Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.10.24

Changelog

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

CVEs

• Vulnerability check warnings for CVE-2024-45337 are addressed by the dependency update to x/crypto, although the NATS Server does not use the affected functionality and is therefore not vulnerable

Go Version

• 1.23.4

Dependencies

• golang.org/x/crypto v0.31.0 (#6246)
• github.com/nats-io/jwt/v2 v2.7.3 (#6256)
• github.com/nats-io/nkeys v0.4.9 (#6255)

Fixed

General

• Request/reply tracking with allow_responses permission is now pruned more regularly, fixing performance issues that can get worse over time (#6064)

JetStream

• Revert a change introduced in 2.10.23 that could potentially cause a consumer info call to fail if it takes place immediately after the consumer was created in some large or heavily-loaded clustered setups (#6250)
• Minor fixes to subject state tracking (#6244)
• Minor fixes to healthz and healthchecks (#6247, #6248, #6232)
• A calculation used to determine if exceeding limits has been corrected (#6264)
• Raft groups will no longer spin when truncating the log fails, i.e. during shutdown (#6271)

WebSockets

• A WebSocket close frame will no longer incorrectly include a status code when not needed (#6260)

Complete Changes

nats-io/nats-server@v2.10.23...v2.10.24

Release v2.10.24-RC.3

Changelog

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

Go Version

• 1.23.4

Fixed

JetStream

• A calculation used to determine if exceeding limits has been corrected (#6264)

WebSockets

• A WebSocket close frame will no longer incorrectly include a status code when not needed (#6260)

... (truncated)

• 1d6f7ea Release v2.10.24
• e031e65 Cherry-picks for 2.10.24 (#6273)
• 166596a NRG: Only continue if aligned with pindex/pterm
• bbe3e9b De-flake TestJetStreamClusterConsumerAckSyncReporting
• bf90cfb Bump to 2.10.24-RC.3
• 4e7b79b Cherry-picks for 2.10.24-RC.3 (#6268)
• 34bb983 De-flake TestNRGSimple
• 90ca361 De-flake RAFT adder tests
• ec1a7b4 [FIXED] JetStream would exceed limits calculation
• dc96b75 Adds a number of helper structs for z responses
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)