kjuulh/ceen
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Update all dependencies #69

Open
kjuulh wants to merge 1 commits from renovate/all into main
pull from: renovate/all
merge into: kjuulh:main
Conversation 1 Commits 1 Files Changed 2 +25 -8
kjuulh commented 2025-03-25 23:31:30 +01:00
Owner
Copy Link

This PR contains the following updates:

Package Type Update Change
github.com/nats-io/nats-server/v2 require minor v2.10.26 -> v2.11.3
github.com/nats-io/nats.go require minor v1.39.1 -> v1.42.0
go (source) toolchain patch 1.24.1 -> 1.24.3

Release Notes

nats-io/nats-server (github.com/nats-io/nats-server/v2)

v2.11.3

Compare Source

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version
  • 1.24.2
Added

MQTT

  • New js_api_timeout option controls how long to wait for JetStream operations caused by MQTT calls (#​6833)
Improved

JetStream

  • Reduced allocations in subject tree matching (#​6837)
Fixed

General

  • Fixed TLS 1.2 negotiation when using ECDSA certificates from the Windows certificate store (#​6803)

JetStream

  • Fix a regression introduced in v2.11.2 which can affect calculating consumer subject interest (#​6845)
  • Consumer state reporting of filtered consumers is now more consistent (#​6835)
  • Raft nodes will now correctly report to the upper layer when a preferred node does not become the leader, fixing some issues where multiple assets can believe they are the leader after a scale-up operation (#​6851)

Monitoring

  • The connz endpoint will now return open connections correctly with state set to all (#​6849)
Complete Changes

v2.11.2

Compare Source

[!IMPORTANT]
This version contains a regression that has since been fixed in 2.11.3. Please upgrade to that version instead.

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version
  • 1.24.2
Dependencies
  • github.com/nats-io/nats.go v1.41.2 (#​6805)
  • github.com/nats-io/nkeys v0.4.11 (#​6805)
  • github.com/nats-io/jwt/v2 v2.7.4 (#​6813)
Added

General

  • Support for a default sentinel JWT, which is used in operator mode when none is specified, has been added making it possible to have default users (#​6577)
  • New trace_headers option to ensure that trace logging only emits headers and not message payloads (#​6638)

JetStream

  • Subject delete markers are now placed for messages that have aged out due to their TTL and not just because of the MaxAge policy (#​6741)
Improved

General

  • The publish permissions cache should now remain under the max allowed size more aggressively with improved pruning (#​6674)
  • It is now possible with service imports to import the same subject from multiple different accounts (#​6704)
  • Updating an account claim with a reduced max connection count no longer causes internal clients to be closed, fixing cases where JetStream assets could become unavailable (#​6785)
  • GOMAXPROCS and GOMEMLIMIT are now reported in both statsz and varz (#​6791)
  • Improved tls_timeout configuration parsing consistency between authorization and timeout (#​6731)
  • Allow servers with different pool sizes when using multiple routes, simplifying configuration changes and rolling updates (#​6676)
  • Auth tokens are now redacted in trace-level logs for enhanced security (#​6808)
  • Trapped signals are now logged at notice level instead of debug (#​6800)

JetStream

  • Improved purge performance, particularly for KV PurgeDeletes calls, with optimised code paths for finding last sequences and reducing allocations (#​6801, #​6825)
  • Improved replicated asset creation performance by campaigning for group leadership more quickly (#​6697)
  • Improved the debug log message when resetting a group WAL after failing to truncate (#​6705)
  • Improved checking for streams that overlap with JS API or system subjects, so that badly-configured streams should not be able to break the API (#​6786)
  • Allow setting per-message TTLs to values lower than the configured SubjectDeleteMarkerTTL when the stream has a max messages per subject limit of 1 (#​6818)
  • Servers that have been peer-remove'd can now be re-admitted automatically after 5 minutes without a server restart (#​6815)
Fixed

General

  • Fix a possible panic when a subject transform has missing tokens (#​6612)
  • Fix a possible panic when adding dedicated routes during a configuration reload (#​6668)
  • Data race when shutting down eventing has been resolved (#​6620)
  • A deadlock when updating account claims with service imports/exports has now been fixed (#​6726)
  • The jsz monitoring endpoint now correctly paginates with offset (#​6794, #​6816)
  • Parsing the cluster_traffic option at startup no longer results in a panic if the account has not loaded yet (#​6733)

JetStream

  • Fix clustered consumer consistency problems by waiting for delivered state to reach quorum before delivering new messages, resolving issues where acknowledged messages could be redelivered after a consumer leader change
    • NOTE: This may negatively impact the throughput of replicated consumers. R1 consumers, consumers with AckNone ack policy and ordered consumers are not affected and may be more suitable for high-speed processing
  • JetStream is no longer incorrectly disabled when specifying --js and --store_dir on the command line and then issuing a configuration reload (#​6609)
  • Correctly remove messages from an interest-based stream when using AckAll consumers (#​6587)
  • Preserve the first sequence when rebuilding state due to invalid checksums with no remaining messages (#​6647)
  • When recovering from disk, ignore temporary files that can be created during stream compression so that the same blocks do not get loaded more than once (#​6684)
  • Do not incorrectly reset group WALs when a new leader sends matching term information after a snapshot (#​6691)
  • Corrected a regression in the memory store when purging, aligning it with the filestore behaviour (#​6714)
  • When issuing a peer remove on a stream, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers (#​6720)
  • When issuing a peer remove on a consumer, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers (#​6727)
  • A race condition that could result in observer nodes becoming incorrectly elected as a group leader has been fixed when using leafnodes with shared system accounts (#​6730)
  • Ensure that duplicate Raft groups are not created for the same asset during a restart (#​6732)
  • Allow the use of the extended consumer create API when combining service imports/exports and limited API permissions (#​6759)
  • Streams with the FirstSeq configured are no longer incorrectly purged after a restart if the stream first sequence still matches the configured first sequence (#​6753)
  • Correctly write tombstones when purging and compacting, fixing a bug that could result in some deleted messages returning if the stream index had to be rebuilt (#​6685)
  • The memory store no longer leaks memory tracking deleted sequences after a full stream purge (#​6769)
  • Correctly handle acks for subjects that include a @ character (#​6777)
  • Avoid losing stream sequence numbers of the server is interrupted by generating a new last message block before removing the final remaining block, particularly noticeable with WQ or interest retention policies (#​6778)
  • Use the correct floor when using AckAll in R1 consumers (#​6790)
  • Preserve consumer state when a stream needs to be reset due to a failed catchup (#​6796)
  • Correctly enforce the 32MB maximum publish size limit into JetStream, avoiding filestore corruption from overflowing the maximum record length (#​6798)
  • Preserve the redelivered state if the consumer leader is placed on a server that is a lagging stream follower to keep accounting correct (#​6698)
  • Idempotent stream or consumer creations on a server upgrade from 2.10.x will no longer fail due to metadata changes (#​6716)
  • Do not place rejected messages with invalid TTLs into the deduplication map if using Nats-Msg-Id (#​6725)
  • Message TTLs are now recovered properly from multiple messages if the timed hash wheel state is lost or corrupted on disk (#​6758)
  • Consumer priority groups will no longer get stuck in a tight-loop if there are multiple requests from different clients but some are not receiving due to the priority policy (#​6749)
  • Subject delete markers are now replicated more reliably and are now retriable, improving consistency in clustered mode (#​6776)
  • Tombstones are now correctly written for messages that have aged out due to their TTL, such that the deletion is preserved if the stream state is rebuilt (#​6781)
  • Corrected an off-by-one error that could cause the TTL state to be rebuilt unnecessarily on a server restart (#​6679)
  • Fixed a race condition in the timed hash wheel that could result in an underflow of the hash count (#​6787)
  • Push consumers are no longer incorrectly marked as inactive after a delivery failure if there is continued interest (#​6807)
  • Internal clients for JetStream are no longer closed unexpectedly after updating an expired account claim (#​6817)
  • Fixed a panic that could potentially occur when starting clustered consumers when the metalayer is shutting down (#​6823)
  • Fixed a bug in subject tree intersection that could miss some subjects when looking for first matching messages matching FilterSubjects (#​6828)
  • Subject delete markers now have the correct headers when retrieved using direct get (#​6826)
  • Messages with a TTL now are removed correctly after a restart has interrupted the deletion process (#​6828)

Gateways

  • Fixed a bug that could result in a lost queue subscriptions on gateway connections after a restart or a remote unsubscribe (#​6607)
Complete Changes

v2.11.1

Compare Source

Changelog

Go Version
  • 1.24.1
CVEs
  • This release contains fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27.
Fixed

