Skip to main content

StreamNative Weekly Release Notes v4.1.3.1

Download

Distributions

Packages

Images

General Changes

Apache Pulsar

(#25269) [improve][broker] Optimize AsyncTokenBucket overflow solution further to reduce fallback to BigInteger (#25262) [fix][broker] Guard AsyncTokenBucket against long overflow (#25255) [fix][broker] Use compatible Avro name validator in JsonSchemaCompatibilityCheck (#25193) [fix][broker] Use compatible Avro name validator to allow ’$’ in schema record names (#25254) [fix][client] Reduce logging in OAuth auth to fix parsing of Pulsar cli command output (#25253) [improve] Upgrade RoaringBitmap to 1.6.9 version (#25251) [improve][fn] Upgrade Pulsar Python client version to 3.10.0 (#25246) [fix][meta] Metadata cache refresh might not take effect (#25247) [fix][test] Fix ResourceQuotaCalculatorImplTest#testNeedToReportLocalUsage (#25241) [fix][test] fix testBatchMetadataStoreMetrics. (#25232) [improve] Upgrade Netty to 4.1.131.Final (#25187))) Reapply “[improve][meta] PIP-453: Improve the metadata store threading model (#25187))) Revert “[improve][meta] PIP-453: Improve the metadata store threading model (#25231) [fix][broker] Fix transactionMetadataFuture completeExceptionally with null value (#25229) [fix][client] Send all chunkMessageIds to broker for redelivery (#25221) [improve][broker] Give the detail error msg when authenticate failed with AuthenticationException (#25227) [fix][test] Fix Mockito stubbing race in TopicListServiceTest (#25228) [fix][broker] Fix incomplete futures in topic property update/delete methods (#25224) [improve][broker] Add idle timeout support for http (#25052) [improve][client] Make authorization server metadata path configurable in AuthenticationOAuth2 (#24944) [feat][client] oauth2 trustcerts file and timeouts (#25185) [improve][broker] Add strictAuthMethod to require explicit authentication method (#25223) [fix][broker] Fix httpProxyTimeout config (#25200) [improve][broker] Change log level from warn to debug when cursor mark-deleted position ledger doesn’t exist (#25195) [feat][io] implement pip-297 for jdbc sinks (#25127) [improve][admin] Add client side looping to analyze-backlog in Topics to avoid potential HTTP call timeout (#25188) [fix][broker] Prevent missed topic changes in topic watchers and schedule periodic refresh with patternAutoDiscoveryPeriod interval (#25207) [fix][client] Fix producer synchronous retry handling in failPendingMessages method (#25199) [fix][broker]Fix ledgerHandle failed to read by using new BK API (#25165) [fix][broker] Fix ManagedCursorImpl.asyncDelete() method may lose previous async mark delete properties in race condition (#25216) [fix][test]Fix flaky ExtensibleLoadManagerImplTest_testGetMetrics (#25211) [improve][proxy] Add regression tests for package upload with ‘Expect: 100-continue’ (#24994) [improve][monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 (#25187) [improve][meta] PIP-453: Improve the metadata store threading model (#25208) [fix][client] Fix race condition between isDuplicate() and flushAsync() method in PersistentAcknowledgmentsGroupingTracker due to incorrect use Netty Recycler (#25209) [fix] [test] Upgrade docker-java to 3.7.0 (#25179) [fix][proxy] Close client connection immediately when credentials expire and forwardAuthorizationCredentials is disabled (#25197) [fix][misc] Allow JWT tokens in OpenID auth without nbf claim (#25186) [fix][test] Bump org.assertj:assertj-core from 3.27.5 to 3.27.7 (#25182) [improve][misc] Upgrade snappy version to 1.1.10.8 (#25178) [fix][client] ControlledClusterFailover avoid unnecessary reconnection. (#25172) [improve][client]Reduce unnecessary getPartitionedTopicMetadata requests when using retry and DLQ topics. (#25177) [fix][ml] Fix NoSuchElementException in EntryCountEstimator caused by a race condition (#25166) [improve][broker] Upgrade bookkeeper to 4.17.3 (#25132) [improve][broker] Ensure metadata session state visibility