Artifacts

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• A new immediate upload trigger mode in the Decision Logger
• A new array.flatten built-in function
• Numerous performance improvements

Immediate Upload Trigger Mode in Decision Logger (#8110)

An immediate trigger mode has been added to the Decision Logger; enabled by setting the decision_logs.reporting.trigger configuration option to immediate.
When enabled, log events are pushed to the log service as soon as the configured upload chunk size criteria is met; or, at latest, when the configured upload delay is reached.

Authored by @sspaink

Runtime, SDK, Tooling

• cmd/fmt: Do not overwrite file on fmt without changes (#8222) authored by @Loic-R
• cmd/test: Enable sorting JSON test results by duration (#7444) authored by @sspaink
• profiler: nil *Profiler should not report Enabled() (#8256) authored by @anderseknert
• rego: Add Data function to simplify adding data from map (#5961) authored by @majiayu000 reported by @anderseknert
• runtime: Correct naming & docs for version checking (#8191) authored by @charlieegan3

Compiler, Topdown and Rego

• ast: Body.String() doesn't panic on empty body (#8244) authored by @srenatus
• ast: Improve type error message when referencing functions (#6840) authored by @sspaink
• ast: Type Checker recognizes when a variable has multiple assignments but is an undefined function (#7463) authored by @sspaink reported by @anderseknert
• ast/parser: Avoid duplicate loc copies (#8142) authored by @srenatus
• topdown: Add array.flatten built-in function (#8226) authored by @anderseknert
• topdown: Fix issue where numbers.range_step built-in could erroneously return undefined value (#8194) authored by @thevilledev
• topdown: Remove hard-coded missing key error in strings.render_template built-in (#7931) authored by @colinjlacy reported by @anderseknert
• topdown: Re-introduce cancellation-awareness for regex.replace built-in (#8179) authored by @srenatus
  from having been reverted in v1.12.1
• topdown: Support arrays as input for json.match_schema (#6615) authored by @sspaink reported by @mscudlik

Performance

• ast: Improved annotations parsing (#8210) authored by @anderseknert
• ast: Reinstate zero-alloc paths in Ref.String() (#8202) authored by @anderseknert
• ast: Replace regex implementation in IsVarCompatibleString (#8164) authored by @anderseknert
• ast: Optimize Set.Intersect and Set.Diff (#8167) authored by @thevilledev
• ast: Optimize Set.Union (#8172) authored by @thevilledev
• ast: Reduce allocations in Expr.MarshalJSON (#8204) authored by @thevilledev
• ast: Reduce allocations in Rule.MarshalJSON (#8205) authored by @thevilledev
• ast: Reduce allocations in Term.MarshalJSON (#8200) authored by @thevilledev
• ast: Reduce allocations in With.MarshalJSON (#8206) authored by @thevilledev
• perf: String() implementations using appenders (#8192) authored by @anderseknert
• topdown: Avoid redundancy in builtinTrim (#8237) authored by @thevilledev
• topdown: Eliminate closure allocations in Set and virtual doc enumeration (#8242) authored by @alex60217101990
• topdown: Fast paths for array.reverse (#8177) authored by @thevilledev
• topdown: Optimize json.remove and json.filter (#8193) authored by @thevilledev
• topdown: Optimize object built-ins (#8175) authored by @thevilledev
• topdown: Optimize union built-in (#8173) authored by @thevilledev
• topdown: Pre-alloc in various built-ins (#8198) authored by @thevilledev
• topdown: Reduce allocs in float sum/product (#8235) authored by @thevilledev
• topdown: Skip set copy in getObjectKeysParam (#8176) authored by @thevilledev

Docs, Website, Ecosystem

• docs: Add authz-spring-boot-starter to Spring Security API ecosystem entry (#8234) authored by @francois-eckert
• docs: Add header for crypto example to make (#8259) authored by @charlieegan3
• docs: Add notes for automated agents (#8147, #8203) authored by @charlieegan3
• docs: Add opa-wasm-zig to the ecosystem (#8163) authored by @burdzwastaken
• docs: Add scripts to import docs from source (#8148) authored by @charlieegan3
• docs: Explain how to use the SDK without a initialising a server (#8248) authored by @andrewcameronsims
• docs: Fix a number of redirecting links (#8165 authored by @charlieegan3
• docs: Fix template-expression examples (#8199) authored by @johanfylling
• docs/ocp: Mention source prefix/path options (#8238) authored by @srenatus
• website: Add redirect section for immutable referrers (#8262) authored by @charlieegan3 reported by @KraLeoD
• website: Display 2025 survey results on the website (#8258) authored by @charlieegan3
• website: Show breadcrumbs in search results (#8207) authored by @charlieegan3

Miscellaneous

• Decoupled the Rego job check from the Go job checks in the Github PR workflow (#8203) authored by @SeanLedford
• build: Format pr_check.rego with opa fmt (#8201) authored by @thevilledev
• build: Migrate PR check to OPA policy (#8183) authored by @SeanLedford
• build: Run go get against main to spot redacted (#8146) authored by @charlieegan3
• deps: Switch to maintained go.yaml.in/yaml/v3 yaml library (#8182) authored by @mrueg
• test/cases: Increase yaml test coverage for some regex and string builtins (#8152) authored by @srenatus
• Dependency updates; notably:
  • build: bump golang from 1.25.5 to 1.25.6 (#8224) authored by @srenatus
  • build(deps): bump go.opentelemetry.io deps from 1.38.0/0.63.0 to 1.39.0/0.64.0
  • build(deps): bump klauspost/compress from v1.18.1 to v1.18.2 (#8184) authored by @srenatus
    because of redaction warning
  • build(deps): bump github.com/go-ini/ini from v1.67.0 to gopkg.in/ini.v1 v1.67.1 (#8208) authored by @gabrpt

What's Changed

• feat: upgrade otel dependencies by @mattisonchao in #250
• Allow to override version id and modification count by @merlimat in #252
• build(deps-dev): bump org.assertj:assertj-core from 3.24.1 to 3.27.7 in the maven group across 1 directory by @dependabot[bot] in #251

Full Changelog: v0.7.2...v0.7.3

What's Changed

• Improved leaderelection context and ingress comparison by @p-strusiewiczsurmacki-mobica in #1368
• Bump anchore/sbom-action from 0.20.11 to 0.21.0 by @dependabot[bot] in #1372
• Fixed preserveVipOnLeadershipLoss setting in manifest generation by @p-strusiewiczsurmacki-mobica in #1376
• Configurable DHCP retry by @p-strusiewiczsurmacki-mobica in #1374
• Fixed endpointslices handling in dualstack clusters by @p-strusiewiczsurmacki-mobica in #1379
• Added pre-pull for testing images + some minor e2e tweaks by @p-strusiewiczsurmacki-mobica in #1380
• Fixed an issue with default gateway interface retrieval in multi-path… by @hindungWang in #1373
• fix common lease fix from 1.0.1 by @slimm609 in #1383
• Bumped e2e test kubernetes version to 1.35.0 by @p-strusiewiczsurmacki-mobica in #1387
• Fixed leaderelection retry on error by @p-strusiewiczsurmacki-mobica in #1386
• Bump golang from 1.25.5-alpine3.23 to 1.25.6-alpine3.23 by @dependabot[bot] in #1393
• Bump k8s.io/client-go from 0.34.3 to 0.35.0 by @dependabot[bot] in #1365
• Bump golang.org/x/sync from 0.18.0 to 0.19.0 by @dependabot[bot] in #1361
• Bump github.com/onsi/ginkgo/v2 from 2.27.2 to 2.27.3 by @dependabot[bot] in #1364
• Bump go.etcd.io/etcd/api/v3 from 3.6.6 to 3.6.7 by @dependabot[bot] in #1363
• Bump anchore/sbom-action from 0.21.0 to 0.22.0 by @dependabot[bot] in #1394
• Bump alpine from 3.23.0 to 3.23.2 by @dependabot[bot] in #1366
• Bump github.com/onsi/gomega from 1.38.2 to 1.38.3 by @dependabot[bot] in #1362
• Fix context propagation and panic() calls by @p-strusiewiczsurmacki-mobica in #1375
• Fix IP refresh when using FQDN for VIP by @p-strusiewiczsurmacki-mobica in #1390
• Improve wireguard by @daniel-naegele in #1384