JetStream

  • Correctly validate the calling account on a number of system API calls
  • Check system and account limits when processing a stream restore
Complete Changes

v2.11.0

Compare Source

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version
Dependencies
  • golang.org/x/crypto v0.36.0 (#​6618)
  • golang.org/x/sys v0.31.0 (#​6618)
  • golang.org/x/time v0.11.0 (#​6618)
  • github.com/google/go-tpm v0.9.3 (#​6295)
  • github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op (#​6164)
Added

General

  • Distributed message tracing (#​5014, #​5057)
    • A message with the Nats-Trace-Dest header set to a valid subject will receive events representing what happens to the message as it moves through the system
    • Events contain information such as ingress, subject mapping, stream exports, service imports, egress to subscriptions, routes, gateways or leafnodes
    • An additional Nats-Trace-Only header, if set to true, will produce the same tracing events but will not deliver the message to the final destination
  • Configuration state digest (#​4325)
    • A hash of the configuration file can be generated using the -t option on the command line
    • The hash of the currently running configuration file can be seen in the config_digest option in varz
  • Enable scoped users to have templates that are not limited to a subject token (#​5981)
  • New js-meta-only option for healthz healthcheck (#​6649)

JetStream

  • Per-message TTLs (#​6272, #​6354, #​6363, #​6370, #​6376, #​6385, #​6400)
    • The Nats-TTL header, provided either as a string duration (1m, 30s) or an integer in seconds, will age out the message independently of stream limits
    • More information on this is available in ADR-43
  • Subject delete markers on MaxAge (#​6378, #​6389, #​6393, #​6400, #​6404, #​6428, #​6432)
    • The SubjectDeleteMarkerTTL stream configuration option determines whether to place marker messages and how long they should live for
    • The marker message will have a Nats-Marker-Reason header explaining which limit caused the marker to be left behind
    • More information on this is available in ADR-43
  • Pull consumer priority groups with pinning and overflow (#​5814, #​6078, #​6081)
    • Allows patterns such as one consumer receiving all messages, but handing over to a second consumer if the first one fails, or groups of clients accessing the same consumer should have different priorities
    • The PriorityGroups and PriorityPolicy options in the consumer configuration control the policy
    • More information on this is available in ADR-42
  • Consumer pausing (#​5066)
    • The PauseUntil consumer configuration option and $JS.API.CONSUMER.PAUSE endpoint suspends message delivery to the consumer until the time specified is reached, after which point it will resume automatically
  • Asset versioning (#​5850, #​5855, #​5857)
    • More information on this is available in ADR-44
  • Multi-get directly from a stream (#​5107)
    • More information on this is available in ADR-31
  • Pedantic mode (#​5245)
    • Ensures that stream and consumer creates or updates will fail if the resulting configuration would differ due to defaults, useful for desired-state configuration
  • Stream ingest rate limiting (#​5796)
    • New max_buffered_size and max_buffered_msgs options in the jetstream block of the server config control how many publishes should be queued before rate-limiting, making it easier to protect the system against Core NATS publishes into JetStream
    • Where a reply subject is provided, rate-limited messages will receive a 429 “Too Many Requests” response and can retry later
  • Support for Nats-Expected-Last-Subject-Sequence-Subject header, customising the subject used when paired with Nats-Expected-Last-Subject-Sequence (#​5281) Thanks to @​cchamplin for the contribution!
  • Ability to move cluster Raft traffic into the asset account instead of using the system account using the new cluster_traffic configuration option (#​5466, #​5947)
  • Ability to specify preferred placement tags or clusters using preferred when issuing stepdown requests to the metaleader, streams or consumers (#​6282, #​6284)
  • Implement strict decoding for JetStream API requests with the new strict option in the jetstream block of the server config (#​5858)
  • JetStream encryption on Windows can now use the TPM for key storage (#​5273)
  • The js_cluster_migrate option can now be configured with a delay, controlling how long before a failure would result in asset migration (#​5903)

Leafnodes

  • Support for TLS First on leafnode connections with the handshake_first option (#​4119, #​5783)

WebSocket

MQTT

Improved

General

  • A graceful shutdown caused by the SIGTERM signal will now return exit code 0 instead of exit code 1 (#​6336)
  • Attempt to prune the publish permissions cache more than once, reducing the chance it can grow beyond the intended size (#​6674)

JetStream

  • Improved the performance of subject tracking with a max messages per subject limit of 1 (#​6688)
Fixed

General

  • Server, cluster and gateway names containing spaces will now be rejected, since these can cause issues (#​5676)

JetStream

  • Message removals due to acks in clustered interest-based or work queue streams are now proposed through Raft (#​6140)
    • Ensures that the removal ordering across all replicas is consistent, but may increase the amount of replication traffic
  • Consistency improvements for the metalayer, streams and consumers (#​6194, #​6485, #​6518)
    • A new leader only starts responding to read/write requests once it's initially up-to-date with its Raft log
    • Also fixes issues where KV creates/updates to a key during leader changes could desync the stream
  • Replicated consumers should no longer skip redeliveries of unacknowledged messages after a leader change (#​6566)
  • Consumer starting sequence is now always respected, except for consumers used for sources/mirrors (#​6253)
  • Recovering from a bad message block checksum when there are meant to be zero messages will now correctly populate the first sequence if the last sequence was known from the stream state (#​6647)
  • A panic when reloading the config to add a dedicated route has been fixed for systems that have no pinned routes and no system account (#​6668)
  • When recovering from filestore blocks, ignore temporary files created as a part of re-compression or re-encryption (#​6684)
Complete Changes

v2.10.29

Compare Source

Changelog

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

Go Version
  • 1.24.2
Fixed

JetStream

  • Fix a regression introduced in v2.10.28 which can affect calculating consumer subject interest (#​6845)
  • Consumer state reporting of filtered consumers is now more consistent (#​6835)
  • Raft nodes will now correctly report to the upper layer when a preferred node does not become the leader, fixing some issues where multiple assets can believe they are the leader after a scale-up operation (#​6851)

Monitoring

  • The connz endpoint will now return open connections correctly with state set to all (#​6849)
Complete Changes

v2.10.28

Compare Source

[!IMPORTANT]
This version contains a regression that has since been fixed in 2.10.29. Please upgrade to that version instead.

Changelog

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

Go Version
  • 1.24.2
Dependencies
  • github.com/nats-io/nats.go v1.41.2 (#​6805)
  • github.com/nats-io/nkeys v0.4.11 (#​6805)
  • golang.org/x/crypto v0.37.0 (#​6805)
  • golang.org/x/sys v0.32.0 (#​6805)
  • github.com/nats-io/jwt/v2 v2.7.4 (#​6813)
Improved

General

  • The publish permissions cache should now remain under the max allowed size more aggressively with improved pruning (#​6674)
  • It is now possible with service imports to import the same subject from multiple different accounts (#​6704)
  • Updating an account claim with a reduced max connection count no longer causes internal clients to be closed, fixing cases where JetStream assets could become unavailable (#​6785)
  • GOMAXPROCS and GOMEMLIMIT are now reported in both statsz and varz (#​6791)
  • Auth tokens are now redacted in trace-level logs for enhanced security (#​6808)
  • Trapped signals are now logged at notice level instead of debug (#​6800)

JetStream

  • Improved purge performance, particularly for KV PurgeDeletes calls, with optimised code paths for finding last sequences and reducing allocations (#​6801)
  • Improved replicated asset creation performance by campaigning for group leadership more quickly (#​6697)
  • Improved the debug log message when resetting a group WAL after failing to truncate (#​6705)
  • Improved checking for streams that overlap with JS API or system subjects, so that badly-configured streams should not be able to break the API (#​6786)
  • Servers that have been peer-remove'd can now be re-admitted automatically after 5 minutes without a server restart (#​6815)
  • Filestore tombstones for purges are now written asynchronously where possible, improving performance (#​6825)
Fixed

General

  • Fix a possible panic when a subject transform has missing tokens (#​6612)
  • Fix a possible panic when adding dedicated routes during a configuration reload (#​6668)
  • Data race when shutting down eventing has been resolved (#​6620)
  • A deadlock when updating account claims with service imports/exports has now been fixed (#​6726)
  • The jsz monitoring endpoint now correctly paginates with offset (#​6794, #​6816)