and improve Unstable observability for ServiceUnitStateChannelImpl (#25070) [improve][broker] PIP-442: Add memory limits for topic list watcher (part 2) (#25157) [fix][fn] Fix graceful Pulsar Function shutdown so that consumers and producers are closed (#25151) [fix][broker] Fence reset cursor by timestamp to avoid concurrent timestamp-based position lookups (#25148) [fix][ml] Retry offload reads when OffloadReadHandleClosedException is encountered (#25149) [fix][admin] Fix offload policy incompatible issue. (#25142) [fix][proxy] Fix memory leaks in ParserProxyHandler (#25140) [fix][fn] complete flushAsync before closeAsync in ProducerCache and wait for completion in closing the cache (#25031) [fix][broker] Avoid split non-existent bundle (#25136) [fix][broker] Fix regex matching of namespace name which might contain a regex char (#25110) [fix][broker] Fix markDeletedPosition race condition in ManagedLedgerImpl.maybeUpdateCursorBeforeTrimmingConsumedLedger() method (#25125) [fix][test] Wait for txn.abort() to complete to avoid AdminApiTransactionTest.testAnalyzeSubscriptionBacklogWithTransactionMarker() flaky test (#25114) [fix][broker]Topic deleting failed after removed local cluster from namespace policies (#25130) [improve][broker] Change the log level from error to info when throwing NotAllowedException (#25048) [improve][broker] Enhance logging for adding schema failures in ServerCnx (#25121) [fix][broker] Fix MultiRolesTokenAuthorizationProvider error when subscription prefix doesn’t match. (#25119) [fix][broker] Fix compaction horizon might be reset to an old position when phase two is interrupted (#25104) [improve][broker] Fix thread safety issue in ManagedCursorImpl.removeProperty (#25091) [improve][admin] Add counter for marker messages in PersistentTopics.analyzeSubscriptionBacklog() rest api (#25089) [fix][ml] Fix cursor backlog size to account for individual acks (#25077) [fix][broker] Fix chunked message loss when no consumers are available (#25101) [fix][test] Fix ManagedCursorTest and NonDurableCursorTest flaky tests (#25106) [fix][client]Producer stuck or geo-replication stuck due to wrong value of message.numMessagesInBatch (#25105) [fix][broker]pulsar_ml_reads_inflight_bytes and pulsar_ml_reads_available_inflight_bytes are 0 at the same time (#25087) [fix][broker] Fix cursor position persistence in ledger trimming (#25085) [improve][io] Replace Qpid in tests with RabbitMQ in Testcontainers and upgrade RabbitMQ client version (#25084) [fix][build] Activate jdk21 and jdk24 profiles on Java 25 (#25073) [fix][broker]Infinitely failed to delete topic if the first time failed and enabled transaction (#25047) [fix][broker]Fix incorrect backlog if use multiple acknowledge types on the same subscription (#24980) [fix][broker] fix prepareInitPoliciesCacheAsync in SystemTopicBasedTopicPoliciesService (#24658) [improve][broker] Optimize Reader creation in TopicPoliciesService (#25053) [improve][broker] Use atomic counter for ongoing transaction count (#25069) [fix][client] Fix invalid parameter type passed to Map.get in TopicsImpl.getListAsync method (#25066) [fix][broker] PIP-442: Fix race condition in async semaphore permit updates that causes memory limits to become ineffective (#25044) [improve][broker] Improve replicated subscription snapshot cache so that subscriptions can be replicated when mark delete position update is not frequent (#25067) [fix][broker] Force EnsemblePolicies to resolve network location after rackInfoMap is updated due to changes in /ledgers/available znode (#25050) [fix][admin] Refactor bookie affinity group sync operations to async in rest api (#25059) [fix][broker] Fix various error-prone detected errors mainly in logging and String.format parameters (#25054) [improve][build] Upgrade errorprone to 2.45.0 version (#25056) [fix][cli] Fix output of —print-metadata in cli consume (#25051) [fix][cli] Fix some pulsar-admin topicPolicies commands exiting before async