> ## Documentation Index > Fetch the complete documentation index at: https://docs.streamnative.io/llms.txt > Use this file to discover all available pages before exploring further. # V4.0.8.8 # StreamNative Weekly Release Notes v4.0.8.8 ## Download ### Distributions * [https://github.com/streamnative/pulsar/releases/tag/v4.0.8.8](https://github.com/streamnative/pulsar/releases/tag/v4.0.8.8) ### Packages * [Maven Central](https://search.maven.org/artifact/io.streamnative/pulsar/4.0.8.8/pom) ### Images * [sn-platform](https://hub.docker.com/layers/streamnative/sn-platform/4.0.8.8/images/sha256-ea64d21c601a22faf6b6600e6eea8f4e6e9c527f5563afe5377f37cdcefac015) * [sn-platform-slim](https://hub.docker.com/layers/streamnative/sn-platform-slim/4.0.8.8/images/sha256-abd34d78ffc7f6c25889023c303efdfdd9cd94759c157e440601df6c3dbc8747) * [private-cloud](https://hub.docker.com/layers/streamnative/private-cloud/4.0.8.8/images/sha256-abd34d78ffc7f6c25889023c303efdfdd9cd94759c157e440601df6c3dbc8747) ## General Changes ### Apache Pulsar ([#25231](https://github.com/apache/pulsar/pull/25231)) \[fix]\[broker] Fix transactionMetadataFuture completeExceptionally with null value ([#25229](https://github.com/apache/pulsar/pull/25229)) \[fix]\[client] Send all chunkMessageIds to broker for redelivery ([#25221](https://github.com/apache/pulsar/pull/25221)) \[improve]\[broker] Give the detail error msg when authenticate failed with AuthenticationException ([#25227](https://github.com/apache/pulsar/pull/25227)) \[fix]\[test] Fix Mockito stubbing race in TopicListServiceTest ([#25228](https://github.com/apache/pulsar/pull/25228)) \[fix]\[broker] Fix incomplete futures in topic property update/delete methods ([#25224](https://github.com/apache/pulsar/pull/25224)) \[improve]\[broker] Add idle timeout support for http ([#25052](https://github.com/apache/pulsar/pull/25052)) \[improve]\[client] Make authorization server metadata path configurable in AuthenticationOAuth2 ([#24944](https://github.com/apache/pulsar/pull/24944)) \[feat]\[client] oauth2 trustcerts file and timeouts ([#25185](https://github.com/apache/pulsar/pull/25185)) \[improve]\[broker] Add strictAuthMethod to require explicit authentication method ([#25223](https://github.com/apache/pulsar/pull/25223)) \[fix]\[broker] Fix httpProxyTimeout config ([#25195](https://github.com/apache/pulsar/pull/25195)) \[feat]\[io] implement pip-297 for jdbc sinks ([#25188](https://github.com/apache/pulsar/pull/25188)) \[fix]\[broker] Prevent missed topic changes in topic watchers and schedule periodic refresh with patternAutoDiscoveryPeriod interval ([#25207](https://github.com/apache/pulsar/pull/25207)) \[fix]\[client] Fix producer synchronous retry handling in failPendingMessages method ([#25199](https://github.com/apache/pulsar/pull/25199)) \[fix]\[broker]Fix ledgerHandle failed to read by using new BK API ([#25165](https://github.com/apache/pulsar/pull/25165)) \[fix]\[broker] Fix ManagedCursorImpl.asyncDelete() method may lose previous async mark delete properties in race condition ([#25216](https://github.com/apache/pulsar/pull/25216)) \[fix]\[test]Fix flaky ExtensibleLoadManagerImplTest\_testGetMetrics ([#25187](https://github.com/apache/pulsar/pull/25187)) \[improve]\[meta] PIP-453: Improve the metadata store threading model ([#25211](https://github.com/apache/pulsar/pull/25211)) \[improve]\[proxy] Add regression tests for package upload with 'Expect: 