JetStream

  • JetStream is no longer incorrectly disabled when specifying --js and --store_dir on the command line and then issuing a configuration reload (#​6609)
  • Correctly remove messages from an interest-based stream when using AckAll consumers (#​6587)
  • Preserve the first sequence when rebuilding state due to invalid checksums with no remaining messages (#​6647)
  • When recovering from disk, ignore temporary files that can be created during stream compression so that the same blocks do not get loaded more than once (#​6684)
  • Do not incorrectly reset group WALs when a new leader sends matching term information after a snapshot (#​6691)
  • Corrected a regression in the memory store when purging, aligning it with the filestore behaviour (#​6714)
  • When issuing a peer remove on a stream, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers (#​6720)
  • When issuing a peer remove on a consumer, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers (#​6727)
  • A race condition that could result in observer nodes becoming incorrectly elected as a group leader has been fixed when using leafnodes with shared system accounts (#​6730)
  • Ensure that duplicate Raft groups are not created for the same asset during a restart (#​6732)
  • Allow the use of the extended consumer create API when combining service imports/exports and limited API permissions (#​6759)
  • Streams with the FirstSeq configured are no longer incorrectly purged after a restart if the stream first sequence still matches the configured first sequence (#​6753)
  • Correctly write tombstones when purging and compacting, fixing a bug that could result in some deleted messages returning if the stream index had to be rebuilt (#​6685)
  • The memory store no longer leaks memory tracking deleted sequences after a full stream purge (#​6769)
  • Correctly handle acks for subjects that include a @ character (#​6777)
  • Avoid losing stream sequence numbers of the server is interrupted by generating a new last message block before removing the final remaining block, particularly noticeable with WQ or interest retention policies (#​6778)
  • Use the correct floor when using AckAll in R1 consumers (#​6790)
  • Preserve consumer state when a stream needs to be reset due to a failed catchup (#​6796)
  • Correctly enforce the 32MB maximum publish size limit into JetStream, avoiding filestore corruption from overflowing the maximum record length (#​6798)
  • Push consumers are no longer incorrectly marked as inactive after a delivery failure if there is continued interest (#​6807)
  • Internal clients for JetStream are no longer closed unexpectedly after updating an expired account claim (#​6817)
  • Fixed a panic that could potentially occur when starting clustered consumers when the metalayer is shutting down (#​6823)
  • Fixed a bug in subject tree intersection that could miss some subjects when looking for first matching messages matching FilterSubjects (#​6828, #​6827)

Gateways

  • Fixed a bug that could result in a lost queue subscriptions on gateway connections after a restart or a remote unsubscribe (#​6607)
Complete Changes

v2.10.27

Compare Source

Changelog

Go Version
  • 1.24.1
CVEs
  • This release contains fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27.
Fixed

JetStream

  • Correctly validate the calling account on a number of system API calls
  • Check system and account limits when processing a stream restore
  • Fixed a performance regression when using max messages per subject of 1 (#​6688)
Complete Changes
nats-io/nats.go (github.com/nats-io/nats.go)

v1.42.0

Compare Source

Changelog

Overview

This release adds per-key TTL functionality to key-value stores. It adds:

  1. LimitMarkerTTL config option to enable automatic tombstone deletion.
  2. KeyTTL option to kv.Create()
  3. PurgeTTL() option to kv.Purge()
ADDED
  • KeyValue:
    • Added KeyValue per key TTL support and limit markers (#​1864)
Complete Changes

v1.41.2

Compare Source

Changelog

ADDED
  • Core NATS:
    • Add nc.RemoveStatusListener() method (#​1856)
FIXED
  • Legacy JetStream:
    • Fix Fetch and FetchBatch memory leak (#​1856)
  • Legacy KeyValue:
    • Use context in when purging stream in kv.PurgeDeletes() (#​1858)
  • Bump golang.org/x/crypto to fix vulnerability (#​1857)
Complete Changes

v1.41.1

Compare Source

Changelog

FIXED
  • ObjectStore:
    • Use default timeout for ObjectStore.Get when no deadline is set on ctx (#​1850)
IMPROVED
  • Remove golang.org/x/text dependency (#​1849)
Complete Changes

v1.41.0

Compare Source

Changelog

Overview

This release adds consumer priority groups to JetStream, exposing overflow and pinning policies. For more information on consumer priority groups, see ADR-42.

Added
  • JetStream:
    • Consumer priority groups with pinned and overflow policies (#​1826)
    • WithDefaultTimeout option for JetStream API requests (#​1843)
Fixed
  • KeyValue:
    • Ensure timer is stopped when watcher is stopped (#​1838)
  • ObjectStore:
    • Ensure object watcher stop closes the updates channel (#​1844)
  • Core NATS:
    • Data race when reading current status in sub.StatusChanged and nc.StatusChanged (#​1841)
    • Reset channel after closing in ForceReconnect to avoid panic on subsequent ForceReconnect calls (#​1842, #​1846)
Changed
Improved
  • Legacy JetStream:
    • Cancel Fetch and FetchBatch on reconnect (#​1840)
  • JetStream:
    • Invalid default in documentation for OrderedConsumerConfig.InactiveThreshold (#​1845)
  • KeyValue:
    • Stop the watcher before performing the purge operations for PurgeDeletes (#​1839)
Complete Changes

v1.40.1

Compare Source

Changelog

Overview

This release fixes an issue in legacy JetStream Subscribe which did not respect user-set context when creating a consumer.

FIXED
  • Legacy JetStream:
    • Set context from option when creating consumer in js.Subscribe (#​1835)
Complete Changes

v1.40.0

Compare Source

Changelog

Overview

This release focuses on adding support for new features from NATS Server v2.11.0. This includes:

  • Per message TTLs
  • Consumer pause and resume

Batch direct get will be released in orbit. Support for consumer priority groups will be added in the next minor release.