operations complete (#16651) [improve][broker] Fix replicated subscriptions race condition with mark delete update and snapshot completion (#25027) [improve][misc] Add log4j-layout-template-json to server distribution to enable e.g. ECS template support in log4j configurations for Pulsar server components. (#25032) [fix][test] Replace LZ4FastDecompressor with LZ4SafeDecompressor in test (#25034) [improve][misc]introduce log4j Console appender ConsoleJson (#25039) [fix][broker] Fix potential NPE in InMemTransactionBuffer.appendBufferToTxn by returning a valid Position (#25026) [improve][broker]Add test for getting partitioned topic metadata with PulsarAdmin client (#25029) [improve][io] Upgrade Debezium version to 3.2.5.Final (#25036) [improve][client] Add null checks for MessageAcknowledger methods to prevent NullPointerException (#25037) [fix][broker]Incorrect backlog that is larger than expected (#24994))) Revert “[improve][monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 (#25022) [fix] Upgrade gson to 2.13.2 (#25018) [improve][broker]Remove the warn log that frequently prints (#25016) [fix][broker]Fix memory leak when using a customized ManagedLedger implementation (#25015) [fix][client] Fix AutoProduceBytesSchema.clone() method (#25014) [fix][client] Fix thread-safety of AutoProduceBytesSchema (#25013) [improve][client] Test no exception could be thrown for invalid epoch in message (#25011) [improve] Eliminate unnecessary duplicate schema lookups for partitioned topics in client and geo-replication (#25004) [fix][broker] Add schema version in rest produce api (#25012) [fix][broker] Fix issue with schemaValidationEnforced in geo-replication (#25008) [fix][client] Fix double recycling of the message in isValidConsumerEpoch method (#25007) [fix][client] PIP-84: Skip processing a message in the message listener if the consumer epoch is no longer valid (#25006) [fix][client] Skip processing messages in the listener when the consumer has been closed (#24994) [improve][monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 (#24997) [fix][broker] Fix creation of replicated subscriptions for partitioned topics (#24983) [improve] Upgrade Apache Commons library versions (#24995) [improve][test] Use Oxia project docker container for integration tests (#24986) [fix] Handle TLS close_notify to avoid SslClosedEngineException: SSLEngine closed already (#24982) [improve][build] Upgrade Testcontainers to 1.21.3 (#24975) [improve][broker]Improve error response of failed to delete topic if it has replicators connected (#24938) [fix][broker]Wrong backlog: expected 0 but got 1 (#24985) [improve] Upgrade Log4j2 to 2.25.2 and slf4j to 2.0.17 (#24984) [improve] Upgrade Caffeine to 3.2.3 (#24871) [fix][test] Fixed Non-Guaranteed Order in PoliciesDataTest.propertyAdmin (#24981) [fix][build] Remove Confluent and Restlet maven repositories from top level pom.xml (#24976) [feat][meta] upgrade oxia version to 0.7.2

Security Fixes

Apache Pulsar

(#25256) [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25250) [fix][sec] Upgrade Python protobuf version to 6.33.5 to address CVE-2026-0994 (#25095) [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25206) [fix][sec] Upgrade OpenSearch to 2.19.4 to remediate CVE-2025-9624 (#25198) [fix][sec] Exclude org.lz4:lz4-java and standardize on at.yawk.lz4-java to remediate CVE-2025-12183 and CVE-2025-66566 (#25175) [fix][sec] Bump org.apache.solr:solr-core from 9.8.0 to 9.10.1 in /pulsar-io/solr (#25152) [fix][sec] Upgrade vertx to address CVE-2026-1002 (#25102) [fix][sec] Upgrade log4j to 2.25.3 to address CVE-2025-68161 (#25095) [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25078) [fix][sec] Upgrade Netty to 4.1.130.Final (#25045) [fix][sec] Bump at.yawk.lz4:lz4-java from 1.9.0 to 1.10.1 in /pulsar-common (#25024) [fix][sec] Eliminate commons-collections dependency (#24987) [fix][sec] Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in /pulsar-function-go