Release v2.12.9-RC.1

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.10 (#8107)

Dependencies

• github.com/klauspost/compress v1.18.6 (#8124)
• golang.org/x/crypto v0.51.0 (#8124)
• golang.org/x/sys v0.44.0 (#8124)

Added

General

• New metrics in_client_msgs, in_client_bytes, out_client_msgs and out_client_bytes are now available via the /varz monitoring endpoint for tracking data to/from normal clients only (#7851)

Improved

General

• Client TLS certificates without subject DNs but with DNS subject alternate names are now permitted (#8100)

Fixed

General

• Fixed a deadlock that could occur when processing cluster info hit Raft lock contention (#8080)
• A number of sublists that incorrectly ignored the disable_sublist_cache option have been fixed (#8081)
• Cluster route compression now obeys the cluster max_pings_out option if configured (#8093)
• The internal send loop no longer mutates caller headers, which could corrupt buffers (#8097)
• Removing headers no longer fails to remove later headers if the matching prefix also appeared in an earlier header value (#8103)
• The sublist now correctly maintains negative results in the cache when calculating number of interested subjects (#8119)
• Server shutdown requests are now idempotent, preventing concurrency issues when shutting down in embedded contexts (#8163)
• TLS listeners now work correctly with the PROXY protocol where enabled (#8130)
• Reduced lock contention that could be created between leafnodes and clients (#8139, #8159)

JetStream

• Atomic batch now sends an unsupported advisory on API level mismatch (#8082)
• A bug which corrupted message schedule subjects on recovery has been fixed (#8085)
• Reduced lock contention on node leader changes and Raft group creation (#8087)
• Fixed a protocol error that could be caused by double-encoding of $JS.ACK reply subjects over routes or gateways (#8089)
  – Fixed a panic that could occur when decoding a truncated Raft append entry from the wire (#8092)
• Atomic batch no longer double-pools committed entries on cleanup (#8098)
• Raft nodes will now ignore temporary snapshots on recovery after a crash (#8101)
• A number of paths that could leave consumer redelivered in a drifted state have been fixed, e.g. with workqueue or interest-based streams with max_deliver, on single message removal or after purges/compactions (#8102)
• Caches are now cleared correctly when converting filestore encryption mode, avoiding block-level corruption (#8105, #8166)
• Fixed a race condition when updating the deduplication map on leader change (#8106)
• Source consumer creation will no longer schedule a recreation if a setup is already in progress, avoiding potential setup storms (#8111)
• Fixed data races when reading from the stream configuration when checking reservations, answering some API requests amongst others (#8115)
• Stream republish subjects are now validated correctly (#8127)
• The delivery policy for consumers on clustered workqueue streams is now enforced correctly (#8126)
• Raft node append entry caches are now invalidated correctly on WAL truncation and snapshot installs (#8149)
• Skip message errors are now surfaced correctly, propagating failures (#8152)
• Mirror consumers are now retried immediately on a last sequence mismatch, avoiding stalling for longer than necessary (#8152)
• Raft nodes will no longer allow proposals to remove unknown peers (#8154)
• Pending state no longer leaks when reaching max deliveries (#8156)
• A panic when reusing a wait group when resetting a stream's clustered state has been fixed (#8158)

MQTT

• Invalid characters in subjects are now rejected correctly, avoiding protocol issues when forwarded to other connection types (#8104, #8112)

Complete Changes

v2.12.8...v2.12.9-RC.1

Release v2.14.0

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

• 1.26.2

Added

General

• Feature flags in the server configuration (#7866)
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-53.md