Added
  • JetStream:
    • Pause and resume JetStream consumer. Thanks @​yordis for the contribution (#​1571)
    • Per message TTL option for JetStream publish (#​1825)
    • Timeout option for async publish (#​1819)
  • Service API
    • Support for disabling queue groups at service, group, and endpoint levels (#​1797)
  • Core NATS:
    • ReconnectErrCB for handling failed reconnect attempts in a callback. Thanks @​sschleemilch for the contribution (#​1804)
Fixed
  • JetStream
    • Invalid subscription on ordered consumer in leaderless cluster (#​1808)
    • Ordered consumer not restarting on no responders (#​1827)
    • Avoid ack id collision in PublishAsync (#​1812)
    • Possible panic in Consumer.Fetch (#​1828)
    • Use resp.Error to show NATS error in deleteMsg. Thanks @​imariman for the contribution (#​1822)
  • KeyValue
    • Deadlock when fetching keys from KV while messages are deleted/purged (#​1824)
Changed
  • Bump go version to 1.23 and update dependencies (#​1821)
Complete Changes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) | require | minor | `v2.10.26` -> `v2.11.3` | | [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go) | require | minor | `v1.39.1` -> `v1.42.0` | | [go](https://go.dev/) ([source](https://github.com/golang/go)) | toolchain | patch | `1.24.1` -> `1.24.3` | --- ### Release Notes <details> <summary>nats-io/nats-server (github.com/nats-io/nats-server/v2)</summary> ### [`v2.11.3`](https://github.com/nats-io/nats-server/releases/tag/v2.11.3) [Compare Source](https://github.com/nats-io/nats-server/compare/v2.11.2...v2.11.3) #### Changelog Refer to the [2.11 Upgrade Guide](https://docs.nats.io/release-notes/whats_new/whats_new\_211) for backwards compatibility notes with 2.10.x. ##### Go Version - 1.24.2 ##### Added MQTT - New `js_api_timeout` option controls how long to wait for JetStream operations caused by MQTT calls ([#&#8203;6833](https://github.com/nats-io/nats-server/issues/6833)) ##### Improved JetStream - Reduced allocations in subject tree matching ([#&#8203;6837](https://github.com/nats-io/nats-server/issues/6837)) ##### Fixed General - Fixed TLS 1.2 negotiation when using ECDSA certificates from the Windows certificate store ([#&#8203;6803](https://github.com/nats-io/nats-server/issues/6803)) JetStream - Fix a regression introduced in v2.11.2 which can affect calculating consumer subject interest ([#&#8203;6845](https://github.com/nats-io/nats-server/issues/6845)) - Consumer state reporting of filtered consumers is now more consistent ([#&#8203;6835](https://github.com/nats-io/nats-server/issues/6835)) - Raft nodes will now correctly report to the upper layer when a preferred node does not become the leader, fixing some issues where multiple assets can believe they are the leader after a scale-up operation ([#&#8203;6851](https://github.com/nats-io/nats-server/issues/6851)) Monitoring - The `connz` endpoint will now return open connections correctly with `state` set to `all` ([#&#8203;6849](https://github.com/nats-io/nats-server/issues/6849)) ##### Complete Changes ### [`v2.11.2`](https://github.com/nats-io/nats-server/releases/tag/v2.11.2) [Compare Source](https://github.com/nats-io/nats-server/compare/v2.11.1...v2.11.2) > \[!IMPORTANT] > This version contains a regression that has since been fixed in 2.11.3. Please upgrade to that version instead. #### Changelog Refer to the [2.11 Upgrade Guide](https://docs.nats.io/release-notes/whats_new/whats_new\_211) for backwards compatibility notes with 2.10.x. ##### Go Version - 1.24.2 ##### Dependencies - github.com/nats-io/nats.go v1.41.2 ([#&#8203;6805](https://github.com/nats-io/nats-server/issues/6805)) - github.com/nats-io/nkeys v0.4.11 ([#&#8203;6805](https://github.com/nats-io/nats-server/issues/6805)) - github.com/nats-io/jwt/v2 v2.7.4 ([#&#8203;6813](https://github.com/nats-io/nats-server/issues/6813)) ##### Added General - Support for a default sentinel JWT, which is used in operator mode when none is specified, has been added making it possible to have default users ([#&#8203;6577](https://github.com/nats-io/nats-server/issues/6577)) - New `trace_headers` option to ensure that trace logging only emits headers and not message payloads ([#&#8203;6638](https://github.com/nats-io/nats-server/issues/6638)) JetStream - Subject delete markers are now placed for messages that have aged out due to their TTL and not just because of the `MaxAge` policy ([#&#8203;6741](https://github.com/nats-io/nats-server/issues/6741)) ##### Improved General - The publish permissions cache should now remain under the max allowed size more aggressively with improved pruning ([#&#8203;6674](https://github.com/nats-io/nats-server/issues/6674)) - It is now possible with service imports to import the same subject from multiple different accounts ([#&#8203;6704](https://github.com/nats-io/nats-server/issues/6704)) - Updating an account claim with a reduced max connection count no longer causes internal clients to be closed, fixing cases where JetStream assets could become unavailable ([#&#8203;6785](https://github.com/nats-io/nats-server/issues/6785)) - `GOMAXPROCS` and `GOMEMLIMIT` are now reported in both `statsz` and `varz` ([#&#8203;6791](https://github.com/nats-io/nats-server/issues/6791)) - Improved `tls_timeout` configuration parsing consistency between `authorization` and `timeout` ([#&#8203;6731](https://github.com/nats-io/nats-server/issues/6731)) - Allow servers with different pool sizes when using multiple routes, simplifying configuration changes and rolling updates ([#&#8203;6676](https://github.com/nats-io/nats-server/issues/6676)) - Auth tokens are now redacted in trace-level logs for enhanced security ([#&#8203;6808](https://github.com/nats-io/nats-server/issues/6808)) - Trapped signals are now logged at notice level instead of debug ([#&#8203;6800](https://github.com/nats-io/nats-server/issues/6800)) JetStream - Improved purge performance, particularly for KV `PurgeDeletes` calls, with optimised code paths for finding last sequences and reducing allocations ([#&#8203;6801](https://github.com/nats-io/nats-server/issues/6801), [#&#8203;6825](https://github.com/nats-io/nats-server/issues/6825)) - Improved replicated asset creation performance by campaigning for group leadership more quickly ([#&#8203;6697](https://github.com/nats-io/nats-server/issues/6697)) - Improved the debug log message when resetting a group WAL after failing to truncate ([#&#8203;6705](https://github.com/nats-io/nats-server/issues/6705)) - Improved checking for streams that overlap with JS API or system subjects, so that badly-configured streams should not be able to break the API ([#&#8203;6786](https://github.com/nats-io/nats-server/issues/6786)) - Allow setting per-message TTLs to values lower than the configured `SubjectDeleteMarkerTTL` when the stream has a max messages per subject limit of 1 ([#&#8203;6818](https://github.com/nats-io/nats-server/issues/6818)) - Servers that have been `peer-remove`'d can now be re-admitted automatically after 5 minutes without a server restart ([#&#8203;6815](https://github.com/nats-io/nats-server/issues/6815)) ##### Fixed General - Fix a possible panic when a subject transform has missing tokens ([#&#8203;6612](https://github.com/nats-io/nats-server/issues/6612)) - Fix a possible panic when adding dedicated routes during a configuration reload ([#&#8203;6668](https://github.com/nats-io/nats-server/issues/6668)) - Data race when shutting down eventing has been resolved ([#&#8203;6620](https://github.com/nats-io/nats-server/issues/6620)) - A deadlock when updating account claims with service imports/exports has now been fixed ([#&#8203;6726](https://github.com/nats-io/nats-server/issues/6726)) - The `jsz` monitoring endpoint now correctly paginates with `offset` ([#&#8203;6794](https://github.com/nats-io/nats-server/issues/6794), [#&#8203;6816](https://github.com/nats-io/nats-server/issues/6816)) - Parsing the `cluster_traffic` option at startup no longer results in a panic if the account has not loaded yet ([#&#8203;6733](https://github.com/nats-io/nats-server/issues/6733)) JetStream - Fix clustered consumer consistency problems by waiting for delivered state to reach quorum before delivering new messages, resolving issues where acknowledged messages could be redelivered after a consumer leader change - **NOTE:** This may negatively impact the throughput of replicated consumers. R1 consumers, consumers with `AckNone` ack policy and ordered consumers are not affected and may be more suitable for high-speed processing - JetStream is no longer incorrectly disabled when specifying `--js` and `--store_dir` on the command line and then issuing a configuration reload ([#&#8203;6609](https://github.com/nats-io/nats-server/issues/6609)) - Correctly remove messages from an interest-based stream when using `AckAll` consumers ([#&#8203;6587](https://github.com/nats-io/nats-server/issues/6587)) - Preserve the first sequence when rebuilding state due to invalid checksums with no remaining messages ([#&#8203;6647](https://github.com/nats-io/nats-server/issues/6647)) - When recovering from disk, ignore temporary files that can be created during stream compression so that the same blocks do not get loaded more than once ([#&#8203;6684](https://github.com/nats-io/nats-server/issues/6684)) - Do not incorrectly reset group WALs when a new leader sends matching term information after a snapshot ([#&#8203;6691](https://github.com/nats-io/nats-server/issues/6691)) - Corrected a regression in the memory store when purging, aligning it with the filestore behaviour ([#&#8203;6714](https://github.com/nats-io/nats-server/issues/6714)) - When issuing a peer remove on a stream, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers ([#&#8203;6720](https://github.com/nats-io/nats-server/issues/6720)) - When issuing a peer remove on a consumer, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers ([#&#8203;6727](https://github.com/nats-io/nats-server/issues/6727)) - A race condition that could result in observer nodes becoming incorrectly elected as a group leader has been fixed when using leafnodes with shared system accounts ([#&#8203;6730](https://github.com/nats-io/nats-server/issues/6730)) - Ensure that duplicate Raft groups are not created for the same asset during a restart ([#&#8203;6732](https://github.com/nats-io/nats-server/issues/6732)) - Allow the use of the extended consumer create API when combining service imports/exports and limited API permissions ([#&#8203;6759](https://github.com/nats-io/nats-server/issues/6759)) - Streams with the `FirstSeq` configured are no longer incorrectly purged after a restart if the stream first sequence still matches the configured first sequence ([#&#8203;6753](https://github.com/nats-io/nats-server/issues/6753)) - Correctly write tombstones when purging