New Contributors

• @hindungWang made their first contribution in #1373
• @daniel-naegele made their first contribution in #1384

Full Changelog: v1.0.3...v1.0.4

What's Changed

• build(deps-dev): bump webpack-dev-server from 5.2.2 to 5.2.3 in /web/app by @dependabot[bot] in #14885
• build(deps): bump core-js from 3.47.0 to 3.48.0 in /web/app by @dependabot[bot] in #14884
• build(deps-dev): bump @babel/core from 7.28.5 to 7.28.6 in /web/app by @dependabot[bot] in #14883
• build(deps-dev): bump @babel/runtime from 7.28.4 to 7.28.6 in /web/app by @dependabot[bot] in #14882
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #14881
• build(deps): bump chrono from 0.4.42 to 0.4.43 by @dependabot[bot] in #14874
• build(deps): bump zerocopy from 0.8.31 to 0.8.33 by @dependabot[bot] in #14876
• build(deps): bump find-msvc-tools from 0.1.5 to 0.1.8 by @dependabot[bot] in #14875
• build(deps): bump syn from 2.0.111 to 2.0.114 by @dependabot[bot] in #14877
• proxy: v2.338.0 by @l5d-bot in #14891
• build(deps): bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #14892
• build(deps): bump thiserror from 2.0.17 to 2.0.18 by @dependabot[bot] in #14890
• build(deps): bump libc from 0.2.178 to 0.2.180 by @dependabot[bot] in #14889
• build(deps): bump zmij from 1.0.14 to 1.0.17 by @dependabot[bot] in #14888
• build(deps): bump socket2 from 0.6.1 to 0.6.2 by @dependabot[bot] in #14887

Full Changelog: edge-26.1.3...edge-26.1.4

What's Changed

• Revert "feat: add static key file support for OIDC authentication with per-issuer configuration (#874)" by @mattisonchao in #875
• Feat: add per-issuer OIDC configuration with static key file support by @mattisonchao in #876

Full Changelog: v0.15.3-rc3...v0.15.3-rc4

v1.15.2 (2026-01-29)

• a4ecdaac8 release v1.15.2
• 0622723d3 fix: skip NetworkUnavailable condition in non-primary CNI mode (#6195)
• 25acdabb4 fix(vpcnatgw): nat gateway uses faulty default network (#6212)
• b64138b90 controller: fix vpc egress gateway forward policy not working for targets within the internal subnet's cidr (#6222)
• c608e4841 controller: fix vpc egress gateway not working for targets within the internal subnet's cidr (#6218)
• 90eea0ed3 Update start-ic-db.sh to have gen_conn_addr function defined (#6216)
• c0e9ec780 fix: caching NAD CRD should before all kubeovn crds and pod (#6198)
• e3296ba1f prepare for next release

Contributors

• Mengxin Liu
• SKALA NETWORKS
• andrewlee1089
• dnugmanov
• zbb88888
• 张祖建

SlimFaasMcp build native AOT for 4 platforms :

• linux-x64
• windows-x64
• macOS (x64)
• macOS (arm64)

What's Changed

• feat: add static key file support for OIDC authentication with per-issuer configuration by @Copilot in #874

Full Changelog: v0.15.3-rc2...v0.15.3-rc3

Release changes since v0.18.1

None. This is a rebuild of all components to address vulnerabilities from the Go standard libraries.

To see a list of addressed vulnerabilities, please refer to #2093

Features

Fixes

API Changes

Docs

Misc

Welcome to the v0.48.1 bugfix release of Inspektor Gadget.

Bug Fixes

• [BACKPORT] cmd: Remove possibility to customize CFLAGS from build.yaml. by @eiffel-fl in #5245

show help if a subcommand isn't found (#1285)

Signed-off-by: Andrew Lavery <laverya@umich.edu>

Release v0.41.4 (#1926)

This PR prepares the release `v0.41.4`.

Release v0.40.5 (#1925)

This PR prepares the release `v0.40.5`.

What's New

🔤 General

• fix: local provider assumption of user account @hortison (#17202)
• Bump billboard.js from 3.17.4 to 3.18.0 in /install/docker-extension/ui @dependabot[bot] (#17196)

🖥 Meshery UI

• Bump billboard.js from 3.17.4 to 3.18.0 in /provider-ui @dependabot[bot] (#17198)

🧰 Maintenance

• Bump billboard.js from 3.17.4 to 3.18.0 in /provider-ui @dependabot[bot] (#17198)

👨🏽‍💻 Contributors

Thank you to our contributors for making this release possible:
@hortison, @marblom007, @suttonskate and dependabot[bot]

Longhorn v1.11.0 Release Notes

The Longhorn team is excited to announce the release of Longhorn v1.11.0. This release marks a major milestone, with the V2 Data Engine officially entering the Technical Preview stage following significant stability improvements.

Additionally, this version optimizes the stability of the whole system and introduces critical improvements in resource observability, scheduling, and utilization.

For terminology and background on Longhorn releases, see Releases.

Deprecation

V2 Backing Image Deprecation

The Backing Image feature for the V2 Data Engine is now deprecated in v1.11.0 and is scheduled for removal in v1.12.0.

Users using V2 volumes for virtual machines are encouraged to adopt the Containerized Data Importer (CDI) for volume population instead.

GitHub Issue #12237

Primary Highlights

V2 Data Engine

Now in Technical Preview Stage

We are pleased to announce that the V2 Data Engine has officially graduated to the Technical Preview stage. This indicates increased stability and feature maturity as we move toward General Availability.

Limitation: While the engine is in Technical Preview, live upgrade is not supported yet. V2 volumes must be detached (offline) before engine upgrade.

Support for ublk Frontend

Users can now configure ublk (Userspace Block Device) as the frontend for V2 Data Engine volumes. This provides a high-performance alternative to the NVMe-oF frontend for environments running Kernel v6.0+.

GitHub Issue #11039

V1 Data Engine

Faster Replica Rebuilding from Multiple Sources

The V1 Data Engine now supports parallel rebuilding. When a replica needs to be rebuilt, the engine can now stream data from multiple healthy replicas simultaneously rather than a single source. This significantly reduces the time required to restore redundancy for volumes containing tons of scattered data chunks.

GitHub Issue #11331

General

Balance-Aware Algorithm Disk Selection For Replica Scheduling

Longhorn improves the disk selection for the replica scheduling by introducing an intelligent balance-aware scheduling algorithm, reducing uneven storage usage across nodes and disks.

GitHub Issue #10512

Node Disk Health Monitoring

Longhorn now actively monitors the physical health of the underlying disks used for storage by using S.M.A.R.T. data. This allows administrators to identify issues and raise alerts when abnormal SMART metrics are detected, helping prevent failed volumes.

GitHub Issue #12016

Share Manager Networking

Users can now configure an extra network interface for the Share Manager to support complex network segmentation requirements.

GitHub Issue #10269

ReadWriteOncePod (RWOP) Support

Full support for the Kubernetes ReadWriteOncePod access mode has been added.

GitHub Issue #9727

StorageClass allowedTopologies Support

Administrators can now use the allowedTopologies field in Longhorn StorageClasses to restrict volume provisioning to specific zones, regions, or nodes within the cluster.

GitHub Issue #12261

Installation

You can install Longhorn using a variety of tools, including Rancher, Kubectl, and Helm. For more information about installation methods and requirements, see Quick Installation in the Longhorn documentation.

Upgrade

Longhorn only allows upgrades from supported versions. For more information about upgrade paths and procedures, see Upgrade in the Longhorn documentation.

Post-Release Known Issues

For information about issues identified after this release, see Release-Known-Issues.