JetStream

• Fast-ingest batch publishing (#7778, #7892, #7894, #7945)
  • Allows high-speed publishing of message batches into the server when using a supported client
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md#fast-ingest-batch-publishing
• Repeating & cron-based message schedules (#7504, #7687, #7688)
  • The Nats-Schedule header can now be configured on a repeating basis, i.e. @every 5m, @hourly or using crontab-like syntax
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Scheduled subject sampling (#7506)
  • The Nats-Schedule-Source header allows sampling the contents of the last message in the stream for a given subject, allowing sampling of values at a different rate to the original publisher
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md#subject-sampling
• Scheduled subject rollups (#7559)
  • The Nats-Schedule-Rollup header allows initiating a rollup of the Nats-Schedule-Target subject on a scheduled basis
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Consumer reset API (#7489)
  • It is now possible to reset a consumer back to an earlier sequence number using the $JS.API.CONSUMER.RESET.stream.consumer API without deleting and recreating it
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md#consumer-delivery-state-reset-api
• Domain-aware ack and flow control subjects (#7860)
  • This is disabled by default and can be enabled with the js_ack_fc_v2 feature flag, this will be enabled by default in v2.15
  • In an environment where ACLs are used to control ack or flow control subjects, updates will be required to match the new $JS.ACK.domain.acchash.stream.consumer.> and $JS.FC.domain.acchash.stream.consumer.> subject formats
• Asynchronous stream state snapshots for replicated streams (#7876)
  • Allows stream state snapshots to be taken and written without pausing stream processing, improving tail latencies
  • This is particularly impactful in cases where the stream has a large number of interior deletes
• Ability to disable message deduplication when sourcing (#7651)

Leafnodes

• Leafnode remote configurations can now be added and removed at runtime by reloading the configuration (#7937)
• New ignore_discovered_servers option for leafnode remotes to allow ignoring any leafnode URLs sent by the hub (#8067)

Changed

General

• The traceparent header is no longer modified by the message tracing (#7755)
  • The sentinel Nats-Trace-Dest: trace disabled header value disables all server tracing-related functionality

JetStream

• Consumers now generate a 404 No Messages response when using no_wait but without setting an expiry when there are no pending messages in the stream (#7466)
• Invalid or divergent consumer state is reset to match the stream state on startup, i.e. after unclean shutdowns (#7692)
• Account info, stream info, stream list, consumer info and consumer list API requests are now queued separately, deprioritising them relative to create-update-delete API operations (#7898)

MQTT

• Retained messages can no longer contain the ASCII DEL character (0x7F) in the subject (#8071)

Improved

JetStream

• Sourcing and mirroring from interest and workqueue streams is now supported (#7613)
  • When sourcing or mirroring from an interest or workqueue stream, the server automatically upgrades to a durable consumer with AckFlowControl policy and uses consumer reset where necessary
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md
• End-of-batch commit support for atomic batch publishing (#7403)
  • Batches can now be committed after already having sent the last message with Nats-Batch-Commit: eob, which indicates the batch is to be committed, but this last message is purely used to commit and doesn't get persisted
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md
• Rollups are now allowed if the stream has reached the discard_new_per_subject limit (#7974)
• Raft nodes will step down if overrun (#7853)

Fixed

JetStream

• Raft nodes will no longer start if the snapshot is missing or corrupt, or if the snapshot doesn't align with the remaining log on disk, avoiding potential data loss (#7566, #7580, #7620)
• Filestore operations now handle read and write errors from the filesystem more thoroughly (#7788)
• Filestore recovers from partial purge after hard kill (#7676)
• Consistent Raft group rename when moving to or off R1 (#7802)

Complete Changes

v2.12.0...v2.14.0

Release v2.14.0-RC.3

Changelog

This release also contains all changes up to and including v2.12.8.

Go Version

• 1.26.2

Added

General

• Feature flags in the server configuration (#7866)
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-53.md

JetStream

• Fast-ingest batch publishing (#7778, #7892, #7894, #7945)
  • Allows high-speed publishing of message batches into the server when using a supported client
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md#fast-ingest-batch-publishing
• Repeating & cron-based message schedules (#7504, #7687, #7688)
  • The Nats-Schedule header can now be configured on a repeating basis, i.e. @every 5m, @hourly or using crontab-like syntax
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Scheduled subject sampling (#7506)
  • The Nats-Schedule-Source header allows sampling the contents of the last message in the stream for a given subject, allowing sampling of values at a different rate to the original publisher
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md#subject-sampling
• Scheduled subject rollups (#7559)
  • The Nats-Schedule-Rollup header allows initiating a rollup of the Nats-Schedule-Target subject on a scheduled basis
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Consumer reset API (#7489)
  • It is now possible to reset a consumer back to an earlier sequence number using the $JS.API.CONSUMER.RESET.stream.consumer API without deleting and recreating it
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md#consumer-delivery-state-reset-api
• Domain-aware ack and flow control subjects (#7860)
  • This is disabled by default and can be enabled with the js_ack_fc_v2 feature flag, this will be enabled by default in v2.15
  • In an environment where ACLs are used to control ack or flow control subjects, updates will be required to match the new $JS.ACK.domain.acchash.stream.consumer.> and $JS.FC.domain.acchash.stream.consumer.> subject formats
• Asynchronous stream state snapshots for replicated streams (#7876)
  • Allows stream state snapshots to be taken and written without pausing stream processing, improving tail latencies
  • This is particularly impactful in cases where the stream has a large number of interior deletes
• Ability to disable message deduplication when sourcing (#7651)