and compacting, fixing a bug that could result in some deleted messages returning if the stream index had to be rebuilt ([#&#8203;6685](https://github.com/nats-io/nats-server/issues/6685)) - The memory store no longer leaks memory tracking deleted sequences after a full stream purge ([#&#8203;6769](https://github.com/nats-io/nats-server/issues/6769)) - Correctly handle acks for subjects that include a `@` character ([#&#8203;6777](https://github.com/nats-io/nats-server/issues/6777)) - Avoid losing stream sequence numbers of the server is interrupted by generating a new last message block before removing the final remaining block, particularly noticeable with WQ or interest retention policies ([#&#8203;6778](https://github.com/nats-io/nats-server/issues/6778)) - Use the correct floor when using `AckAll` in R1 consumers ([#&#8203;6790](https://github.com/nats-io/nats-server/issues/6790)) - Preserve consumer state when a stream needs to be reset due to a failed catchup ([#&#8203;6796](https://github.com/nats-io/nats-server/issues/6796)) - Correctly enforce the 32MB maximum publish size limit into JetStream, avoiding filestore corruption from overflowing the maximum record length ([#&#8203;6798](https://github.com/nats-io/nats-server/issues/6798)) - Preserve the redelivered state if the consumer leader is placed on a server that is a lagging stream follower to keep accounting correct ([#&#8203;6698](https://github.com/nats-io/nats-server/issues/6698)) - Idempotent stream or consumer creations on a server upgrade from 2.10.x will no longer fail due to metadata changes ([#&#8203;6716](https://github.com/nats-io/nats-server/issues/6716)) - Do not place rejected messages with invalid TTLs into the deduplication map if using `Nats-Msg-Id` ([#&#8203;6725](https://github.com/nats-io/nats-server/issues/6725)) - Message TTLs are now recovered properly from multiple messages if the timed hash wheel state is lost or corrupted on disk ([#&#8203;6758](https://github.com/nats-io/nats-server/issues/6758)) - Consumer priority groups will no longer get stuck in a tight-loop if there are multiple requests from different clients but some are not receiving due to the priority policy ([#&#8203;6749](https://github.com/nats-io/nats-server/issues/6749)) - Subject delete markers are now replicated more reliably and are now retriable, improving consistency in clustered mode ([#&#8203;6776](https://github.com/nats-io/nats-server/issues/6776)) - Tombstones are now correctly written for messages that have aged out due to their TTL, such that the deletion is preserved if the stream state is rebuilt ([#&#8203;6781](https://github.com/nats-io/nats-server/issues/6781)) - Corrected an off-by-one error that could cause the TTL state to be rebuilt unnecessarily on a server restart ([#&#8203;6679](https://github.com/nats-io/nats-server/issues/6679)) - Fixed a race condition in the timed hash wheel that could result in an underflow of the hash count ([#&#8203;6787](https://github.com/nats-io/nats-server/issues/6787)) - Push consumers are no longer incorrectly marked as inactive after a delivery failure if there is continued interest ([#&#8203;6807](https://github.com/nats-io/nats-server/issues/6807)) - Internal clients for JetStream are no longer closed unexpectedly after updating an expired account claim ([#&#8203;6817](https://github.com/nats-io/nats-server/issues/6817)) - Fixed a panic that could potentially occur when starting clustered consumers when the metalayer is shutting down ([#&#8203;6823](https://github.com/nats-io/nats-server/issues/6823)) - Fixed a bug in subject tree intersection that could miss some subjects when looking for first matching messages matching `FilterSubjects` ([#&#8203;6828](https://github.com/nats-io/nats-server/issues/6828)) - Subject delete markers now have the correct headers when retrieved using direct get ([#&#8203;6826](https://github.com/nats-io/nats-server/issues/6826)) - Messages with a TTL now are removed correctly after a restart has interrupted the deletion process ([#&#8203;6828](https://github.com/nats-io/nats-server/issues/6828)) Gateways - Fixed a bug that could result in a lost queue subscriptions on gateway connections after a restart or a remote unsubscribe ([#&#8203;6607](https://github.com/nats-io/nats-server/issues/6607)) ##### Complete Changes ### [`v2.11.1`](https://github.com/nats-io/nats-server/releases/tag/v2.11.1) [Compare Source](https://github.com/nats-io/nats-server/compare/v2.11.0...v2.11.1) #### Changelog ##### Go Version - 1.24.1 ##### CVEs - This release contains fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27. ##### Fixed JetStream - Correctly validate the calling account on a number of system API calls - Check system and account limits when processing a stream restore ##### Complete Changes ### [`v2.11.0`](https://github.com/nats-io/nats-server/releases/tag/v2.11.0) [Compare Source](https://github.com/nats-io/nats-server/compare/v2.10.29...v2.11.0) #### Changelog Refer to the [2.11 Upgrade Guide](https://docs.nats.io/release-notes/whats_new/whats_new\_211) for backwards compatibility notes with 2.10.x. ##### Go Version - 1.24.1 ([#&#8203;6629](https://github.com/nats-io/nats-server/issues/6629)) ##### Dependencies - golang.org/x/crypto v0.36.0 ([#&#8203;6618](https://github.com/nats-io/nats-server/issues/6618)) - golang.org/x/sys v0.31.0 ([#&#8203;6618](https://github.com/nats-io/nats-server/issues/6618)) - golang.org/x/time v0.11.0 ([#&#8203;6618](https://github.com/nats-io/nats-server/issues/6618)) - github.com/google/go-tpm v0.9.3 ([#&#8203;6295](https://github.com/nats-io/nats-server/issues/6295)) - github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op ([#&#8203;6164](https://github.com/nats-io/nats-server/issues/6164)) ##### Added General - Distributed message tracing ([#&#8203;5014](https://github.com/nats-io/nats-server/issues/5014), [#&#8203;5057](https://github.com/nats-io/nats-server/issues/5057)) - A message with the `Nats-Trace-Dest` header set to a valid subject will receive events representing what happens to the message as it moves through the system - Events contain information such as ingress, subject mapping, stream exports, service imports, egress to subscriptions, routes, gateways or leafnodes - An additional `Nats-Trace-Only` header, if set to `true`, will produce the same tracing events but will not deliver the message to the final destination - Configuration state digest ([#&#8203;4325](https://github.com/nats-io/nats-server/issues/4325)) - A hash of the configuration file can be generated using the `-t` option on the command line - The hash of the currently running configuration file can be seen in the `config_digest` option in `varz` - Enable scoped users to have templates that are not limited to a subject token ([#&#8203;5981](https://github.com/nats-io/nats-server/issues/5981)) - New `js-meta-only` option for `healthz` healthcheck ([#&#8203;6649](https://github.com/nats-io/nats-server/issues/6649)) JetStream - Per-message TTLs ([#&#8203;6272](https://github.com/nats-io/nats-server/issues/6272), [#&#8203;6354](https://github.com/nats-io/nats-server/issues/6354), [#&#8203;6363](https://github.com/nats-io/nats-server/issues/6363), [#&#8203;6370](https://github.com/nats-io/nats-server/issues/6370), [#&#8203;6376](https://github.com/nats-io/nats-server/issues/6376), [#&#8203;6385](https://github.com/nats-io/nats-server/issues/6385), [#&#8203;6400](https://github.com/nats-io/nats-server/issues/6400)) - The `Nats-TTL` header, provided either as a string duration (`1m`, `30s`) or an integer in seconds, will age out the message independently of stream limits - More information on this is available in [ADR-43](https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-43.md) - Subject delete markers on `MaxAge` ([#&#8203;6378](https://github.com/nats-io/nats-server/issues/6378), [#&#8203;6389](https://github.com/nats-io/nats-server/issues/6389), [#&#8203;6393](https://github.com/nats-io/nats-server/issues/6393), [#&#8203;6400](https://github.com/nats-io/nats-server/issues/6400), [#&#8203;6404](https://github.com/nats-io/nats-server/issues/6404), [#&#8203;6428](https://github.com/nats-io/nats-server/issues/6428), [#&#8203;6432](https://github.com/nats-io/nats-server/issues/6432)) - The `SubjectDeleteMarkerTTL` stream configuration option determines whether to place marker messages and how long they should live for - The marker message will have a `Nats-Marker-Reason` header explaining which limit caused the marker to be left behind - More information on this is available in [ADR-43](https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-43.md) - Pull consumer priority groups with pinning and overflow ([#&#8203;5814](https://github.com/nats-io/nats-server/issues/5814), [#&#8203;6078](https://github.com/nats-io/nats-server/issues/6078), [#&#8203;6081](https://github.com/nats-io/nats-server/issues/6081)) - Allows patterns such as one consumer receiving all messages, but handing over to a second consumer if the first one fails, or groups of clients accessing the same consumer should have different priorities - The `PriorityGroups` and `PriorityPolicy` options in the consumer configuration control the policy - More information on this is available in [ADR-42](https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-42.md) - Consumer pausing ([#&#8203;5066](https://github.com/nats-io/nats-server/issues/5066)) - The `PauseUntil` consumer configuration option and `$JS.API.CONSUMER.PAUSE` endpoint suspends message delivery to the consumer until the time specified is reached, after which point it will resume automatically - Asset versioning ([#&#8203;5850](https://github.com/nats-io/nats-server/issues/5850), [#&#8203;5855](https://github.com/nats-io/nats-server/issues/5855), [#&#8203;5857](https://github.com/nats-io/nats-server/issues/5857)) - More information on this is available in [ADR-44](https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-44.md) - Multi-get directly from a stream ([#&#8203;5107](https://github.com/nats-io/nats-server/issues/5107)) - More information on this is available in [ADR-31](https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-31.md) - Pedantic mode ([#&#8203;5245](https://github.com/nats-io/nats-server/issues/5245)) - Ensures that stream and consumer creates or updates will fail if the resulting configuration would differ due to defaults, useful for desired-state configuration - Stream ingest rate limiting ([#&#8203;5796](https://github.com/nats-io/nats-server/issues/5796)) - New `max_buffered_size` and `max_buffered_msgs` options in the `jetstream` block of the server config control how many publishes should be queued before rate-limiting, making it easier to protect the system against Core NATS publishes into JetStream - Where a reply subject is provided, rate-limited messages will