​

StreamNative Weekly Release Notes v4.0.7.1

​

Download

​

Distributions

• https://github.com/streamnative/pulsar/releases/tag/v4.0.7.1

​

Packages

• Maven Central

​

Images

• sn-platform
• sn-platform-slim
• private-cloud

​

General Changes

​

Apache Pulsar

(#24948) [improve][test] Disable flaky PatternConsumerBackPressureTest until the problem is fixed (#24947) [fix][broker][branch-4.0] Fix failed testFinishTakeSnapshotWhenTopicLoading due to topic future cache conflicts (#23551) [fix][txn] fix concurrent error cause txn stuck in TransactionBufferHandlerImpl#endTxn (#24939) [fix][broker] Avoid recursive update in ConcurrentHashMap during policy cache cleanup (#21981) [fix][monitor] Fix the incorrect metrics name (#24787) [improve][broker] Add tests for using absolute FQDN for advertisedAddress and remove extra dot from brokerId (#24762) [fix][admin] Set local policies overwrites “number of bundles” passed during namespace creation (#24941) [fix][broker] Fix bug in PersistentMessageExpiryMonitor which blocked further expirations (#24929) [fix][test] Stabilize testMsgDropStat by reliably triggering non-persistent publisher drop (#24934) [fix][broker] Fix stack overflow caused by race condition when closing a connection (#24932) [fix][broker] ExtensibleLoadManager: handle SessionReestablished and Reconnected events to re-register broker metadata (#24933) [fix][broker] Use poll instead remove to avoid NoSuchElementException (#24898) [fix][broker] fix getMaxReadPosition in TransactionBufferDisable should return latest (#24943) [improve][broker] Don’t log an error when updatePartitionedTopic is called on a non-partitioned topic (#24942) [improve][broker] Optimize lookup result warn log (#24794) [fix][client] Fix thread leak in reloadLookUp method which is used by ServiceUrlProvider (#24859) [fix][broker] Run ResourceGroup tasks only when tenants/namespaces registered (#24915) [fix][broker] BacklogMessageAge is not reset when cursor mdPosition is on an open ledger (#24860) [fix][broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namespace policies updating (#24917) [improve][ci] Move replication tests to new group Broker Group 5 in Pulsar CI

​

KoP

Fix incorrect version ID displayed in schema retrieval log Add log to trace existing schema retrieval

​

pulsarctl

upgrade golang to 1.24.9

​

Security Fixes

​

Apache Pulsar

(#24937) [fix][sec] Override nimbus-jose-jwt to remediate CVE-2023-52428 and CVE-2025-53864 (#24936) [fix][sec] Override commons-beanutils and commons-configuration2 to remediate CVEs (#24935) [fix][sec] Override kafka-clients in kinesis-kpl-shaded to remediate CVE-2024-31141 and CVE-2025-27817 (#24923) [fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to remediate CVE-2025-8916 (#24903) [fix][sec] Upgrade Spring to 6.2.12 to remediate CVE-2025-22233 and CVE-2025-41249