)
  • When recovering from disk, ignore temporary files that can be created during stream compression so that the same blocks do not get loaded more than once (#6684)
  • Do not incorrectly reset group WALs when a new leader sends matching term information after a snapshot (#6691)
  • Corrected a regression in the memory store when purging, aligning it with the filestore behaviour (#6714)
  • When issuing a peer remove on a stream, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers (#6720)
  • When issuing a peer remove on a consumer, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers (#6727)
  • A race condition that could result in observer nodes becoming incorrectly elected as a group leader has been fixed when using leafnodes with shared system accounts (#6730)
  • Ensure that duplicate Raft groups are not created for the same asset during a restart (#6732)
  • Allow the use of the extended consumer create API when combining service imports/exports and limited API permissions (#6759)
  • Streams with the FirstSeq configured are no longer incorrectly purged after a restart if the stream first sequence still matches the configured first sequence (#6753)
  • Correctly write tombstones when purging and compacting, fixing a bug that could result in some deleted messages returning if the stream index had to be rebuilt (#6685)
  • The memory store no longer leaks memory tracking deleted sequences after a full stream purge (#6769)
  • Correctly handle acks for subjects that include a @ character (#6777)
  • Avoid losing stream sequence numbers of the server is interrupted by generating a new last message block before removing the final remaining block, particularly noticeable with WQ or interest retention policies (#6778)
  • Use the correct floor when using AckAll in R1 consumers (#6790)
  • Preserve consumer state when a stream needs to be reset due to a failed catchup (#6796)
  • Correctly enforce the 32MB maximum publish size limit into JetStream, avoiding filestore corruption from overflowing the maximum record length (#6798)
  • Preserve the redelivered state if the consumer leader is placed on a server that is a lagging stream follower to keep accounting correct (#6698)
  • Idempotent stream or consumer creations on a server upgrade from 2.10.x will no longer fail due to metadata changes (#6716)
  • Do not place rejected messages with invalid TTLs into the deduplication map if using Nats-Msg-Id (#6725)
  • Message TTLs are now recovered properly from multiple messages if the timed hash wheel state is lost or corrupted on disk (#6758)
  • Consumer priority groups will no longer get stuck in a tight-loop if there are multiple requests from different clients but some are not receiving due to the priority policy (#6749)
  • Subject delete markers are now replicated more reliably and are now retriable, improving consistency in clustered mode (#6776)
  • Tombstones are now correctly written for messages that have aged out due to their TTL, such that the deletion is preserved if the stream state is rebuilt (#6781)
  • Corrected an off-by-one error that could cause the TTL state to be rebuilt unnecessarily on a server restart (#6679)
  • Fixed a race condition in the timed hash wheel that could result in an underflow of the hash count (#6787)

Gateways

  • Fixed a bug that could result in a lost queue subscriptions on gateway connections after a restart or a remote unsubscribe (#6607)

Complete Changes

v2.11.1...v2.11.2-RC.1

Release v2.10.28-RC.1

17 Apr 17:49
v2.10.28-RC.1
c4d7e16
Compare
Choose a tag to compare
Release v2.10.28-RC.1 Pre-release
Pre-release

Changelog

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

Go Version

  • 1.24.2

Dependencies

  • github.com/nats-io/nats.go v1.41.2 (#6805)
  • github.com/nats-io/nkeys v0.4.11 (#6805)
  • golang.org/x/crypto v0.37.0 (#6805)
  • golang.org/x/sys v0.32.0 (#6805)

Improved

General

  • The publish permissions cache should now remain under the max allowed size more aggressively with improved pruning (#6674)
  • It is now possible with service imports to import the same subject from multiple different accounts (#6704)
  • Updating an account claim with a reduced max connection count no longer causes internal clients to be closed, fixing cases where JetStream assets could become unavailable (#6785)
  • GOMAXPROCS and GOMEMLIMIT are now reported in both statsz and varz (#6791)