receive a 429 “Too Many Requests” response and can retry later - Support for `Nats-Expected-Last-Subject-Sequence-Subject` header, customising the subject used when paired with `Nats-Expected-Last-Subject-Sequence` ([#&#8203;5281](https://github.com/nats-io/nats-server/issues/5281)) Thanks to [@&#8203;cchamplin](https://github.com/cchamplin) for the contribution! - Ability to move cluster Raft traffic into the asset account instead of using the system account using the new `cluster_traffic` configuration option ([#&#8203;5466](https://github.com/nats-io/nats-server/issues/5466), [#&#8203;5947](https://github.com/nats-io/nats-server/issues/5947)) - Ability to specify preferred placement tags or clusters using `preferred` when issuing stepdown requests to the metaleader, streams or consumers ([#&#8203;6282](https://github.com/nats-io/nats-server/issues/6282), [#&#8203;6284](https://github.com/nats-io/nats-server/issues/6284)) - Implement strict decoding for JetStream API requests with the new `strict` option in the `jetstream` block of the server config ([#&#8203;5858](https://github.com/nats-io/nats-server/issues/5858)) - JetStream encryption on Windows can now use the TPM for key storage ([#&#8203;5273](https://github.com/nats-io/nats-server/issues/5273)) - The `js_cluster_migrate` option can now be configured with a delay, controlling how long before a failure would result in asset migration ([#&#8203;5903](https://github.com/nats-io/nats-server/issues/5903)) Leafnodes - Support for TLS First on leafnode connections with the `handshake_first` option ([#&#8203;4119](https://github.com/nats-io/nats-server/issues/4119), [#&#8203;5783](https://github.com/nats-io/nats-server/issues/5783)) WebSocket - WebSocket custom response headers ([#&#8203;5230](https://github.com/nats-io/nats-server/issues/5230)) Thanks to [@&#8203;ramonberrutti](https://github.com/ramonberrutti) for the contribution! MQTT - SparkplugB Aware support ([#&#8203;5241](https://github.com/nats-io/nats-server/issues/5241)) ##### Improved General - A graceful shutdown caused by the `SIGTERM` signal will now return exit code 0 instead of exit code 1 ([#&#8203;6336](https://github.com/nats-io/nats-server/issues/6336)) - Attempt to prune the publish permissions cache more than once, reducing the chance it can grow beyond the intended size ([#&#8203;6674](https://github.com/nats-io/nats-server/issues/6674)) JetStream - Improved the performance of subject tracking with a max messages per subject limit of 1 ([#&#8203;6688](https://github.com/nats-io/nats-server/issues/6688)) ##### Fixed General - Server, cluster and gateway names containing spaces will now be rejected, since these can cause issues ([#&#8203;5676](https://github.com/nats-io/nats-server/issues/5676)) JetStream - Message removals due to acks in clustered interest-based or work queue streams are now proposed through Raft ([#&#8203;6140](https://github.com/nats-io/nats-server/issues/6140)) - Ensures that the removal ordering across all replicas is consistent, but may increase the amount of replication traffic - Consistency improvements for the metalayer, streams and consumers ([#&#8203;6194](https://github.com/nats-io/nats-server/issues/6194), [#&#8203;6485](https://github.com/nats-io/nats-server/issues/6485), [#&#8203;6518](https://github.com/nats-io/nats-server/issues/6518)) - A new leader only starts responding to read/write requests once it's initially up-to-date with its Raft log - Also fixes issues where KV creates/updates to a key during leader changes could desync the stream - Replicated consumers should no longer skip redeliveries of unacknowledged messages after a leader change ([#&#8203;6566](https://github.com/nats-io/nats-server/issues/6566)) - Consumer starting sequence is now always respected, except for consumers used for sources/mirrors ([#&#8203;6253](https://github.com/nats-io/nats-server/issues/6253)) - Recovering from a bad message block checksum when there are meant to be zero messages will now correctly populate the first sequence if the last sequence was known from the stream state ([#&#8203;6647](https://github.com/nats-io/nats-server/issues/6647)) - A panic when reloading the config to add a dedicated route has been fixed for systems that have no pinned routes and no system account ([#&#8203;6668](https://github.com/nats-io/nats-server/issues/6668)) - When recovering from filestore blocks, ignore temporary files created as a part of re-compression or re-encryption ([#&#8203;6684](https://github.com/nats-io/nats-server/issues/6684)) ##### Complete Changes ### [`v2.10.29`](https://github.com/nats-io/nats-server/releases/tag/v2.10.29) [Compare Source](https://github.com/nats-io/nats-server/compare/v2.10.28...v2.10.29) #### Changelog Refer to the [2.10 Upgrade Guide](https://docs.nats.io/release-notes/whats_new/whats_new\_210) for backwards compatibility notes with 2.9.x. ##### Go Version - 1.24.2 ##### Fixed JetStream - Fix a regression introduced in v2.10.28 which can affect calculating consumer subject interest ([#&#8203;6845](https://github.com/nats-io/nats-server/issues/6845)) - Consumer state reporting of filtered consumers is now more consistent ([#&#8203;6835](https://github.com/nats-io/nats-server/issues/6835)) - Raft nodes will now correctly report to the upper layer when a preferred node does not become the leader, fixing some issues where multiple assets can believe they are the leader after a scale-up operation ([#&#8203;6851](https://github.com/nats-io/nats-server/issues/6851)) Monitoring - The `connz` endpoint will now return open connections correctly with `state` set to `all` ([#&#8203;6849](https://github.com/nats-io/nats-server/issues/6849)) ##### Complete Changes ### [`v2.10.28`](https://github.com/nats-io/nats-server/releases/tag/v2.10.28) [Compare Source](https://github.com/nats-io/nats-server/compare/v2.10.27...v2.10.28) > \[!IMPORTANT] > This version contains a regression that has since been fixed in 2.10.29. Please upgrade to that version instead. #### Changelog Refer to the [2.10 Upgrade Guide](https://docs.nats.io/release-notes/whats_new/whats_new\_210) for backwards compatibility notes with 2.9.x. ##### Go Version - 1.24.2 ##### Dependencies - github.com/nats-io/nats.go v1.41.2 ([#&#8203;6805](https://github.com/nats-io/nats-server/issues/6805)) - github.com/nats-io/nkeys v0.4.11 ([#&#8203;6805](https://github.com/nats-io/nats-server/issues/6805)) - golang.org/x/crypto v0.37.0 ([#&#8203;6805](https://github.com/nats-io/nats-server/issues/6805)) - golang.org/x/sys v0.32.0 ([#&#8203;6805](https://github.com/nats-io/nats-server/issues/6805)) - github.com/nats-io/jwt/v2 v2.7.4 ([#&#8203;6813](https://github.com/nats-io/nats-server/issues/6813)) ##### Improved General - The publish permissions cache should now remain under the max allowed size more aggressively with improved pruning ([#&#8203;6674](https://github.com/nats-io/nats-server/issues/6674)) - It is now possible with service imports to import the same subject from multiple different accounts ([#&#8203;6704](https://github.com/nats-io/nats-server/issues/6704)) - Updating an account claim with a reduced max connection count no longer causes internal clients to be closed, fixing cases where JetStream assets could become unavailable ([#&#8203;6785](https://github.com/nats-io/nats-server/issues/6785)) - `GOMAXPROCS` and `GOMEMLIMIT` are now reported in both `statsz` and `varz` ([#&#8203;6791](https://github.com/nats-io/nats-server/issues/6791)) - Auth tokens are now redacted in trace-level logs for enhanced security ([#&#8203;6808](https://github.com/nats-io/nats-server/issues/6808)) - Trapped signals are now logged at notice level instead of debug ([#&#8203;6800](https://github.com/nats-io/nats-server/issues/6800)) JetStream - Improved purge performance, particularly for KV `PurgeDeletes` calls, with optimised code paths for finding last sequences and reducing allocations ([#&#8203;6801](https://github.com/nats-io/nats-server/issues/6801)) - Improved replicated asset creation performance by campaigning for group leadership more quickly ([#&#8203;6697](https://github.com/nats-io/nats-server/issues/6697)) - Improved the debug log message when resetting a group WAL after failing to truncate ([#&#8203;6705](https://github.com/nats-io/nats-server/issues/6705)) - Improved checking for streams that overlap with JS API or system subjects, so that badly-configured streams should not be able to break the API ([#&#8203;6786](https://github.com/nats-io/nats-server/issues/6786)) - Servers that have been `peer-remove`'d can now be re-admitted automatically after 5 minutes without a server restart ([#&#8203;6815](https://github.com/nats-io/nats-server/issues/6815)) - Filestore tombstones for purges are now written asynchronously where possible, improving performance ([#&#8203;6825](https://github.com/nats-io/nats-server/issues/6825)) ##### Fixed General - Fix a possible panic when a subject transform has missing tokens ([#&#8203;6612](https://github.com/nats-io/nats-server/issues/6612)) - Fix a possible panic when adding dedicated routes during a configuration reload ([#&#8203;6668](https://github.com/nats-io/nats-server/issues/6668)) - Data race when shutting down eventing has been resolved ([#&#8203;6620](https://github.com/nats-io/nats-server/issues/6620)) - A deadlock when updating account claims with service imports/exports has now been fixed ([#&#8203;6726](https://github.com/nats-io/nats-server/issues/6726)) - The `jsz` monitoring endpoint now correctly paginates with `offset` ([#&#8203;6794](https://github.com/nats-io/nats-server/issues/6794), [#&#8203;6816](https://github.com/nats-io/nats-server/issues/6816)) JetStream - JetStream is no longer incorrectly disabled when specifying `--js` and `--store_dir` on the command line and then issuing a configuration reload ([#&#8203;6609](https://github.com/nats-io/nats-server/issues/6609)) - Correctly remove messages from an interest-based stream when using `AckAll` consumers ([#&#8203;6587](https://github.com/nats-io/nats-server/issues/6587)) - Preserve the first sequence when rebuilding state due to invalid checksums with no remaining messages ([#&#8203;6647](https://github.com/nats-io/nats-server/issues/6647)) - When recovering from disk, ignore temporary files that can be created during stream compression so that the same blocks do not get loaded more than once ([#&#8203;6684](https://github.com/nats-io/nats-server/issues/6684)) - Do not incorrectly reset group WALs when a new leader sends matching term information after a snapshot ([#&#8203;6691](https://github.com/nats-io/nats-server/issues/6691)) - Corrected a regression in the memory store when purging, aligning it with the filestore behaviour ([#&#8203;6714](https://github.com/nats-io/nats-server/issues/6714)) - When issuing a peer remove on a