Leafnodes

• Leafnode remote configurations can now be added and removed at runtime by reloading the configuration (#7937)
• New ignore_discovered_servers option for leafnode remotes to allow ignoring any leafnode URLs sent by the hub (#8067)

Changed

General

• The traceparent header is no longer modified by the message tracing (#7755)
  • The sentinel Nats-Trace-Dest: trace disabled header value disables all server tracing-related functionality

JetStream

• Consumers now generate a 404 No Messages response when using no_wait but without setting an expiry when there are no pending messages in the stream (#7466)
• Invalid or divergent consumer state is reset to match the stream state on startup, i.e. after unclean shutdowns (#7692)
• Account info, stream info, stream list, consumer info and consumer list API requests are now queued separately, deprioritising them relative to create-update-delete API operations (#7898)

MQTT

• Retained messages can no longer contain the ASCII DEL character (0x7F) in the subject (#8071)

Improved

JetStream

• Sourcing and mirroring from interest and workqueue streams is now supported (#7613)
  • When sourcing or mirroring from an interest or workqueue stream, the server automatically upgrades to a durable consumer with AckFlowControl policy and uses consumer reset where necessary
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md
• End-of-batch commit support for atomic batch publishing (#7403)
  • Batches can now be committed after already having sent the last message with Nats-Batch-Commit: eob, which indicates the batch is to be committed, but this last message is purely used to commit and doesn't get persisted
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md
• Rollups are now allowed if the stream has reached the discard_new_per_subject limit (#7974)
• Raft nodes will step down if overrun (#7853)

Fixed

JetStream

• Raft nodes will no longer start if the snapshot is missing or corrupt, or if the snapshot doesn't align with the remaining log on disk, avoiding potential data loss (#7566, #7580, #7620)
• Filestore operations now handle read and write errors from the filesystem more thoroughly (#7788)
• Filestore recovers from partial purge after hard kill (#7676)
• Consistent Raft group rename when moving to or off R1 (#7802)

Complete Changes

v2.14.0-RC.2...v2.14.0-RC.3

Release v2.14.0-RC.2

Changelog

This release also contains all changes up to and including v2.12.8.

Go Version

• 1.26.2

Added

General

• Feature flags in the server configuration (#7866)
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-53.md

JetStream

• Fast-ingest batch publishing (#7778, #7892, #7894, #7945)
  • Allows high-speed publishing of message batches into the server when using a supported client
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md#fast-ingest-batch-publishing
• Repeating & cron-based message schedules (#7504, #7687, #7688)
  • The Nats-Schedule header can now be configured on a repeating basis, i.e. @every 5m, @hourly or using crontab-like syntax
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Scheduled subject sampling (#7506)
  • The Nats-Schedule-Source header allows sampling the contents of the last message in the stream for a given subject, allowing sampling of values at a different rate to the original publisher
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md#subject-sampling
• Scheduled subject rollups (#7559)
  • The Nats-Schedule-Rollup header allows initiating a rollup of the Nats-Schedule-Target subject on a scheduled basis
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Consumer reset API (#7489)
  • It is now possible to reset a consumer back to an earlier sequence number using the $JS.API.CONSUMER.RESET.stream.consumer API without deleting and recreating it
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md#consumer-delivery-state-reset-api
• Domain-aware ack and flow control subjects (#7860)
  • This is disabled by default and can be enabled with the js_ack_fc_v2 feature flag, this will be enabled by default in v2.15
  • In an environment where ACLs are used to control ack or flow control subjects, updates will be required to match the new $JS.ACK.domain.acchash.stream.consumer.> and $JS.FC.domain.acchash.stream.consumer.> subject formats
• Asynchronous stream state snapshots for replicated streams (#7876)
  • Allows stream state snapshots to be taken and written without pausing stream processing, improving tail latencies
  • This is particularly impactful in cases where the stream has a large number of interior deletes
• Ability to disable message deduplication when sourcing (#7651)