Resolved Issues in this release

Highlight

• [FEATURE] Add support for ReadWriteOncePod access mode 9727 - @derekbit @shikanime @chriscchien @Copilot
• [FEATURE] Scale replica rebuilding speed from multiple healthy replicas 11331 - @derekbit @shuo-wu @roger-ryao @Copilot
• [FEATURE] Support StorageClass allowedTopologies for Longhorn volumes 12261 - @yangchiu @derekbit @hookak @Copilot
• [FEATURE] Support extra network interface (not only storage network) on the share manager pod 10269 - @yangchiu @c3y1huang
• [FEATURE] Monitor Node Disk Health 12016 - @c3y1huang @roger-ryao
• [FEATURE] Replica Auto Balance Across Nodes based on Node Disk Space Consumption 10512 - @davidcheng0922 @chriscchien

Feature

• [FEATURE] Guess Linux distro from the package manager 12153 - @yangchiu @derekbit @NamrathShetty @Copilot
• [FEATURE] Provide a helm chart setting to define the managerUrl 10583 - @lexfrei @yangchiu
• [FEATURE] Add metric for last backup of a volume 6049 - @c3y1huang @roger-ryao
• [FEATURE] Real-time volume performance monitoring 368 - @derekbit @hookak
• [UI][FEATURE] Monitor Node Disk Health 12263 - @houhoucoop @roger-ryao
• [FEATURE] custom annotation/label of UI's k8s service on value.yaml of helm chart 11754 - @yangchiu @lucasl0st
• [FEATURE] Make longhornctl load ublk_drv module when kernel version is 6 or newer 11803 - @chriscchien @bachmanity1
• [BUG] Inherit namespace for longhorn-share-manager in FastFailover mode 12244 - @yangchiu @semenas
• [FEATURE] Enable CSI pod anti-affinity preset update 12100 - @yangchiu @yulken
• [FEATURE] [Dependency] aws-sdk-go v1.55.7 is EOL as of 2025-07-31 — plan to migrate to v2? 12098 - @mantissahz @roger-ryao
• [FEATURE] Change volume operation menu button behaviour from hover to click. 11408 - @yangchiu @houhoucoop
• [FEATURE] "hard" podAntiAffinity for csi-attacher/csi-provisioner/csi-resizer/csi-snapshotter 11617 - @yangchiu @yulken
• [FEATURE] node storage scheduled metrics 11949 - @yangchiu @AoRuiAC

Improvement

• [IMPROVEMENT] Generalize the offline rebuilding setting for both data engines 12484 - @mantissahz @chriscchien
• [IMPROVEMENT] Introduce Concurrent Job Limit for Snapshot Operations 11635 - @yangchiu @derekbit @davidcheng0922 @Copilot
• [IMPROVEMENT] Improve disk error logging to retain errors from newDiskServiceClients() 12446 - @yangchiu @davidcheng0922
• [IMPROVEMENT] Propagate longhorn-manager's timezone to instance-manager and CSI pods 12448 - @hookak @roger-ryao
• [UI][FEATURE] Scale replica rebuilding speed from multiple healthy replicas 12461 - @houhoucoop @roger-ryao
• [IMPROVEMENT] Configure rolling update strategy for longhorn-manager and CSI deployments 12240 - @hookak @chriscchien
• [IMPROVEMENT] Improve log messages for rebuildNewReplica() in longhorn-manager 12426 - @derekbit @chriscchien
• [IMPROVEMENT] misleading message when instance manager tries to create the pod 11759 - @mantissahz @chriscchien
• [IMPROVEMENT] To improve the debugging process and UX, it would be nice that the error is recorded in the instancemanager.status.conditions. 6732 - @mantissahz @chriscchien
• [IMPROVEMENT] Add setting to disable node disk health monitoring 12300 - @derekbit @roger-ryao @Copilot
• [IMPROVEMENT] Avoid repeat engine restart when there are replica unavailable during migration 11397 - @yangchiu @shuo-wu
• [IMPROVEMENT] [Script] Minor script adjustments from PR #12177 12187 - @rauldsl @yangchiu
• [IMPROVEMENT] Check toolchain versions before generate k8s codes 12164 - @derekbit @roger-ryao
• [IMPROVEMENT] Create Volume UI improvement, Automatically Filter Data Source Based on v1 or v2 Selection 11846 - @yangchiu @houhoucoop
• [IMPROVEMENT] Disable the snapshot of v1 volume hashing while it is being deleted 10294 - @davidcheng0922 @chriscchien
• [IMPROVEMENT] Expose SPDK UBLK Parameters 11039 - @derekbit @PhanLe1010 @roger-ryao @Copilot
• [IMPROVEMENT] Check that block device is not in use before creating disk 12078 - @chriscchien @bachmanity1
• [UI][IMPROVEMENT] Awareness of when an offline replica rebuilding is triggered for an individual volume 11247 - @houhoucoop @roger-ryao
• [IMPROVEMENT] Ensure synchronized upgrades between longhorn-manager and instance-manager 12309 - @hookak @chriscchien
• [IMPROVEMENT] Add Resource Limits Configuration for Longhorn manager/instance-manager 12225 - @hookak @chriscchien
• [IMPROVEMENT] Add Validation Webhook to Volume Expansion When Node Disk Is Full 12134 - @yangchiu @davidcheng0922
• [UI][IMPROVEMENT] Expose SPDK UBLK Parameters 12166 - @houhoucoop @roger-ryao
• [IMPROVEMENT] Fix V2 Volume CSI Clone Slowness Caused by VolumeAttachment Webhook Blocking 12328 - @PhanLe1010 @roger-ryao
• [IMPROVEMENT] Use label-based state in metrics instead of numeric values 10723 - @hookak @roger-ryao
• [IMPROVEMENT] Add Resource Limits Configuration for CSI Components 12224 - @yangchiu @hookak @Copilot
• [IMPROVEMENT] Awareness of when an offline replica rebuilding is triggered for an individual volume 11246 - @yangchiu @mantissahz
• [IMPROVEMENT] Add loadBalancerClass value inside a helm chart for ui service 12273 - @ehpc @chriscchien
• [IMPROVEMENT] Add DNS round-robin load balancing to the pool of S3 addresses 12296 - @yangchiu
• [UI][IMPROVEMENT] Should Not Hide the Deleted Snapshots on UI 11620 - @yangchiu @houhoucoop
• [IMPROVEMENT] Helm chart Multiple TLS FQDNs 12127 - @yangchiu @hrabalvojta
• [IMPROVEMENT] Removing executables from mirrored-longhornio-longhorn-engine image 11254 - @derekbit @chriscchien
• [IMPROVEMENT] [DOC] Clarify replica auto-balance behavior for unhealthy and detached volumes 12002 - @roger-ryao @sushant-suse
• [IMPROVEMENT] CRD enum values 9718 - @roger-ryao @nzhan126
• [DOC] Troubleshooting KB Articles Fix Typos 12199 - @jmeza-xyz
• [IMPROVEMENT] Remove backupstore related settings 11026 - @nzhan126
• [IMPROVEMENT] Reject Trim Operation on Block Volume 12048 - @yangchiu @derekbit
• [IMPROVEMENT] Replace github.com/pkg/errors with github.com/cockroachdb/errors 11413 - @derekbit @chriscchien
• [UI][IMPROVEMENT] UI shows the backing image virtual size 11674 - @chriscchien @houhoucoop
• [IMPROVEMENT] Simplify locking in unsub and stream methods 12057 - @derekbit @NamrathShetty
• [UI][IMPROVEMENT] Show Error Message for Unschedulable Disks 11449 - @yangchiu @houhoucoop
• [IMPROVEMENT] The auto-delete-pod-when-volume-detached-unexpectedly should only focus on the Kubernetes builtin workload. 12120 - @derekbit @chriscchien @sushant-suse
• [IMPROVEMENT] CSIStorageCapacity objects must show schedulable (allocatable) capacity 12014 - @chriscchien @bachmanity1
• [IMPROVEMENT] improve error logging for failed mounting during node publish volume 12025 - @COLDTURNIP @roger-ryao
• [IMPROVEMENT] Improve Helm Chart defaultSettings handling with automatic quoting and multi-type support 12019 - @derekbit @chriscchien
• [IMPROVEMENT] volume spec.backingImage and spec.encrypted shouldn't allow to update for both v1 and v2 data engines 11615 - @yulken @roger-ryao