stream, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers ([#&#8203;6720](https://github.com/nats-io/nats-server/issues/6720)) - When issuing a peer remove on a consumer, the new peer set is now proposed through the NRG layer, potentially avoiding a drift in peers ([#&#8203;6727](https://github.com/nats-io/nats-server/issues/6727)) - A race condition that could result in observer nodes becoming incorrectly elected as a group leader has been fixed when using leafnodes with shared system accounts ([#&#8203;6730](https://github.com/nats-io/nats-server/issues/6730)) - Ensure that duplicate Raft groups are not created for the same asset during a restart ([#&#8203;6732](https://github.com/nats-io/nats-server/issues/6732)) - Allow the use of the extended consumer create API when combining service imports/exports and limited API permissions ([#&#8203;6759](https://github.com/nats-io/nats-server/issues/6759)) - Streams with the `FirstSeq` configured are no longer incorrectly purged after a restart if the stream first sequence still matches the configured first sequence ([#&#8203;6753](https://github.com/nats-io/nats-server/issues/6753)) - Correctly write tombstones when purging and compacting, fixing a bug that could result in some deleted messages returning if the stream index had to be rebuilt ([#&#8203;6685](https://github.com/nats-io/nats-server/issues/6685)) - The memory store no longer leaks memory tracking deleted sequences after a full stream purge ([#&#8203;6769](https://github.com/nats-io/nats-server/issues/6769)) - Correctly handle acks for subjects that include a `@` character ([#&#8203;6777](https://github.com/nats-io/nats-server/issues/6777)) - Avoid losing stream sequence numbers of the server is interrupted by generating a new last message block before removing the final remaining block, particularly noticeable with WQ or interest retention policies ([#&#8203;6778](https://github.com/nats-io/nats-server/issues/6778)) - Use the correct floor when using `AckAll` in R1 consumers ([#&#8203;6790](https://github.com/nats-io/nats-server/issues/6790)) - Preserve consumer state when a stream needs to be reset due to a failed catchup ([#&#8203;6796](https://github.com/nats-io/nats-server/issues/6796)) - Correctly enforce the 32MB maximum publish size limit into JetStream, avoiding filestore corruption from overflowing the maximum record length ([#&#8203;6798](https://github.com/nats-io/nats-server/issues/6798)) - Push consumers are no longer incorrectly marked as inactive after a delivery failure if there is continued interest ([#&#8203;6807](https://github.com/nats-io/nats-server/issues/6807)) - Internal clients for JetStream are no longer closed unexpectedly after updating an expired account claim ([#&#8203;6817](https://github.com/nats-io/nats-server/issues/6817)) - Fixed a panic that could potentially occur when starting clustered consumers when the metalayer is shutting down ([#&#8203;6823](https://github.com/nats-io/nats-server/issues/6823)) - Fixed a bug in subject tree intersection that could miss some subjects when looking for first matching messages matching `FilterSubjects` ([#&#8203;6828](https://github.com/nats-io/nats-server/issues/6828), [#&#8203;6827](https://github.com/nats-io/nats-server/issues/6827)) Gateways - Fixed a bug that could result in a lost queue subscriptions on gateway connections after a restart or a remote unsubscribe ([#&#8203;6607](https://github.com/nats-io/nats-server/issues/6607)) ##### Complete Changes ### [`v2.10.27`](https://github.com/nats-io/nats-server/releases/tag/v2.10.27) [Compare Source](https://github.com/nats-io/nats-server/compare/v2.10.26...v2.10.27) #### Changelog ##### Go Version - 1.24.1 ##### CVEs - This release contains fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27. ##### Fixed JetStream - Correctly validate the calling account on a number of system API calls - Check system and account limits when processing a stream restore - Fixed a performance regression when using max messages per subject of 1 ([#&#8203;6688](https://github.com/nats-io/nats-server/issues/6688)) ##### Complete Changes </details> <details> <summary>nats-io/nats.go (github.com/nats-io/nats.go)</summary> ### [`v1.42.0`](https://github.com/nats-io/nats.go/releases/tag/v1.42.0) [Compare Source](https://github.com/nats-io/nats.go/compare/v1.41.2...v1.42.0) #### Changelog ##### Overview This release adds per-key TTL functionality to key-value stores. It adds: 1. `LimitMarkerTTL` config option to enable automatic tombstone deletion. 2. `KeyTTL` option to `kv.Create()` 3. `PurgeTTL()` option to `kv.Purge()` ##### ADDED - KeyValue: - Added KeyValue per key TTL support and limit markers ([#&#8203;1864](https://github.com/nats-io/nats.go/issues/1864)) ##### Complete Changes ### [`v1.41.2`](https://github.com/nats-io/nats.go/releases/tag/v1.41.2) [Compare Source](https://github.com/nats-io/nats.go/compare/v1.41.1...v1.41.2) #### Changelog ##### ADDED - Core NATS: - Add `nc.RemoveStatusListener()` method ([#&#8203;1856](https://github.com/nats-io/nats.go/issues/1856)) ##### FIXED - Legacy JetStream: - Fix `Fetch` and `FetchBatch` memory leak ([#&#8203;1856](https://github.com/nats-io/nats.go/issues/1856)) - Legacy KeyValue: - Use context in when purging stream in `kv.PurgeDeletes()` ([#&#8203;1858](https://github.com/nats-io/nats.go/issues/1858)) - Bump golang.org/x/crypto to fix vulnerability ([#&#8203;1857](https://github.com/nats-io/nats.go/issues/1857)) ##### Complete Changes ### [`v1.41.1`](https://github.com/nats-io/nats.go/releases/tag/v1.41.1) [Compare Source](https://github.com/nats-io/nats.go/compare/v1.41.0...v1.41.1) #### Changelog ##### FIXED - ObjectStore: - Use default timeout for `ObjectStore.Get` when no deadline is set on ctx ([#&#8203;1850](https://github.com/nats-io/nats.go/issues/1850)) ##### IMPROVED - Remove `golang.org/x/text` dependency ([#&#8203;1849](https://github.com/nats-io/nats.go/issues/1849)) ##### Complete Changes ### [`v1.41.0`](https://github.com/nats-io/nats.go/releases/tag/v1.41.0) [Compare Source](https://github.com/nats-io/nats.go/compare/v1.40.1...v1.41.0) #### Changelog ##### Overview This release adds consumer priority groups to JetStream, exposing overflow and pinning policies. For more information on consumer priority groups, see [ADR-42](https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-42.md). ##### Added - JetStream: - Consumer priority groups with pinned and overflow policies ([#&#8203;1826](https://github.com/nats-io/nats.go/issues/1826)) - `WithDefaultTimeout` option for JetStream API requests ([#&#8203;1843](https://github.com/nats-io/nats.go/issues/1843)) ##### Fixed - KeyValue: - Ensure timer is stopped when watcher is stopped ([#&#8203;1838](https://github.com/nats-io/nats.go/issues/1838)) - ObjectStore: - Ensure object watcher stop closes the updates channel ([#&#8203;1844](https://github.com/nats-io/nats.go/issues/1844)) - Core NATS: - Data race when reading current status in `sub.StatusChanged` and `nc.StatusChanged` ([#&#8203;1841](https://github.com/nats-io/nats.go/issues/1841)) - Reset channel after closing in `ForceReconnect` to avoid panic on subsequent `ForceReconnect` calls ([#&#8203;1842](https://github.com/nats-io/nats.go/issues/1842), [#&#8203;1846](https://github.com/nats-io/nats.go/issues/1846)) ##### Changed ##### Improved - Legacy JetStream: - Cancel `Fetch` and `FetchBatch` on reconnect ([#&#8203;1840](https://github.com/nats-io/nats.go/issues/1840)) - JetStream: - Invalid default in documentation for `OrderedConsumerConfig.InactiveThreshold` ([#&#8203;1845](https://github.com/nats-io/nats.go/issues/1845)) - KeyValue: - Stop the watcher before performing the purge operations for `PurgeDeletes` ([#&#8203;1839](https://github.com/nats-io/nats.go/issues/1839)) ##### Complete Changes ### [`v1.40.1`](https://github.com/nats-io/nats.go/releases/tag/v1.40.1) [Compare Source](https://github.com/nats-io/nats.go/compare/v1.40.0...v1.40.1) #### Changelog ##### Overview This release fixes an issue in legacy JetStream `Subscribe` which did not respect user-set context when creating a consumer. ##### FIXED - Legacy JetStream: - Set context from option when creating consumer in `js.Subscribe` ([#&#8203;1835](https://github.com/nats-io/nats.go/issues/1835)) ##### Complete Changes ### [`v1.40.0`](https://github.com/nats-io/nats.go/releases/tag/v1.40.0) [Compare Source](https://github.com/nats-io/nats.go/compare/v1.39.1...v1.40.0) #### Changelog ##### Overview This release focuses on adding support for new features from [NATS Server v2.11.0](https://github.com/nats-io/nats-server/releases/tag/v2.11.0). This includes: - Per message TTLs - Consumer pause and resume Batch direct get will be released in [orbit](https://github.com/synadia-io/orbit.go). Support for consumer priority groups will be added in the next minor release. ##### Added - JetStream: - Pause and resume JetStream consumer. Thanks [@&#8203;yordis](https://github.com/yordis) for the contribution ([#&#8203;1571](https://github.com/nats-io/nats.go/issues/1571)) - Per message TTL option for JetStream publish ([#&#8203;1825](https://github.com/nats-io/nats.go/issues/1825)) - Timeout option for async publish ([#&#8203;1819](https://github.com/nats-io/nats.go/issues/1819)) - Service API - Support for disabling queue groups at service, group, and endpoint levels ([#&#8203;1797](https://github.com/nats-io/nats.go/issues/1797)) - Core NATS: - `ReconnectErrCB` for handling failed reconnect attempts in a callback. Thanks [@&#8203;sschleemilch](https://github.com/sschleemilch) for the contribution ([#&#8203;1804](https://github.com/nats-io/nats.go/issues/1804)) ##### Fixed - JetStream - Invalid subscription on ordered consumer in leaderless cluster ([#&#8203;1808](https://github.com/nats-io/nats.go/issues/1808)) - Ordered consumer not restarting on no responders ([#&#8203;1827](https://github.com/nats-io/nats.go/issues/1827)) - Avoid ack id collision in PublishAsync ([#&#8203;1812](https://github.com/nats-io/nats.go/issues/1812)) - Possible panic in `Consumer.Fetch` ([#&#8203;1828](https://github.com/nats-io/nats.go/issues/1828)) - Use `resp.Error` to show NATS error in `deleteMsg`. Thanks [@&#8203;imariman](https://github.com/imariman) for the contribution ([#&#8203;1822](https://github.com/nats-io/nats.go/issues/1822)) - KeyValue - Deadlock when fetching keys from KV while messages are deleted/purged ([#&#8203;1824](https://github.com/nats-io/nats.go/issues/1824)) ##### Changed - Bump go version to 1.23 and update dependencies ([#&#8203;1821](https://github.com/nats-io/nats.go/issues/1821)) ##### Complete Changes </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMTUuMiIsInVwZGF0ZWRJblZlciI6IjM5LjI2NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
kjuulh added 1 commit 2025-03-25 23:31:30 +01:00
kjuulh commented 2025-03-25 23:31:30 +01:00
Author
Owner
Copy Link