Leafnodes

• Leafnode remote configurations can now be added and removed at runtime by reloading the configuration (#7937)
• New ignore_discovered_servers option for leafnode remotes to allow ignoring any leafnode URLs sent by the hub (#8067)

Changed

General

• The traceparent header is no longer modified by the message tracing (#7755)
  • The sentinel Nats-Trace-Dest: trace disabled header value disables all server tracing-related functionality

JetStream

• Consumers now generate a 404 No Messages response when using no_wait but without setting an expiry when there are no pending messages in the stream (#7466)
• Invalid or divergent consumer state is reset to match the stream state on startup, i.e. after unclean shutdowns (#7692)
• Account info, stream info, stream list, consumer info and consumer list API requests are now queued separately, deprioritising them relative to create-update-delete API operations (#7898)

Improved

JetStream

• Sourcing and mirroring from interest and workqueue streams is now supported (#7613)
  • When sourcing or mirroring from an interest or workqueue stream, the server automatically upgrades to a durable consumer with AckFlowControl policy and uses consumer reset where necessary
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md
• End-of-batch commit support for atomic batch publishing (#7403)
  • Batches can now be committed after already having sent the last message with Nats-Batch-Commit: eob, which indicates the batch is to be committed, but this last message is purely used to commit and doesn't get persisted
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md
• Rollups are now allowed if the stream has reached the discard_new_per_subject limit (#7974)
• Raft nodes will step down if overrun (#7853)

Fixed

JetStream

• Raft nodes will no longer start if the snapshot is missing or corrupt, or if the snapshot doesn't align with the remaining log on disk, avoiding potential data loss (#7566, #7580, #7620)
• Filestore operations now handle read and write errors from the filesystem more thoroughly (#7788)
• Filestore recovers from partial purge after hard kill (#7676)
• Consistent Raft group rename when moving to or off R1 (#7802)

Complete Changes

v2.14.0-RC.1...v2.14.0-RC.2

Release v2.12.8

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.9

Dependencies

• golang.org/x/crypto v0.50.0 (#8030)
• golang.org/x/sys v0.43.0 (#8030)
• github.com/nats-io/nats.go v1.51.0 (#8068)

Improved

JetStream

• Refactored and simplified setting the pinned headers in consumers (#8032)
• Scanning for the starting sequence for consumers is now an asynchronous operation which no longer pauses the metalayer (#8051)

Fixed

General

• Reload logic on gateway pinned_certs configuration has been corrected
• Repeated CONNECT messages on a connection now clear subscriptions
• JWT claims with validity times that cross midnight are now validated correctly
• The /connz monitoring endpoint no longer discloses bearer JWTs
• Monitoring redaction of route and cluster URL secrets when passed in as command line arguments
• Fixed a panic that could occur when negotiating compression on leafnode connections
• Max control line enforcement for non-clients has been fixed
• Fixed a bug where setting message headers could mutate the input message buffers

Leafnodes

• Solicited leafnode connections now send a connect advisory, which was previously missing (#8015)

JetStream

• Message roll-ups are now applied on interest-based streams where there is no interest over the subjects (#8019)
• Stream leaders can now catch up from incoming snapshots, correcting an edge case when scaling up (#8021)
• Fixed a Raft commit index reset when terms mismatch (#8023, contributed by @thecitymouse)
• Purging via scheduled Nats-Schedule-Next: purge now errors when message scheduling is not enabled (#8035)
• Recovering with a legacy zero index Raft snapshot will no longer panic (#8039)
• Messages with a deduplication Nats-Msg-Id header are no longer incorrectly deduplicated in mirrors (#8043)
• Fixed a panic when scaling after a stream update when the assignment is not fully populated yet on recovery (#8049)
• Stream info and consumer info requests will no longer return not found when the assignments are in-flight (#8054)
• Streams and consumers now correctly reject path separators in asset names
• Fixed a concurrent map write panic when calling the consumer pause endpoint (#8061)
• The cluster stream sequence is no longer incorrectly advanced when a proposal fails, avoiding a last sequence mismatch error (#8057)
• Stream clustered consistency checks are now performed on transformed subject where applicable instead of the publish subject (#8022)
• Stream sourcing should no longer duplicate messages after a leafnode reconnection or after a proposal error (#8069)