Bug

• [BUG] V2 DR volume failed if backupstore is temporarily unavailable after node reboot 12543 - @c3y1huang @roger-ryao
• [BUG] SnapshotBack proxy request might be sent to incorrect instance-manager pod 12475 - @derekbit @chriscchien
• [BUG] Replica rebuild, clone and restore fail, traffic being sent to HTTP proxy 12304 - @derekbit @chriscchien @roger-ryao
• [BUG] instance-manager on nodes that don't have hard or solid state disk DDOSing cluster DNS server with TXT query _grpc_config.localhost 12521 - @COLDTURNIP @chriscchien
• [BUG][v1.11.0-rc3] test_basic.py::test_snapshot fails on v2 data engine 12526 - @derekbit @chriscchien
• [BUG] RWX volume causes process uninterruptible sleep 11907 - @COLDTURNIP @chriscchien
• [BUG] Healthy replica could be deleted unexpectedly after reducing volume's number of replicas 12511 - @yangchiu @shuo-wu
• [BUG] Auto balance feature may lead to volumes falling into a replica deletion-recreation loop 11730 - @shuo-wu @roger-ryao
• [BUG] Data locality enabled volume fails to remove an existing running replica after numberOfReplicas reduced 12488 - @derekbit @chriscchien
• [BUG] Single replica volume could get stuck in attaching/detaching loop after the replica node rebooted 9141 - @COLDTURNIP @yangchiu
• [BUG] v2 volume rebuild performance doesn't improve after enabling snapshot integrity 12416 - @yangchiu @davidcheng0922
• [BUG] Request Header Or Cookie Too Large in Web UI with OIDC auth 12077 - @chriscchien @houhoucoop
• [BUG] v1.11.x upgrade test may fail because the default disk of a node is removed during a test case and cannot be re-added 12469 - @COLDTURNIP @yangchiu
• [BUG] Potential Instance Manager Client Context Leak 12198 - @derekbit @chriscchien
• [BUG] v2 DR volume becomes faulted during incremental restoration after source volume expansion 12465 - @yangchiu @davidcheng0922
• [BUG] rebuildConcurrentSyncLimit field is omitted from volume.spec when value is 0 12471 - @derekbit @houhoucoop @roger-ryao
• [BUG] Adding multiple disks to the same node concurrently may occasionally fail 11971 - @davidcheng0922 @roger-ryao
• [BUG] unknown OS condition in node CR is not properly removed during upgrade 12450 - @COLDTURNIP @roger-ryao
• [BUG] Longhorn charts does not take care timezone 11965 - @hookak @roger-ryao
• [BUG] Pod failed to use an activated DR volume, got UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY error 12444 - @yangchiu
• [BUG] v2 volumes do not reuse failed replicas for rebuilding as expected 12413 - @yangchiu @shuo-wu
• [BUG] v2 volumes complete offline rebuilding with an extra failed replica if a node is rebooted during the rebuild 12407 - @yangchiu @mantissahz
• [BUG] Test case test_rebuild_failure_with_intensive_data is failing because replicas cannot be rebuilt after replica process crashed 12436 - @yangchiu @shuo-wu
• [BUG] Replica mode becomes empty and replica rebuilding cannot be triggered after upgrading from v1.10.1 to master-head or v1.11.0-rc1 12431 - @yangchiu @derekbit
• [BUG] v2 volumes get stuck in Attaching/Detaching loop after node reboots 12406 - @yangchiu @c3y1huang
• [BUG] test_basic.py::test_expansion_basic is flaky on v2 data engine due to revert snapshot fail 12235 - @davidcheng0922 @chriscchien
• [BUG] Longhorn nodes may fail to recover after node reboots 12422 - @COLDTURNIP @yangchiu
• [BUG] Missing Frontend default value when creating v2 volumes via Longhorn UI 12152 - @houhoucoop @roger-ryao
• [BUG] setting values are not converted to strings in Longhorn UI 12192 - @chriscchien @houhoucoop
• [BUG] disk health information appears briefly 12415 - @c3y1huang @roger-ryao
• [BUG] encrypted v2 volume gets stuck in Attaching/Detaching loop after volume expansion 12359 - @yangchiu @davidcheng0922
• [BUG] Unexpected orphaned replica is created after node reboot, preventing new replica from being scheduled on that node, and blocking v2 volume from recovering to healthy state 11333 - @yangchiu @c3y1huang
• [BUG] RWX volume becomes unavailable after drain node 12226 - @yangchiu @mantissahz
• [BUG] invalid memory address or nil pointer dereference 11939 - @bachmanity1 @roger-ryao
• [BUG] share-manager excessive memory usage 11938 - @derekbit @chriscchien
• [BUG] Encrypted Volume Cannot Be Expanded Online 12366 - @yangchiu @chriscchien
• [BUG] Backing image download gets stuck after network disconnection 11622 - @COLDTURNIP @chriscchien
• [BUG] Can not delete the parent of volume head snapshot of a v2 volume 9064 - @yulken @chriscchien
• [BUG] changing of the volume controller owner caused: BUG: multiple engines detected when volume is detached 1755 - @PhanLe1010 @chriscchien
• [BUG] mounting error is not properly handled during CSI node publish volume 12006 - @COLDTURNIP @yangchiu
• [BUG] test_rebuild_after_replica_file_crash failed on master-head 12389 - @derekbit @chriscchien
• [BUG] test_backing_image_auto_resync is flaky due to recent commit 12387 - @derekbit @chriscchien
• [BUG] Flooding messages Failed to resolve sysfs path for \"/sys/class/block/root\ ... in longhorn-manager 12344 - @c3y1huang @roger-ryao
• [BUG] v2 volumes could fail to auto salvage after cluster restart 11336 - @yangchiu @c3y1huang
• [BUG] The auo generated backing image pod name is complained by kubelet 12356 - @COLDTURNIP @yangchiu
• [BUG] test_restore_inc_with_offline_expansion fails on v2 data engine 12313 - @davidcheng0922 @chriscchien
• [BUG] Block disks have a chance become Unschedulable in v2 regression test in test_rebuild_with_restoration 11446 - @shuo-wu @chriscchien
• [BUG] v2 volume workload FailedMount with message Staging target path /var/lib/kubelet/plugins/kubernetes.io/csi/driver.longhorn.io/xxx/globalmount is no longer valid 10476 - @yangchiu @shuo-wu
• [BUG] [v1.10.0-rc1] v2 DR volume stuck Unhealthy after incremental restore with replica deletion(test_rebuild_with_inc_restoration) 11684 - @c3y1huang @chriscchien
• [BUG] test_data_locality_strict_local_node_affinity fails at master-head 12343 - @derekbit @chriscchien
• [BUG] tests.test_cloning.test_cloning_basic fails at msater-head 12341 - @derekbit @chriscchien @Copilot
• [BUG] v2 volume could get stuck in Detaching indefinitely after node reboot 11332 - @yangchiu @c3y1huang
• [Bug] A cloned volume cannot be attached to a workload 12206 - @yangchiu @PhanLe1010
• [BUG] Block Mode Volume Migration Stuck 12311 - @COLDTURNIP @yangchiu @shuo-wu
• [BUG] Replica auto balance disk pressure threshold stalled with stopped volumes 10837 - @c3y1huang @chriscchien
• [BUG] short name mode is enforcing, but image name longhornio/longhorn-manager:v1.10. │ │ 0 returns ambiguous list 12268 - @yangchiu @Wqrld
• [BUG] invalid memory address or nil pointer dereference (again) 12233 - @chriscchien @bachmanity1
• [BUG] Restored v2 volume gets stuck in RestoreInProgress state if backup is deleted during restoration 11828 - @yangchiu @c3y1huang
• [BUG] spdk_tgt is crashed due to SIGSEGV 11698 - @c3y1huang
• [BUG] Longhorn ignores Replica Node Level Soft Anti-Affinity when auto balance is set to best-effort 11189 - @c3y1huang @chriscchien
• [BUG] SPDK NVMe synchronous calls 11096 -
• [BUG] Replicas accumulate during engine upgrade 12111 - @c3y1huang @chriscchien
• [BUG] Some default settings in questions.yaml are placed incorrectly. 12219 - @derekbit @roger-ryao
• [BUG] Chart does not handle defaultSettings.taintToleration with a trailing colon 12162 - @derekbit @chriscchien
• [BUG] Fix SPDK v25.05 CVE issue 11969 - @derekbit @roger-ryao
• [BUG] Potential BackingImageManagerClient Connection and Context Leak 12194 - @derekbit @chriscchien
• [BUG] Instance manager pod awsIAMRoleArn annotation disappearing 9923 - @yangchiu @mantissahz
• [BUG] Node block-type disk is unable to unbind after Longhorn uninstall 9127 - @yangchiu @davidcheng0922
• [BUG] longhorn-manager fails to start after upgrading from 1.9.2 to 1.10.0 11864 - @derekbit @roger-ryao
• [BUG][UI] When creating volume/backing image, change Data Engine will reset Number of Replicas 11775 - @yangchiu @houhoucoop
• [BUG] Backup target metric is broken 12073 - @mantissahz @roger-ryao
• [BUG] panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 at longhorn-engine/pkg/controller/control.go:218 +0x2de 12081 - @liyimeng @roger-ryao
• [BUG] Unable to complete uninstallation due to the remaining backuptarget 11934 - @mantissahz @roger-ryao
• [BUG] NVME disk not found in v2 data engine (failed to find device for BDF) 11903 - @derekbit @roger-ryao
• [BUG] NPE error during recurring job execution 11925 - @yangchiu @shuo-wu
• [BUG] v2 volume creation failed on talos nodes 11910 - @c3y1huang @chriscchien
• [BUG] DR volume gets stuck in unknown state if engine image is deleted from the attached node 11995 - @yangchiu @shuo-wu
• [BUG] Volume gets stuck in attaching state if engine image image is not deployed on one of nodes 11994 - @yangchiu @shuo-wu
• [BUG] Rebooting the volume attached node during a v2 DR volume incremental restoration, the restoration is left incomplete and the activation has no effect 11778 - @yangchiu @c3y1huang
• [BUG] Unable to detach a v2 volume after labeling disable-v2-data-engine=true 11799 - @yangchiu @mantissahz
• [BUG] test_system_backup_and_restore test case failed on master-head 11933 - @derekbit @chriscchien
• [BUG] Shebang refactor in scripts may cause compatibility issues 11815 - @NamrathShetty @chriscchien
• [BUG] longhorn-spdk-engine CIs complain that the unit tests successfully hash system created snapshots 11822 - @yangchiu @shuo-wu
• [BUG] Unable to re-add block-type disks by BDF after re-enable v2 data engine 11860 - @yangchiu @davidcheng0922
• [BUG] V2 volume stuck in volume attachment (V2 interrupt mode) 11816 - @c3y1huang
• [BUG] Goroutine leak in instance-manager when using v2 data engine 11959 - @PhanLe1010 @chriscchien
• [BUG] csi-provisioner silently fails to create CSIStorageCapacity if dataEngine parameter is missing 11906 - @yangchiu @bachmanity1
• [BUG][v1.8.x] v2 volume stuck at attaching due to stopped replica 10486 - @chriscchien
• [BUG] longhorn-engine's UI panics 11867 - @derekbit @chriscchien @Copilot
• [BUG] v2 volume workload gets stuck in ContainerCreating or Unknown state with FailedMount error 10111 - @yangchiu @shuo-wu
• [BUG] Volume is unable to upgrade if the number of active replicas is larger than volume.spec.numberOfReplicas 11825 - @yangchiu @derekbit
• [BUG] UI fails to deploy when only IPv4 is enabled on nodes with v1.10.0 version 11869 - @yangchiu @c3y1huang
• [BUG] v2 DR volume fails to auto-reattach when engine image missing on current node 11772 - @chriscchien
• [BUG] inconsistent behavior of v2 volume after labeling disable-v2-data-engine to the volume attached node and deleting the instance manager 11578 - @yangchiu