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 5 additional dependencies were updated

Details:

Package Change
github.com/nats-io/jwt/v2 v2.7.3 -> v2.7.4
github.com/nats-io/nkeys v0.4.10 -> v0.4.11
golang.org/x/crypto v0.34.0 -> v0.37.0
golang.org/x/sys v0.30.0 -> v0.32.0
golang.org/x/time v0.10.0 -> v0.11.0
### ℹ Artifact update notice ##### File name: go.mod In order to perform the update(s) described in the table above, Renovate ran the `go get` command, which resulted in the following additional change(s): - 5 additional dependencies were updated Details: | **Package** | **Change** | | :-------------------------- | :--------------------- | | `github.com/nats-io/jwt/v2` | `v2.7.3` -> `v2.7.4` | | `github.com/nats-io/nkeys` | `v0.4.10` -> `v0.4.11` | | `golang.org/x/crypto` | `v0.34.0` -> `v0.37.0` | | `golang.org/x/sys` | `v0.30.0` -> `v0.32.0` | | `golang.org/x/time` | `v0.10.0` -> `v0.11.0` |
kjuulh force-pushed renovate/all from 9055833c29 to 7269f91552 2025-04-02 02:07:54 +02:00 Compare
kjuulh force-pushed renovate/all from 7269f91552 to f85ef9d79a 2025-04-04 02:07:20 +02:00 Compare
kjuulh force-pushed renovate/all from f85ef9d79a to 4418a1cdfd 2025-04-09 02:07:38 +02:00 Compare
kjuulh force-pushed renovate/all from 4418a1cdfd to ebfa212ada 2025-04-10 02:07:35 +02:00 Compare
kjuulh force-pushed renovate/all from ebfa212ada to 5df9420aba 2025-04-18 02:08:01 +02:00 Compare
kjuulh force-pushed renovate/all from 5df9420aba to 094e3c08d5 2025-04-26 02:08:36 +02:00 Compare
kjuulh force-pushed renovate/all from 094e3c08d5 to 9dbb70666f 2025-05-02 02:07:07 +02:00 Compare
kjuulh force-pushed renovate/all from 9dbb70666f to 8071763059 2025-05-03 02:08:26 +02:00 Compare
kjuulh force-pushed renovate/all from 8071763059 to 524907efa0 2025-05-07 02:07:34 +02:00 Compare
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/all:renovate/all
git checkout renovate/all
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
kjuulh
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: kjuulh/ceen#69
No description provided.
Delete Branch "renovate/all"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?