Complete Changes

v2.12.7...v2.12.8

Release v2.11.17

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

• 1.25.9

Dependencies

• github.com/antithesishq/antithesis-sdk-go v0.7.0-default-no-op
• github.com/klauspost/compress v1.18.5
• github.com/minio/highwayhash v1.0.4
• golang.org/x/crypto v0.50.0
• golang.org/x/sys v0.43.0
• github.com/nats-io/nats.go v1.51.0

Fixed

General

• Reload logic on gateway pinned_certs configuration has been corrected
• Repeated CONNECT messages on a connection now clear subscriptions
• JWT claims with validity times that cross midnight are now validated correctly
• The /connz monitoring endpoint no longer discloses bearer JWTs
• Monitoring redaction of route and cluster URL secrets when passed in as command line arguments
• Fixed a panic that could occur when negotiating compression on leafnode connections
• Max control line enforcement for non-clients has been fixed
• Fixed a bug where setting message headers could mutate the input message buffers

Complete Changes

v2.11.16...v2.11.17

Release v2.14.0-RC.1

Changelog

This release also contains all changes up to and including v2.12.7.

Go Version

• 1.26.2

Added

General

• Feature flags in the server configuration (#7866)
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-53.md

JetStream

• Fast-ingest batch publishing (#7778, #7892, #7894, #7945)
  • Allows high-speed publishing of message batches into the server when using a supported client
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md#fast-ingest-batch-publishing
• Repeating & cron-based message schedules (#7504, #7687, #7688)
  • The Nats-Schedule header can now be configured on a repeating basis, i.e. @every 5m, @hourly or using crontab-like syntax
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Scheduled subject sampling (#7506)
  • The Nats-Schedule-Source header allows sampling the contents of the last message in the stream for a given subject, allowing sampling of values at a different rate to the original publisher
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md#subject-sampling
• Scheduled subject rollups (#7559)
  • The Nats-Schedule-Rollup header allows initiating a rollup of the Nats-Schedule-Target subject on a scheduled basis
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Consumer reset API (#7489)
  • It is now possible to reset a consumer back to an earlier sequence number using the $JS.API.CONSUMER.RESET.stream.consumer API without deleting and recreating it
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md#consumer-delivery-state-reset-api
• Domain-aware ack and flow control subjects (#7860)
  • This is disabled by default and can be enabled with the js_ack_fc_v2 feature flag, this will be enabled by default in v2.15
  • In an environment where ACLs are used to control ack or flow control subjects, updates will be required to match the new $JS.ACK.domain.acchash.stream.consumer.> and $JS.FC.domain.acchash.stream.consumer.> subject formats
• Asynchronous stream state snapshots for replicated streams (#7876)
  • Allows stream state snapshots to be taken and written without pausing stream processing, improving tail latencies
  • This is particularly impactful in cases where the stream has a large number of interior deletes
• Ability to disable message deduplication when sourcing (#7651)

Leafnodes

• Leafnode remote configurations can now be added and removed at runtime by reloading the configuration (#7937)

Changed

General

• The traceparent header is no longer modified by the message tracing (#7755)
  • The sentinel Nats-Trace-Dest: trace disabled header value disables all server tracing-related functionality

JetStream

• Consumers now generate a 404 No Messages response when using no_wait but without setting an expiry when there are no pending messages in the stream (#7466)
• Invalid or divergent consumer state is reset to match the stream state on startup, i.e. after unclean shutdowns (#7692)
• Account info, stream info, stream list, consumer info and consumer list API requests are now queued separately, deprioritising them relative to create-update-delete API operations (#7898)