JetStream

  • Improved purge performance, particularly for KV PurgeDeletes calls, with optimised code paths for finding last sequences and reducing allocations (#6801)
  • Improved replicated asset creation performance by campaigning for group leadership more quickly (#6697)
  • Improved the debug log message when resetting a group WAL after failing to truncate (#6705)
  • Improved checking for streams that overlap with JS API or system subjects, so that badly-configured streams should not be able to break the API (#6786)

Fixed

General

  • Fix a possible panic when a subject transform has missing tokens (#6612)
  • Fix a possible panic when adding dedicated routes during a configuration reload (#6668)
  • Data race when shutting down eventing has been resolved (#6620)
  • A deadlock when updating account claims with service imports/exports has now been fixed (#6726)
  • The jsz monitoring endpoint now correctly paginates with offset (#6794)

JetStream

  • JetStream is no longer incorrectly disabled when specifying --js and --store_dir on the command line and then issuing a configuration reload (#6609)
  • Correctly remove messages from an interest-based stream when using AckAll consumers (#6587)
  • Preserve the first sequence when rebuilding state due to invalid checksums with no remaining messages (#6647)
  • When recovering from disk, ignore temporary files that can be created during stream compression so that the same blocks do not get loaded more than once (#6684)
  • Do not incorrectly reset group WALs when a new leader sends matching term information after a snapshot (#6691)
  • Corrected a regression in the memory store when purging, aligning it with the filestore behaviour (#6714)
  • When issuing a peer remove on a stream, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers (#6720)
  • When issuing a peer remove on a consumer, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers (#6727)
  • A race condition that could result in observer nodes becoming incorrectly elected as a group leader has been fixed when using leafnodes with shared system accounts (#6730)
  • Ensure that duplicate Raft groups are not created for the same asset during a restart (#6732)
  • Allow the use of the extended consumer create API when combining service imports/exports and limited API permissions (#6759)
  • Streams with the FirstSeq configured are no longer incorrectly purged after a restart if the stream first sequence still matches the configured first sequence (#6753)
  • Correctly write tombstones when purging and compacting, fixing a bug that could result in some deleted messages returning if the stream index had to be rebuilt (#6685)
  • The memory store no longer leaks memory tracking deleted sequences after a full stream purge (#6769)
  • Correctly handle acks for subjects that include a @ character (#6777)
  • Avoid losing stream sequence numbers of the server is interrupted by generating a new last message block before removing the final remaining block, particularly noticeable with WQ or interest retention policies (#6778)
  • Use the correct floor when using AckAll in R1 consumers (#6790)
  • Preserve consumer state when a stream needs to be reset due to a failed catchup (#6796)
  • Correctly enforce the 32MB maximum publish size limit into JetStream, avoiding filestore corruption from overflowing the maximum record length (#6798)

Gateways

  • Fixed a bug that could result in a lost queue subscriptions on gateway connections after a restart or a remote unsubscribe (#6607)

Complete Changes

v2.10.27...v2.10.28-RC.1

Release v2.11.1

08 Apr 16:40
v2.11.1
d78523b
Compare
Choose a tag to compare

Changelog

Go Version

  • 1.24.1

CVEs

  • This release contains fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27.

Fixed

JetStream

  • Correctly validate the calling account on a number of system API calls
  • Check system and account limits when processing a stream restore

Complete Changes

v2.11.0...v2.11.1

Release v2.10.27

08 Apr 16:39
v2.10.27
6b830a9
Compare
Choose a tag to compare

Changelog

Go Version

  • 1.24.1

CVEs

  • This release contains fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27.

Fixed

JetStream

  • Correctly validate the calling account on a number of system API calls
  • Check system and account limits when processing a stream restore
  • Fixed a performance regression when using max messages per subject of 1 (#6688)

Complete Changes

v2.10.26...v2.10.27

Release v2.11.1-binary

31 Mar 17:29
ccaa07e
Compare
Choose a tag to compare

Changelog

Go Version

  • 1.24.1

CVEs

  • This is a binary-only release containing fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27. Public disclosure of the details, including the source code, will be made available no sooner than a week from the release date. All environments should update as soon as possible. For workflows that rely on building from source, we recommend using the binary in the interim.