Misc

• [DOC] Fix Talos install documentation for current versions 12514 -
• [DOC] Add KB article for the failure of RWX volume detachment 12238 - @sushant-suse
• [TASK] Fix flaky regression test case test_recurring_job.py::test_recurring_job_snapshot_cleanup for v2 data engine 12464 - @derekbit @chriscchien
• [DOC] Review and Update Ingress Controller Examples for Longhorn UI 12252 - @yangchiu @sushant-suse
• [DOC] Incorrect longhornctl subcommand 12423 - @chriscchien @roger-ryao
• [TASK] Update nvme and libnvme to v2.16 and v1.16.1 12391 - @derekbit @chriscchien
• [DOC] Disk Aggregation Options 12378 - @davidcheng0922 @roger-ryao
• [TASK] Deprecate V2 Backing Image Feature 12237 - @derekbit @chriscchien
• feat(chart): Add Gateway API HTTPRoute support for Longhorn UI 12299 - @lexfrei @derekbit @chriscchien @Copilot
• [DOC] V2 data engine: delete snapshot after volume-head behaves inconsistently vs v1 12355 - @chriscchien @sushant-suse
• [TASK] Revert Base Image bci-base:16.0 to bci-base:15.7 12354 - @derekbit @chriscchien
• [DOC] Clarify share-manager image update behavior after system upgrade with attached RWX volumes 12363 - @derekbit @chriscchien
• [DOC] Clarify expected behavior of old instance manager pods after live engine upgrade 12361 - @derekbit @chriscchien
• [TASK] Update Longhorn v1.11.0 SPDK to v25.09 11975 - @derekbit @chriscchien
• [TASK] Bump Longhorn Component registry.suse.com/bci/bci-base to 16.0 12145 - @derekbit @chriscchien
• [DOC] Add KB Article: Handling Persistent Replica Failures via Disk Isolation 12242 - @derekbit @roger-ryao
• [DOC] Document how to permanently enable hugepages 12167 - @roger-ryao @sushant-suse
• [DOC] Update existing terminologies and add new terminologies 12302 - @sushant-suse
• [DOC] Add a KB for restoring data from an orphan replica directory 9972 - @yangchiu @sushant-suse
• [DOC] [UI][IMPROVEMENT] Should Not Hide the Deleted Snapshots on UI #11620 12214 - @chriscchien @sushant-suse
• [DOC] Add Enterprise Page in Longhorn Official Document 12110 - @sushant-suse
• [DOC] Update Talos Linux Support with Longhorn 12108 - @roger-ryao @egrosdou01
• [DOC] [FEATURE] Add support for ReadWriteOncePod access mode 12228 - @chriscchien
• [DOC] Workaround KB doc for backing image manager disk UUID collision issue 12114 - @COLDTURNIP @roger-ryao
• [TASK] Remove testing credentials from backup target manifest examples 11076 - @davidcheng0922 @roger-ryao
• [DOC] Document the Migratable RWX Volume in the Official Document 11277 - @derekbit @chriscchien @sushant-suse
• [DOC][UI][IMPROVEMENT] Show Error Message for Unschedulable Disks #11449 12151 - @yangchiu @sushant-suse
• [TASK] Create a GitHub Action to Update Versions in longhorn/dev-versions 12062 - @derekbit
• [DOC] Update NFSv4 client installation docs to verify actual NFS version in use 11944 - @derekbit @chriscchien
• [REFACTOR] SAST checks for UI component 11540 - @sminux @chriscchien
• [DOC] Update Longhorn README file 10891 - @divya-mohan0209
• [BUG] Block disk deletion fails without error message 11952 - @davidcheng0922 @roger-ryao
• [REFACTOR] Remove redundant assignment 11705 - @jvanz
• [TASK] Remove deprecated instances field and instance type from instance manager CR 5844 - @derekbit @chriscchien
• [DOC] Update deployment links according to the document version 11847 - @yulken

New Contributors

• @ADN182
• @AoRuiAC
• @Henllage-hqb
• @Mmx233
• @NamrathShetty
• @Wqrld
• @adegoodyer
• @ah8ad3
• @boomam
• @brandboat
• @bvankampen
• @danielskowronski
• @davepgreene
• @egrosdou01
• @ehpc
• @enterdv
• @fatihmete
• @hrabalvojta
• @inqode-lars
• @jmeza-xyz
• @jvanz
• @kocmoc1
• @koeberlue
• @lexfrei
• @lucasl0st
• @madeITBelgium
• @marnixbouhuis
• @mattn
• @maximemoreillon
• @mo124121
• @nachtschatt3n
• @rajeshkio
• @rauldsl
• @saimikiry
• @sdre15
• @semenas
• @shikanime
• @sminux
• @zijiren233

Contributors

Thank you to the following contributors who made this release possible.

Note: Starting from v1.11.0, as long as a GitHub issue is resolved in the current release, the corresponding authors will be listed in this contributor list as well. If there is still a missing, please contact Longhorn team for the update.