100-continue' ([#24994](https://github.com/apache/pulsar/pull/24994)) \[improve]\[monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 ([#25208](https://github.com/apache/pulsar/pull/25208)) \[fix]\[client] Fix race condition between isDuplicate() and flushAsync() method in PersistentAcknowledgmentsGroupingTracker due to incorrect use Netty Recycler ([#25209](https://github.com/apache/pulsar/pull/25209)) \[fix] \[test] Upgrade docker-java to 3.7.0 ([#25197](https://github.com/apache/pulsar/pull/25197)) \[fix]\[misc] Allow JWT tokens in OpenID auth without nbf claim ([#25172](https://github.com/apache/pulsar/pull/25172)) \[improve]\[client]Reduce unnecessary getPartitionedTopicMetadata requests when using retry and DLQ topics. ([#25173](https://github.com/apache/pulsar/pull/25173)) \[improve]\[pip] PIP-453: Improve the metadata store threading model ([#25178](https://github.com/apache/pulsar/pull/25178)) \[fix]\[client] ControlledClusterFailover avoid unnecessary reconnection. ([#25179](https://github.com/apache/pulsar/pull/25179)) \[fix]\[proxy] Close client connection immediately when credentials expire and forwardAuthorizationCredentials is disabled ([#25182](https://github.com/apache/pulsar/pull/25182)) \[improve]\[misc] Upgrade snappy version to 1.1.10.8 ([#25186](https://github.com/apache/pulsar/pull/25186)) \[fix]\[test] Bump org.assertj:assertj-core from 3.27.5 to 3.27.7 ### KoP Some operations can't work with super-user role Fix race condition in concurrent Schema Registry requests handling \[branch-4.0] Upgrade pulsar version to 4.0.8.8 \[branch-4.1] Upgrade unified rbac dependency to 1.7.3 Fix potential concurrent modification issue Return references when getting schema by subject and version Fix flaky test IdempotentProducerTest ### StreamNative Pulsar Plugins 898f3b879 fix incompatible with pulsar Upgrade detector build image to 1.25 07dfa85d0 fix: update pulsar and sn.bom versions to 4.0.8.8 in pom.xml b1f864ff0 fix: update Maven command to include update flag for dependencies db522f9ed build detector multi-platform d9b7c56ec fix: remove opentelemetry-sdk-testing dependency from pom.xml dd9968bc1 using streamnative-bom opentelemetry version fix: patch CVE-2025-61726, CVE-2025-61728, CVE-2025-61730 in stdlib Fix OIDCServlet to use local metadata store instead of configuration metadata store fix: upgrade zookeeper to 3.9.4 to patch CVE-2025-58457 ### pulsarctl fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 fix: upgrade Go from 1.25.5 to 1.25.6 to patch CVE-2025-61726, CVE-2025-61728, CVE-2025-61730 ### Cloud Pulsar Plugins a2882f8 Revert "Add OpenTelemetry SDK extension dependency to test pom.xml" 93ed760 Add OpenTelemetry SDK extension dependency to test pom.xml ### Function Mesh Worker Service 3b32d782 Fix CI Reuse authorization service when possible a448fef3 Enhance CI ## Security Fixes ### Apache Pulsar ([#25095](https://github.com/apache/pulsar/pull/25095)) \[fix]\[sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 ([#25206](https://github.com/apache/pulsar/pull/25206)) \[fix]\[sec] Upgrade OpenSearch to 2.19.4 to remediate CVE-2025-9624 ([#25198](https://github.com/apache/pulsar/pull/25198)) \[fix]\[sec] Exclude org.lz4:lz4-java and standardize on at.yawk.lz4-java to remediate CVE-2025-12183 and CVE-2025-66566 ([#25175](https://github.com/apache/pulsar/pull/25175)) \[fix]\[sec] Bump org.apache.solr:solr-core from 9.8.0 to 9.10.1 in /pulsar-io/solr