Release v2.10.27-binary

31 Mar 17:29
dae965a
Compare
Choose a tag to compare

Changelog

Go Version

  • 1.24.1

CVEs

  • This is a binary-only release containing fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27. Public disclosure of the details, including the source code, will be made available no sooner than a week from the release date. All environments should update as soon as possible. For workflows that rely on building from source, we recommend using the binary in the interim.

Release v2.11.0

19 Mar 16:23
v2.11.0
99e836e
Compare
Choose a tag to compare

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

Dependencies

  • golang.org/x/crypto v0.36.0 (#6618)
  • golang.org/x/sys v0.31.0 (#6618)
  • golang.org/x/time v0.11.0 (#6618)
  • github.com/google/go-tpm v0.9.3 (#6295)
  • github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op (#6164)

Added

General

  • Distributed message tracing (#5014, #5057)
    • A message with the Nats-Trace-Dest header set to a valid subject will receive events representing what happens to the message as it moves through the system
    • Events contain information such as ingress, subject mapping, stream exports, service imports, egress to subscriptions, routes, gateways or leafnodes
    • An additional Nats-Trace-Only header, if set to true, will produce the same tracing events but will not deliver the message to the final destination
  • Configuration state digest (#4325)
    • A hash of the configuration file can be generated using the -t option on the command line
    • The hash of the currently running configuration file can be seen in the config_digest option in varz
  • Enable scoped users to have templates that are not limited to a subject token (#5981)
  • New js-meta-only option for healthz healthcheck (#6649)

JetStream

  • Per-message TTLs (#6272, #6354, #6363, #6370, #6376, #6385, #6400)
    • The Nats-TTL header, provided either as a string duration (1m, 30s) or an integer in seconds, will age out the message independently of stream limits
    • More information on this is available in ADR-43
  • Subject delete markers on MaxAge (#6378, #6389, #6393, #6400, #6404, #6428, #6432)
    • The SubjectDeleteMarkerTTL stream configuration option determines whether to place marker messages and how long they should live for
    • The marker message will have a Nats-Marker-Reason header explaining which limit caused the marker to be left behind
    • More information on this is available in ADR-43
  • Pull consumer priority groups with pinning and overflow (#5814, #6078, #6081)
    • Allows patterns such as one consumer receiving all messages, but handing over to a second consumer if the first one fails, or groups of clients accessing the same consumer should have different priorities
    • The PriorityGroups and PriorityPolicy options in the consumer configuration control the policy
    • More information on this is available in ADR-42
  • Consumer pausing (#5066)
    • The PauseUntil consumer configuration option and $JS.API.CONSUMER.PAUSE endpoint suspends message delivery to the consumer until the time specified is reached, after which point it will resume automatically
  • Asset versioning (#5850, #5855, #5857)
    • More information on this is available in ADR-44
  • Multi-get directly from a stream (#5107)
    • More information on this is available in ADR-31
  • Pedantic mode (#5245)
    • Ensures that stream and consumer creates or updates will fail if the resulting configuration would differ due to defaults, useful for desired-state configuration
  • Stream ingest rate limiting (#5796)
    • New max_buffered_size and max_buffered_msgs options in the jetstream block of the server config control how many publishes should be queued before rate-limiting, making it easier to protect the system against Core NATS publishes into JetStream
    • Where a reply subject is provided, rate-limited messages will receive a 429 “Too Many Requests” response and can retry later
  • Support for Nats-Expected-Last-Subject-Sequence-Subject header, customising the subject used when paired with Nats-Expected-Last-Subject-Sequence (#5281) Thanks to @cchamplin for the contribution!
  • Ability to move cluster Raft traffic into the asset account instead of using the system account using the new cluster_traffic configuration option (#5466, #5947)
  • Ability to specify preferred placement tags or clusters using preferred when issuing stepdown requests to the metaleader, streams or consumers (#6282, #6284)
  • Implement strict decoding for JetStream API requests with the new strict option in the jetstream block of the server config (#5858)
  • JetStream encryption on Windows can now use the TPM for key storage (#5273)
  • The js_cluster_migrate option can now be configured with a delay, controlling how long before a failure would result in asset migration (#5903)