• @ADN182
• @AoRuiAC
• @COLDTURNIP
• @DamiaSan
• @Henllage-hqb
• @Mmx233
• @NRCan-LGariepy
• @NamrathShetty
• @PhanLe1010
• @Vicente-Cheng
• @WebberHuang1118
• @Wqrld
• @adegoodyer
• @ah8ad3
• @bachmanity1
• @boomam
• @brandboat
• @bvankampen
• @c3y1huang
• @chriscchien
• @danielskowronski
• @davepgreene
• @davidcheng0922
• @derekbit
• @dhedberg
• @divya-mohan0209
• @egrosdou01
• @ehpc
• @enterdv
• @fatihmete
• @fmunteanu
• @forbesguthrie
• @hoo29
• @hookak
• @houhoucoop
• @hrabalvojta
• @innobead
• @inqode-lars
• @james-munson
• @jmeza-xyz
• @jvanz
• @kocmoc1
• @koeberlue
• @lexfrei
• @liyimeng
• @lucasl0st
• @madeITBelgium
• @mantissahz
• @marnixbouhuis
• @mattn
• @maximemoreillon
• @mcerveny
• @mo124121
• @nachtschatt3n
• @nzhan126
• @rajeshkio
• @rauldsl
• @rebeccazzzz
• @roger-ryao
• @runningman84
• @saimikiry
• @sdre15
• @semenas
• @shikanime
• @shuo-wu
• @sminux
• @sushant-suse
• @w13915984028
• @yangchiu
• @yasker
• @yulken
• @zijiren233

What's New

🔤 General

• chore(deps): bump lodash from 4.17.21 to 4.17.23 in /install/docker-extension/ui @dependabot[bot] (#17083)
• rename provider @aabidsofi19 (#14922)
• [Docker Extension] Reconcile UI package compatibility @leecalcote (#17050)

⌨️ Meshery CLI

• [mesheryctl]: Improved error output readability for mesheryctl connection delete command @DharunMR (#17152)
• feat(mesheryctl): add connection list by kind and/or status support @lekaf974 (#17147)
• [mesheryctl] refactor: consolidate --output-format handling in perf command @shri771 (#17105)
• mesheryctl: E2E tests for connection sub command @DharunMR (#17144)
• [Docs] Update outdated Go version requirements in documentation @thc1006 (#17136)
• [mesehryctl] refactor: consolidate --output-format handling in all commands @lekaf974 (#17086)
• Fixed E2E test failures (provider name, assertions, error messages) @PragalvaXFREZ (#17052)
• fix(mesheryctl): typo in command @DharunMR (#17074)
• environment subcommand schema driven @Aryakoste (#16988)
• refactor: update mesheryctl to use connection schema and improve error handling @lekaf974 (#16919)
• [mesheryctl] fix: e2e test meshery server not reachable @lekaf974 (#17008)
• [mesheryctl] Migrate to MeshKit errors and common test helpers in filter cmd @shri771 (#16921)

🖥 Meshery UI

• UI: Fix for blank screen on local provider @yi-nuo426 (#17199)
• Update font styles in LoadingComponentServer @leecalcote (#17164)
• chore(deps): bump lodash from 4.17.21 to 4.17.23 in /ui @dependabot[bot] (#17082)
• chore(deps): bump lodash-es from 4.17.22 to 4.17.23 in /ui @dependabot[bot] (#17084)
• chore(deps): bump lodash from 4.17.21 to 4.17.23 in /provider-ui @dependabot[bot] (#17081)
• [UI] Chore: Remove one unused package. Complete initial js to ts migration @leecalcote (#17046)
• Lint only staged files in the pre-commit hook @CodexRaunak (#17062)
• Chore: remove unused UI package @leecalcote (#17056)
• chore(ui): remove debug console logs @Pragyanshu08 (#17058)
• [UI] Chore: level-set package-lock.json @leecalcote (#17060)
• UI: revert changes to _document and _app @leecalcote (#17059)
• [mesheryctl] Migrate to MeshKit errors and common test helpers in filter cmd @shri771 (#16921)
• [ui] adding path aliases to jsconfig.json @leecalcote (#17051)
• Resolve UI eslint unused-var failures across filters and registry components @copilot-swe-agent[bot] (#17047)
• [UI] Refactor extensions E2E tests to use Page Object Model @0xF4ker (#16916)
• [UI] Fix: ensure initial loading script is synchronous @leecalcote (#17045)

🧰 Maintenance

• mesheryctl: E2E tests for connection sub command @DharunMR (#17144)
• feat: sync mesheryctl E2E results to QA dashboard on push @PragalvaXFREZ (#16920)
• feat: add generic badge award automation @jeetburman (#17077)
• Fixed E2E test failures (provider name, assertions, error messages) @PragalvaXFREZ (#17052)
• chore(deps): bump lodash from 4.17.21 to 4.17.23 in /ui @dependabot[bot] (#17082)
• chore(deps): bump lodash-es from 4.17.22 to 4.17.23 in /ui @dependabot[bot] (#17084)
• chore(deps): bump lodash from 4.17.21 to 4.17.23 in /provider-ui @dependabot[bot] (#17081)
• [mesheryctl] fix: e2e test meshery server not reachable @lekaf974 (#17008)
• [mesheryctl] Migrate to MeshKit errors and common test helpers in filter cmd @shri771 (#16921)
• [UI] Refactor extensions E2E tests to use Page Object Model @0xF4ker (#16916)

📖 Documentation

• feat(mesheryctl): add connection list by kind and/or status support @lekaf974 (#17147)
• [Docs] Update outdated Go version requirements in documentation @thc1006 (#17136)
• docs: fix SQLite typo in architecture page @va4unsingh (#17151)
• Add Attendance file for Newcomers Meeting @hardworker635 (#17134)
• Add Attendance file for Newcomers Meeting @hardworker635 (#17133)
• Add Attendance file for Newcomers Meeting @hardworker635 (#17132)
• Add attendance file for Harsh Kumar @devlopharsh (#17126)
• Update Keerthana Salla @FriedIce-623 (#17124)
• Add introduction for Varun Singh to meetings document @va4unsingh (#17123)
• Add attendance for Ragul Balajii (week of 01-22-2026) @Sbragul26 (#17122)
• Create Keerthana Salla @FriedIce-623 (#17121)
• Create Ishu_Mishra.md @ishumi007 (#17120)
• Rishabh Yadav First PR for Attendance @Ryshab (#17119)
• Add attendance note for Krishnav Bajoria @krishnavbajoria02 (#17118)
• Add introduction for Syed Khizer @Syed-Khizerr (#17116)
• marking attendance @Shubham-Kumar1 (#17115)
• yatharth's intro @yats0x7 (#17114)
• Add Hemanth's introduction to meeting notes @Canbow (#17113)
• Add third attendance record @Joiejoie1 (#17112)
• Add introduction for Abhijeet Das @AbhijeetDev102 (#17111)
• Add attendance note for Saurabh Kumar @saurabhiiitm062 (#17110)
• Create DhruvAgrawal.md @dhruvagrawal2028 (#17109)
• Add Anusha Pannati's introduction to meeting notes @Anusha-pannati (#17108)
• Create Raunak-attendance.md @CodexRaunak (#17107)
• Add Kavitha Karunakaran's bio to meetings documentation @matrixkavi (#17106)
• Add attendance week 01-22-2026 @YASHMAHAKAL (#17092)
• [mesheryctl] Migrate to MeshKit errors and common test helpers in filter cmd @shri771 (#16921)

👨🏽‍💻 Contributors

Thank you to our contributors for making this release possible:
@0xF4ker, @AbhijeetDev102, @Anusha-pannati, @Aryakoste, @Canbow, @CodexRaunak, @Copilot, @DharunMR, @FriedIce-623, @Joiejoie1, @PragalvaXFREZ, @Pragyanshu08, @Ryshab, @Sbragul26, @Shubham-Kumar1, @Syed-Khizerr, @YASHMAHAKAL, @aabidsofi19, @alexquincy, @dependabot[bot], @devlopharsh, @dhruvagrawal2028, @fitzergerald, @hardworker635, @hortison, @ianrwhitney, @ishumi007, @jeetburman, @krishnavbajoria02, @l5io, @leecalcote, @lekaf974, @marblom007, @matrixkavi, @miacycle, @saurabhiiitm062, @shri771, @simihablo, @thc1006, @va4unsingh, @yats0x7, @yi-nuo426, copilot-swe-agent[bot] and dependabot[bot]