Improved

JetStream

• Sourcing and mirroring from interest and workqueue streams is now supported (#7613)
  • When sourcing or mirroring from an interest or workqueue stream, the server automatically upgrades to a durable consumer with AckFlowControl policy and uses consumer reset where necessary
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md
• End-of-batch commit support for atomic batch publishing (#7403)
  • Batches can now be committed after already having sent the last message with Nats-Batch-Commit: eob, which indicates the batch is to be committed, but this last message is purely used to commit and doesn't get persisted
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md
• Rollups are now allowed if the stream has reached the discard_new_per_subject limit (#7974)
• Raft nodes will step down if overrun (#7853)

Fixed

JetStream

• Raft nodes will no longer start if the snapshot is missing or corrupt, or if the snapshot doesn't align with the remaining log on disk, avoiding potential data loss (#7566, #7580, #7620)
• Filestore operations now handle read and write errors from the filesystem more thoroughly (#7788)
• Filestore recovers from partial purge after hard kill (#7676)
• Consistent Raft group rename when moving to or off R1 (#7802)

Complete Changes

v2.12.7...v2.14.0-RC.1

Release v2.12.7

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.9 (#8017)

Dependencies

• github.com/nats-io/nats.go v1.50.0 (#8000)

CVEs

• TBD

Improved

JetStream

• Purging subjects from a stream now only loads filestore blocks within the range of where those subjects appear (#8004)
• Multi-filtered load next or previous message code paths now correctly identify single subject filters or full wildcards and switch to optimized paths (#8012, 8013)
• The max_mem_store and max_file_store configuration options can now be increased (but not decreased) via config reload (#8014)

Fixed

General

• no_auth_user is now restricted to client connections only
• Overlapping wildcard patterns in ACL deny patterns are now enforced correctly
• Queue subscriptions can no longer incorrectly bypass non-queue ACL deny patterns

Leafnodes

• Pre-CONNECT guard improvements for leafnode connections, fixing a potential panic
• ACL permissions are now correctly enforced for inbound leaf messages in all cases
• Duplicate INFO permissions updates are now only accepted for solicited leaf connections
• The max_payload limit is now correctly enforced for leafnode connections
• A panic on leafnode connect when failing to resolve an account has been fixed (#7991)

JetStream

• Consumer max_ack_pending should no longer become stuck due to deleted messages being left in the consumer pending state (#7984)
• When scaling up a stream and adding subjects at the same time, the new subject filters are now correctly subscribed (#8003)
• Filestore caches are no longer expired and evicted from memory too eagerly after a recent write (#8009)
• Stream leaders can catch up from a snapshot if required (#8021)

MQTT

• The jwt is now correctly sent to auth callout for MQTT clients, fixing a regression introduced in 2.12.6 (#7997, #7999)

WebSockets

• The fast-path for connections with no CONNECT block will now use the WebSocket-specific no_auth_user instead of the global one if configured

Complete Changes

v2.12.6...v2.12.7

Release v2.11.16

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

• 1.25.9

CVEs

• TBD

Fixed

General

• no_auth_user is now restricted to client connections only
• Overlapping wildcard patterns in ACL deny patterns are now enforced correctly
• Queue subscriptions can no longer incorrectly bypass non-queue ACL deny patterns

Leafnodes

• Pre-CONNECT guard improvements for leafnode connections, fixing a potential panic
• ACL permissions are now correctly enforced for inbound leaf messages in all cases
• Duplicate INFO permissions updates are now only accepted for solicited leaf connections
• The max_payload limit is now correctly enforced for leafnode connections

WebSockets

• The fast-path for connections with no CONNECT block will now use the WebSocket-specific no_auth_user instead of the global one if configured

Complete Changes

v2.11.15...v2.11.16

Release v2.12.6

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.8

Dependencies

• golang.org/x/crypto v0.49.0 (#7953)
• github.com/nats-io/jwt/v2 v2.8.1 (#7960)
• golang.org/x/sys v0.42.0 (#7923)
• golang.org/x/time v0.15.0 (#7923)

CVEs

• Fixes CVE-2026-33216, CVE-2026-33217, CVE-2026-33215 (affecting systems using MQTT)
• Fixes CVE-2026-33246 (affects systems using leafnodes and service imports)
• Fixes CVE-2026-33218 (affects systems using leafnodes)
• Fixes CVE-2026-33219 (affects systems using WebSockets)
• Fixes CVE-2026-33223, CVE-2026-33222 (affects systems using JetStream)
• Fixes CVE-2026-33248 (affects systems using mutual TLS)
• Fixes CVE-2026-33247 (affects systems providing credentials on the command line)
• Fixes CVE-2026-33249 (affects systems where client publish permissions should be restricted)

