Skip to content

Release v2.14.3

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 Jun 15:36
· 356 commits to main since this release
v2.14.3
This tag was signed with the committer’s verified signature.
neilalexander Neil
GPG key ID: 8993BAD6C5E51CD8
Verified
Learn about vigilant mode.
9b17a58
This commit was signed with the committer’s verified signature.
neilalexander Neil
GPG key ID: 8993BAD6C5E51CD8
Verified
Learn about vigilant mode.

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

Dependencies

  • golang.org/x/crypto v0.53.0 (#8297)
  • golang.org/x/sys v0.46.0 (#8297)
  • github.com/nats-io/jwt/v2 v2.8.2
  • github.com/nats-io/nkeys v0.4.16

Improved

General

  • Per-connection log lines that could be noisy in normal operation have been demoted to debug level (#8289)
  • Writer options are now applied consistently when using the s2_fast compression mode (#8047)

JetStream

  • Stream and consumer assignment handling has been refactored for more consistent migration and info behavior (#8262)
  • Meta, stream and consumer write errors are now registered more consistently for health and recovery handling (#8293)

Removed

Monitoring

  • JSONP callback support has been removed from monitoring endpoints

Fixed

General

  • Long-running reconnect and OCSP loops no longer retain unused timers, reducing memory pressure over time (#8204)
  • Inherited JWT default permissions are now refreshed when account claims are updated (#8276)
  • External auth configuration is now cleared correctly when account claims are updated (#8275)
  • PROXY protocol detection, TLS sniffing with allow_non_tls and PROXY v1 address-family parsing have been fixed (#8302)
  • A race in gateway CONNECT handling has been fixed (#8306)
  • Trusted proxy tracking no longer leaks closed clients during concurrent updates (#8307)
  • Service import replies can now be delivered across cluster routes (#8317)
  • Message tracing now works correctly with service imports and exports
  • Several panic, fatal and data race conditions in authentication, routing, monitoring and clustered request handling have been fixed
  • NoAuthUser now checks connection restrictions
  • Leaf connections no longer bypass Nats-Trace-Dest publish permission checks
  • CONNZ and SUBSZ pagination now guard against Offset and Limit integer overflow panics
  • Fixed a nil pointer panic when starting up when the resolver parent directory is missing (#8329)

MQTT

  • Partial CONNECT packets can no longer exhaust pre-authentication memory
  • PUBLISH remaining-length underflow no longer causes a server panic
  • Subscriptions to internal $MQTT.deliver.pubrel subjects are now rejected
  • Subscribe deny rules are now enforced on retained message and QoS replay paths
  • WebSocket /mqtt upgrades no longer panic when MQTT is disabled

Monitoring

  • JetStream remote usage updates no longer panic on length integer overflow

JetStream

  • A data race on the cluster meta node during JetStream shutdown has been fixed (#8260)
  • Meta proposal inflight tracking is now kept consistent during stream moves and related operations (#8261)
  • Stream catchup is no longer skipped when limits are exceeded, preventing possible stream desync (#8265)
  • Malformed TTL and schedule state is now rejected during decode (#8269)
  • Zero consumer limits are now treated as unlimited during stream updates (#8286)
  • Raft nodes no longer participate in voting or candidacy after write errors (#8290)
  • Raft checkpoint handling now aborts if the node is closed (#8296)
  • Raft ApplyCommit now handles the post-snapshot index correctly (#8321)
  • Consumer ack subscriptions now match correctly when consumer names contain % (#8301)
  • Observer state is now cleared correctly during js_cluster_migrate when a leaf remote is removed (#8304)
  • Atomic batch end-of-batch max-size checks and R1 message rewrites have been fixed (#8305)
  • Schedule drift, failed fast batch commits with gapOk and stale /varz leaf remote state have been fixed (#8308)
  • Peer state decoding now bounds peer ID reads to the buffer length (#8310)
  • Counter stream staging no longer corrupts the committed running total (#8311)
  • Filestore compaction no longer corrupts compressed or encrypted blocks (#8312)
  • Memory store NumPending no longer overcounts for DeliverLastPerSubject consumers (#8313)
  • Consumer inactive-delete grace period handling and pull request MaxBytes budgeting have been fixed (#8314)
  • MultiLastSeqs no longer reorders stream config subjects through filterIsAll handling (#8315)
  • Meta recovery snapshots no longer leave phantom streams or consumers behind (#8324)
  • Skipped messages last time no longer violates ordering that could lead to issues with starting by time (#8237)
  • Raft now reverts uncommitted membership changes correctly when truncating or snapshotting (#8332)

Credits

While CVE advisory notices are credited individually, a number of fixes in this release were the result of non-CVE reports from the following contributors:

Complete Changes

v2.14.2...v2.14.3

Contributors

0xVijay, Emin-ACIKGOZ, and alanturing881
Assets 55
Loading