Add revert button to client credentials form

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

What's Changed

• update stable to 1.6.6 by @Aryan-sharma11 in #2345
• Update Helm Chart To v1.6.6 by @github-actions[bot] in #2346
• chore(build): upgrade CodeQL GitHub Action from v3 to v4 by @1107-adishjain in #2349
• fix(tests): increase log and alert timeout in CI tests by @AryanBakliwal in #2354
• fix(monitor): only rhel9 require special compilation handling by @rksharma95 in #2357
• refactor(core): fix LSP warnings with idiomatic code by @pranjalkole in #2179
• fix(monitor): garbage protocol issue with tcp_connect by @rksharma95 in #2359
• docs(vagrant): update README with BPF-LSM and CentOS 9 details by @1107-adishjain in #2366
• Add flag to drop Resource field from process visibility logs by @Aryan-sharma11 in #2355
• Fix config watcher untracked ns by @keshav78-78 in #2318
• Process args matching by @Aryan-sharma11 in #2270
• feat: disable enforcer by @Aryan-sharma11 in #2381
• chore: Update copyright headers to 2026 by @As1agi in #2365
• set lsm=none from operator args by @Aryan-sharma11 in #2393
• fix(config,enforcer): empty selinux profile dir default config by @rksharma95 in #2400

New Contributors

• @pranjalkole made their first contribution in #2179
• @keshav78-78 made their first contribution in #2318
• @As1agi made their first contribution in #2365

Full Changelog: v1.6.6...v1.6.7

What's Changed

Added

• Add configuration option to limit max type system cache size. 2744
• Add OTEL_* env var support to existing otel env vars. #2825
• Add configurable server-side validation for ReadChanges page size. The default max page size remains 100 to maintain backward compatibility, and can be configured via --readChanges-max-page-size CLI flag or OPENFGA_READ_CHANGES_MAX_PAGE_SIZE environment variable. #2887

Changed

• Datastore throttling separated from dispatch throttling in BatchCheck, ListUsers metadata. Also, throttling_type label added to throttledRequestCounter metric to differentiate between dispatch/datastore throttling. #2839

Removed

• Removed custom grpc_prometheus fork, replace with go-grpc-middleware's provider. Removes the custom grpc_code label on this metric. #2855

Fixed

• ListUsers will now properly get datastore throttled if enabled. #2846
• Cache controller now uses the logger provided to the server instead of always using a no-op logger. #2847
• Typesystem invalidate model with empty intersection and union. #2865
• Ordered iterator to iterate tuples correctly. #2898

New Contributors

• @vanhtuan0409 made their first contribution in #2744
• @fayezosaadi made their first contribution in #2825
• @Copilot made their first contribution in #2675

Full Changelog: v1.11.2...v1.11.3

Merge pull request #874 from TrekkieCoder/main

gh-868 Generate packages runnable with systemd

🚨 Breaking or Notable Changes

Metrics and Tracing

In v1.19 we've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

Secure Pod Defaults (#16042, @nader-ziada)

We've introduce secure-pod-defaults in an earlier release but this release includes a new setting AllowRootBounded that offers a better security posture for your workloads but balances the compatibility with images that require/expect you to run as root.

For v1.20 release the secure-pod-defaults default will remain disabled but in a future release (most likely v1.21) we will switch this default to AllowRootBounded.

If you're unsure whether your workloads will support this new setting you should explicitly set this option to disabled prior to upgrading to v1.21.

What's Changed

• [release-1.20] fix sub-second precision metric reporting by @knative-prow-robot in #16359

Full Changelog: knative-v1.20.1...knative-v1.20.2

v1.19.9

🚨 Breaking or Notable Changes

We've dropped support for OpenCensus (which has been deprecated for a while) in favour of OpenTelemetry. This is a breaking change and details are documented here in the design document. and the website (https://knative.dev/docs/serving/observability/metrics/collecting-metrics/)

What's Changed

• [release-1.19] fix sub-second precision metric reporting by @knative-prow-robot in #16360

Full Changelog: knative-v1.19.8...knative-v1.19.9

v1.19.9

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
tgz-static-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.43.0

Released on 2026-01-28

Breaking Changes ⚠️

• fix(userspace)!: show source config path only in debug builds [#3787] - @leogr

Minor Changes

• chore: [NOTICE] The GPG key used to sign DEB/RPM packages has been rotated, and all existing packages have been re-signed. New key fingerprint: 478B2FBBC75F4237B731DA4365106822B35B1B1F [#3753] - @leogr
• chore(userspace): deprecate --gvisor-generate-config CLI option [#3784] - @ekoops
• docs: add deprecation notice for legacy eBPF in pkg install dialog [#3786] - @ekoops
• chore(scripts/falcoctl): increase follow interval to 1 week [#3757] - @leogr
• docs: add deprecation notice for legacy eBPF, gVisor and gRPC usage [#3763] - @ekoops
• chore(userspace): deprecate legacy eBPF probe, gVisor engine and gRPC [#3763] - @ekoops
• chore(engine): emit warning when the deprecated evt.latency field family is used in a rule condition or output [#3744] - @irozzo-1A

Bug Fixes

• fix: prevent null pointer crash on popen() failure in output_program [#3722] - @vietcgi
• fix: correct falcoctl.yaml path in debian conffiles [#3745] - @leogr

Non user-facing changes

• revert: chore(.github): temporary action for GPG key rotation [#3766] - @leogr
• chore(cmake): bump falcoctl dependency version to 0.12.2 [#3790] - @ekoops
• chore(cmake): bump falcoctl dependency version to 0.12.1 [#3777] - @ekoops
• chore(cmake): bump container plugin version to 0.6.1 [#3780] - @ekoops
• fix(userspace/engine): missing closing quote in deprecated field warning [#3779] - @leogr
• chore(.github): Put back gpg key rotation workflow [#3772] - @irozzo-1A
• chore(cmake): bump libs/drivers to 0.23.1/9.1.0+driver [#3769] - @ekoops
• chore(cmake): bump container plugin version to 0.6.0 [#3768] - @irozzo-1A
• docs(proposals): add proposal for legacy probe, gVisor engine and gRPC output deprecation [#3755] - @ekoops
• chore(cmake): bump libs/drivers to 0.23.0/9.1.0+driver [#3760] - @ekoops
• update(cmake): update libs and driver to latest master [#3754] - @github-actions[bot]
• fix(metrics): Add null check for state.outputs in metrics collection [#3740] - @adduali1310
• chore(cmake): bump libs to 0.23.0-rc2 [#3759] - @ekoops
• chore(cmake): bump libs/drivers to 0.23.0-rc1/9.1.0-rc1+driver [#3758] - @ekoops
• fix(ci): revert changes to mitigate rate-limitar change [#3752] - @irozzo-1A
• update(cmake): update libs and driver to latest master [#3723] - @github-actions[bot]
• Reduce image size [#3746] - @jfcoz
• docs(RELEASE.md): specify target branch association upon release creation [#3717] - @ekoops
• docs(RELEASE.md): fix rn2md cmd generating changelogs [#3709] - @ekoops
• docs(RELEASE.md): fix PRs filtering expr for checking release notes [#3708] - @ekoops
• docs(RELEASE.md): fix PRs filtering expression text [#3707] - @ekoops

Statistics

Release Manager @ekoops

reduce the memtable size to 4MiB default

SlimFaasMcp build native AOT for 4 platforms :

• linux-x64
• windows-x64
• macOS (x64)
• macOS (arm64)

Armada v0.20.28

For more info, head over to the docs page at https://armadaproject.io

Armada CLI

armadactl controls the Armada batch job queueing system and is used for interacting with the system.

The CLI can be downloaded for a specific OS & Architecture from the Assets section below.

NOTE: The OSX binary is packaged as an universal binary and should work on both Intel and Apple Silicon based Macs.