Leafnodes

  • Support for TLS First on leafnode connections with the handshake_first option (#4119, #5783)

WebSocket

MQTT

  • SparkplugB Aware support (#5241)

Improved

General

  • A graceful shutdown caused by the SIGTERM signal will now return exit code 0 instead of exit code 1 (#6336)
  • Attempt to prune the publish permissions cache more than once, reducing the chance it can grow beyond the intended size (#6674)

JetStream

  • Improved the performance of subject tracking with a max messages per subject limit of 1 (#6688)

Fixed

General

  • Server, cluster and gateway names containing spaces will now be rejected, since these can cause issues (#5676)

JetStream

  • Message removals due to acks in clustered interest-based or work queue streams are now proposed through Raft (#6140)
    • Ensures that the removal ordering across all replicas is consistent, but may increase the amount of replication traffic
  • Consistency improvements for the metalayer, streams and consumers (#6194, #6485, #6518)
    • A new leader only starts responding to read/write requests once it's initially up-to-date with its Raft log
    • Also fixes issues where KV creates/updates to a key during leader changes could desync the stream
  • Replicated consumers should no longer skip redeliveries of unacknowledged messages after a leader change (#6566)
  • Consumer starting sequence is now always respected, except for consumers used for sources/mirrors (#6253)
  • Recovering from a bad message block checksum when there are meant to be zero messages will now correctly populate the first sequence if the last sequence was known from the stream state (#6647)
  • A panic when reloading the config to add a dedicated route has been fixed for systems that have no pinned routes and no system account (#6668)
  • When recovering from filestore blocks, ignore temporary files created as a part of re-compression or re-encryption (#6684)

Complete Changes

v2.10.0...v2.11.0

Release v2.11.0-RC.5

18 Mar 16:49
v2.11.0-RC.5
68dbdcc
Compare
Choose a tag to compare
Release v2.11.0-RC.5 Pre-release
Pre-release

Changelog

Go Version

Improved

JetStream

  • Improved the performance of subject tracking with a max messages per subject limit of 1 (#6688)
  • Subject delete markers are now proposed through the stream layer, to ensure consistent ordering across cluster replicas (#6689)

Fixed

JetStream

  • When recovering from filestore blocks, ignore temporary files created as a part of re-compression or re-encryption (#6684)
  • Fix a timing inconsistency that could arise between per-message TTLs and the max age retention policy on the stream (#6690)

Complete Changes

v2.11.0-RC.4...v2.11.0-RC.5

Release v2.11.0-RC.4

14 Mar 15:40
v2.11.0-RC.4
6658e68
Compare
Choose a tag to compare
Release v2.11.0-RC.4 Pre-release
Pre-release

Changelog

Go Version

Improved

General

  • Attempt to prune the publish permissions cache more than once, reducing the chance it can grow beyond the intended size (#6674)

Fixed

General

  • Recovering from a bad message block checksum when there are meant to be zero messages will now correctly populate the first sequence if the last sequence was known from the stream state (#6647)
  • A panic when reloading the config to add a dedicated route has been fixed for systems that have no pinned routes and no system account (#6668)

Complete Changes

v2.11.0-RC.3...v2.11.0-RC.4

Release v2.11.0-RC.3

12 Mar 17:09
v2.11.0-RC.3
4cf8c6a
Compare
Choose a tag to compare
Release v2.11.0-RC.3 Pre-release
Pre-release

Changelog

Go Version

Added

General

  • New js-meta-only option for healthz healthcheck (#6649)

Fixed

General

  • Don’t skip reload when there are no configuration changes, as this may prevent reloading certificates (#6634)

Complete Changes

v2.11.0-RC.2...v2.11.0-RC.3