Changed

General

• There is now a 1MB size limit on JWTs (#7960)

Improved

General

• Non-WebSocket leafnode connections can now be proxied using HTTP CONNECT (#7781)
• The $SYS.REQ.USER.INFO response now includes the friendly nametag of the account and/or user if known (#7973)

JetStream

• The stream peer-remove command now accepts a peer ID as well as a server name (#7952)

MQTT

• Protocol compliance has been improved, including more error handling on invalid or malformed MQTT packets (#7933)

Fixed

General

• Client connections are no longer registered after an auth callout timeout (#7932)
• Improved handling of duplicate headers
• A correctness bug when validating relative distinguished names has been fixed
• Secrets are now redacted correctly in trace logging (#7942)
• The expvar endpoint on the monitoring port now correctly redacts secrets from the command line arguments
• Trace headers are no longer incorrectly parsed when hitting max payload (#7954)
• When running as a Windows service, switching to lame duck mode should now correctly exit the process (#7958)
• The configuration digest no longer removes from the used variable tracking, which could cause configuration fields to disappear from the returned config (#7959)
• A bug which could result in the service import cycle detection failing to detect a genuine cycle has been fixed (#7961)
• The PROXY protocol v1 header parser no longer incorrectly discards some early protocol bytes from the client (#7962)
• The Nats-Trace-Dest message header for message tracing now requires that the client have publish permissions to the specified subject, an error is returned otherwise
• The route pool is now correctly populated if receiving a pong before handling the new route setup (#7971)

Leafnodes

• A panic when receiving a loop detection error before a connect message has been fixed
• Messages from leafnodes to non-shared service imports now correctly rebuild the request info header
• Leafnodes will now back off on receiving a minimum version required error, no longer requiring blocking the readloop (#7970)

JetStream

• Stream updates on clustered setups with async snapshots enabled should no longer result in the loss of consumer assignments, fixing the regression introduced in 2.12.5 (#7939)
• Fixed idempotent stream create with sources (#7928)
• Fixed a bug where mirror goroutines could get stuck stalling the mirror indefinitely (#7929)
• A panic that could occur when attempting to scale down a stream with an in-flight stream create and consumer create has been fixed (#7940)
• A panic when paginating on various JetStream API endpoints has been fixed
• An interior path traversal bug that could occur when purging JetStream accounts has been fixed
• Meta snapshot apply errors are now surfaced correctly so that the cluster monitor does not advance the applied index (#7944)
• Fixed an issue where extremely large JetStream reservations could overflow and violate tier limits
• Stream restores now ensure that the stream name in the restore subject matches that of the restored snapshot archive
• Stream ingest now correctly strips a NATS status header if present, avoiding incorrect classification of sourced or mirrored messages as control traffic
• The Raft layer now resets the vote correctly when switching to candidate state (#7956)
• The orphan consumer check no longer unexpectedly deletes direct consumers, which could affect sourcing and mirroring (#7957)
• The Raft layer no longer commits entries from previous terms by only allowing entries from our current term up to the commit (#7955)
• Stream restores are now processed directly from the wire without intermediate staging on the filesystem, improving the enforcement of limits and reservations on disk
• Stream sourcing now works correctly when sourcing into a stream with the Discard New Per Subject discard policy (#7896)

MQTT

• A panic that could occur when processing invalid fixed32 or fixed64 fields has been fixed (#7941)
• Persisted MQTT sessions can no longer be restored by a non-matching client ID
• Restrict the implicit permissions for MQTT clients to $MQTT.sub. and $MQTT.deliver.pubrel. prefixes
• MQTT password are no longer exposed in the JWT field of monitoring endpoints or advisory messages
• NATS special characters (., >, *, spaces, tabs) are no longer permitted in MQTT client IDs
• MQTT session flapping detection now uses monotonic time, fixing cases where it could be sensitive to NTP adjustments or clock drifts

WebSockets

• WebSocket protocol parsing no longer relies on potentially unbounded in-memory allocations from compressed or uncompressed frames

Complete Changes

v2.12.5...v2.12.6