Docker images

Armada Bundle

• docker pull gresearch/armada:0.20.28
• docker pull gresearch/armada:latest

Armada Lookout Bundle

• docker pull gresearch/armada-lookout-bundle:0.20.28
• docker pull gresearch/armada-lookout-bundle:latest

Armada Full Bundle

• docker pull gresearch/armada-full-bundle:0.20.28
• docker pull gresearch/armada-full-bundle:latest

Armada Server

• docker pull gresearch/armada-server:0.20.28
• docker pull gresearch/armada-server:latest

Armada Executor

• docker pull gresearch/armada-executor:0.20.28
• docker pull gresearch/armada-executor:latest

Armada Lookout

• docker pull gresearch/armada-lookout:0.20.28
• docker pull gresearch/armada-lookout:latest

Armada Lookout Ingester

• docker pull gresearch/armada-lookout-ingester:0.20.28
• docker pull gresearch/armada-lookout-ingester:latest

Armada Event Ingester

• docker pull gresearch/armada-event-ingester:0.20.28
• docker pull gresearch/armada-event-ingester:latest

Armada Scheduler

• docker pull gresearch/armada-scheduler:0.20.28
• docker pull gresearch/armada-scheduler:latest

Armada Scheduler Ingester

• docker pull gresearch/armada-scheduler-ingester:0.20.28
• docker pull gresearch/armada-scheduler-ingester:latest

Armada Binoculars

• docker pull gresearch/armada-binoculars:0.20.28
• docker pull gresearch/armada-binoculars:latest

armadactl

• docker pull gresearch/armadactl:0.20.28
• docker pull gresearch/armadactl:latest

Changelog

Features

• a0fbbcf: feat: enforce consistent priority class for gang jobs at scheduler level (#4625) (@dejanzele)

Other work

• d794d17: Detect jobs on deleted nodes during run reconciliation (#4622) (@mauriceyap)

Full Changelog: v0.20.27...v0.20.28

v0.60.8

Enhancements

Deployment

• #16491 Start releasing packages for macOS 15 (Sequoia)

Observability

• #16135 Added two new metrics and corresponding rates for the GET /monitor_current HTTP API: rules_matched and actions_executed. They track the number of rules that matched and act
  ion execution rate (i.e., success + failure), respectively.

• #16324 Added support for end-to-end tracing of messages published via HTTP API.

Security

• #16625 Added configuration options idp_signs_envelopes and idp_signs_assertions to SAML SSO backend to control signature verification behavior.
  Previously, SAML signature verification was not working correctly because the IdP certificate fingerprint was not being extracted from metadata and passed to esaml for verification.

  Both options default to false for backwards compatibility with existing configurations. Users who want to enable signature verification should explicitly set these to true when their IdP is configured to sign SAML responses.

• #16456 Added support for TLS 1.3 session ticket resumption.

  EMQX now supports TLS 1.3 session resumption using stateless session tickets, allowing clients to resume TLS sessions without server-side session state storage.

  Node-level configuration: node.tls_stateless_tickets_seed is the secret key seed for generating TLS 1.3 stateless session tickets. Listener-level configuration: listeners.ssl.<name>.ssl_options.session_tickets enables TLS 1.3 session resumption using stateless session tickets.
  Possible values are disabled (default), stateless, and stateless_with_cert (includes certificate information).

  Session tickets are only generated when node.tls_stateless_tickets_seed is configured (non-empty) and session_tickets is enabled in listener SSL options.
  If session_tickets is enabled but node.tls_stateless_tickets_seed is empty, session tickets will not be generated and an error log will be emitted when starting the listener.

Gateway

• #16220 Added the jt808.frame.parse_unknown_message option, enabling the JT808 gateway to transparently forward unknown messages.

• #16596 Added support for JT/T 808 protocol 2019.

• #16627 Add GBK character encoding support for JT/T 808 gateway.

  The JT/T 808 protocol specifies GBK encoding for STRING type fields. A new frame.string_encoding configuration option is added:

  • utf8 (default): Pass through strings as-is (backward-compatible)
  • gbk: Convert GBK-encoded strings from devices to UTF-8 for MQTT, and UTF-8 from MQTT to GBK for devices

  This affects string fields including license plates, driver names, text messages, area names, and client parameters.
  MQTT payloads always use UTF-8 encoding regardless of this setting.

Data Integration

• #16511 Added support for the IoTDB Table Model in the data integration.

Bug Fixes [39/760]

Core MQTT Functionalities

• #16349 Fixed a crash in MQTT v5 connections caused by a type mismatch when processing the request-response-information property.

• #16514 Fixed a bug that caused WebSocket connections to crash when receiving broker messages larger than the client's advertised Maximum-Packet-Size.

Rule Engine

• #16489 Fixed an issue where the following rule functions always returned undefined:
  msgid/0, qos/0, topic/0, topic/1, flags/0, flag/1,
  clientid/0, username/0, peerhost/0, payload/0, payload/1.

  Note: This is a backward compatibility fix for EMQX v4. These functions are not documented in EMQX v5 and later. The encouraged usage is to directly reference fields from the rule evaluation context. For example, SELECT clientid ... instead of SELECT clientid().

Data Integration

• #16263 Previously, the Kafka consumer connector performed health checks by verifying partition leader connectivity for all partitions.
  In a clustered deployment, each EMQX node is assigned only a subset of partitions, causing leader connections for unassigned partitions to remain idle.
  Since Kafka closes idle connections after a timeout (10 minutes by default), this behavior could trigger false connectivity alarms.

  The health check now verifies leader connectivity only for the partitions assigned to the current EMQX node, preventing unnecessary idle connections and false alarms.

• #16336 Fixed a race condition which may cause timeout when testing connectivity or stopping a connector from the dashboard.

• #16383 Previously, when using IoTDB Connector with its REST API driver, credentials would not be checked during health checks. Now, we send a no-op query during IoTDB connector health c
  heck. This enables early detection of misconfigured client credentials.

• #16415 Upgraded Apache Pulsar client to 2.1.2.

  When Pulsar producer action's batch_size is configured to 1, the producer will now encode single messages instead of single-element batches.
  This enables consumers to share load using Key Share strategy.

• #16507 Previously, when an MQTT Source's Connector recovered after losing its connection, topics would not be re-subscribed and the Source would stop working until the Connector itself w
  as restarted. Now, the Source will re-subscribe upon reconnect.

• #16585 Fixed an issue with GreptimeDB TLS connection failures.

• #16618 The Kafka request timeout is now automatically set to at least twice the metadata request timeout (with a minimum of 30 seconds),
  reducing unnecessary reconnections and retries when metadata requests take longer than expected.
  This is especially beneficial when metadata request timeout is configured to a small value.

• #16622 Fixed an issue where, if an Action used async query mode and its Connector was disconnect after more than one health check, its Fallback Actions could be triggered twice.

Clustering

• #16269 Fixed an issue in the Cluster Link route replication protocol recovery sequence where re-bootstrapping was incorrectly skipped even though the remote side needed it.

• #16317 Fixed an issue in Cluster Link garbage-collection logic that could accidentally remove live routes from the internal routing table in the process of cleaning up stale route replic
  ation state. This problem occurred only when multiple independent Cluster Links were set up, and some of these links went down for relatively long periods of time.

• #16452 Upgraded gen_rpc to 3.5.1.

  Prior to the gen_rpc upgrade, EMQX may experience a long tail of crash logs due to connection timeout if a peer node is unreachable.
  The new version of gen_rpc no longer has the long tail and converts crash logs to more readable error logs,
  and the frequent log "failed_to_connect_server" is also throttled to avoid log spamming.

• #16543 Improved robustness of cluster autoclean procedure.

  Previously, if autoclean feature was disabled during initial start of the node, it would never activate after configuration change.
  This fix resolves this issue.

Access Control

• #16304 Fixed an issue where Multi-Factor Authentication (MFA) could not be enabled after upgrading EMQX from versions earlier than 5.3.0 due to incompatible login-user database records.

• #16541 Fixed an issue where OIDC issuer URLs were automatically normalized with a trailing slash when saved to the configuration file, causing issuer mismatch errors when the OIDC provid
  er's discovery document returned the issuer without a trailing slash.

Observability

• #16418 Reduced the volume of logs generated when a resource exception occurs (resource_exception). These logs are now throttled, and some potentially large terms are redacted from the
  m.

• #16535 Fixed formatter crash when logging gen_rpc errors.

  Prior to this fix, EMQX would crash with "FORMATTER CRASH" errors when gen_rpc logged certain error messages (e.g., transmission timeout errors). The formatter now handles these error messages correctly without crashing.

Gateway

• #16609 Fixed JT/T 808 gateway parameter setting (0x8103) and query response (0x0104) message handling for CAN bus ID parameters (0x0110~0x01FF), which should use BYTE[8] data type with b
  ase64 encoding in JSON instead of string type.

• #16606 Fixed CoAP Gateway working in connection mode over DTLS.

Breaking Changes

Deployment

• #16491 Stop releasing packages for macOS 13 (Ventura)