Update dependency io.seata:seata-server to v1.7.1

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
io.seata:seata-server (source)	compile	minor	1.5.0 → 1.7.1

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability
Critical	10.0	CVE-2024-1597
Critical	9.8	CVE-2021-42392
Critical	9.8	CVE-2022-23221
Critical	9.8	CVE-2024-50379
Critical	9.8	CVE-2024-52316
Critical	9.8	CVE-2025-24813
Critical	9.8	CVE-2025-31651
Critical	9.6	CVE-2025-55754
Critical	9.1	CVE-2023-34034
High	8.6	CVE-2024-38286
High	8.1	CVE-2021-23463
High	8.1	CVE-2024-22259
High	8.1	CVE-2025-27818
High	8.1	WS-2019-0490
High	7.5	CVE-2020-11979
High	7.5	CVE-2021-35515
High	7.5	CVE-2021-35516
High	7.5	CVE-2021-35517
High	7.5	CVE-2021-36090
High	7.5	CVE-2022-34917
High	7.5	CVE-2022-42003
High	7.5	CVE-2022-42004
High	7.5	CVE-2022-45143
High	7.5	CVE-2023-20860
High	7.5	CVE-2023-20883
High	7.5	CVE-2023-24998
High	7.5	CVE-2023-44487
High	7.5	CVE-2023-44487
High	7.5	CVE-2023-46589
High	7.5	CVE-2024-24549
High	7.5	CVE-2024-38819
High	7.5	CVE-2025-27819
High	7.5	CVE-2025-48976
High	7.5	CVE-2025-48988
High	7.5	CVE-2025-48989
High	7.3	CVE-2024-12798
High	7.3	CVE-2024-12798
High	7.1	CVE-2022-31197
Medium	6.6	CVE-2023-25194
Medium	6.5	CVE-2023-20861
Medium	6.5	CVE-2023-20863
Medium	6.5	CVE-2024-31141
Medium	6.5	CVE-2025-49125
Medium	6.5	CVE-2025-55668
Medium	6.3	CVE-2020-1945
Medium	6.3	CVE-2024-23672
Medium	6.1	CVE-2023-41080
Medium	5.5	CVE-2021-36373
Medium	5.5	CVE-2021-36374
Medium	5.3	CVE-2022-41881
Medium	5.3	CVE-2023-42795
Medium	5.3	CVE-2023-45648
Medium	5.3	CVE-2024-38809
Medium	5.3	CVE-2025-58057
Medium	5.3	CVE-2025-58057
Medium	4.8	CVE-2024-38827
Medium	4.7	CVE-2022-41946
Medium	4.3	CVE-2023-28708

---

Release Notes

seata/seata (io.seata:seata-server)

v1.7.1: (Not Apache release)

Compare Source

Seata 1.7.1 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature:

• [#​5803] docker image supports JVM parameter injection

bugfix:

• [#​5749] case of the pk col-name in the business sql is inconsistent with the case in the table metadata, resulting in a rollback failure
• [#​5762] change some fields type of TableMetaCache to avoid integer overflow
• [#​5769] fix the problem that the parameter prefix requirement of the setAttachment method in sofa-rpc is not met
• [#​5814] fix XA transaction start exception and rollback failure
• [#​5771] insert executor keywords unescape
• [#​5819] fix oracle column alias cannot find

optimize:

• [#​5804] optimize docker default timezone
• [#​5815] support the nacos application name property
• [#​5820] unified log output directory
• [#​5822] upgrade some deprecated github actions

security:

• [#​5728] fix some dependencies vulnerability
• [#​5766] fix some serializer vulnerabilities

Thanks to these contributors for their code commits. Please report an unintended omission.

• slievrly
• capthua
• robynron
• dmego
• xingfudeshi
• hadoop835
• a364176773
• DroidEye2ONGU

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

v1.7.0: (Not Apache release)

Compare Source

Seata 1.7.0 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature:

• [#​5476] first support native-image for seata-client
• [#​5495] console integration saga-statemachine-designer
• [#​5668] compatible with file.conf and registry.conf configurations in version 1.4.2 and below

bugfix:

• [#​5682] fix saga mode replay context lost startParams
• [#​5671] fix saga mode serviceTask inputParams json autoType convert exception
• [#​5194] fix wrong keyword order for oracle when creating a table
• [#​5021] fix JDK Reflection for Spring origin proxy failed in JDK17
• [#​5023] fix seata-core dependency transitive conflict in seata-dubbo
• [#​5224] fix oracle initialize script index_name is duplicate
• [#​5233] fix the inconsistent configuration item names related to LoadBalance
• [#​5266] fix server console has queried the released lock
• [#​5245] fix the incomplete dependency of distribution module
• [#​5239] fix getConfig throw ClassCastException when use JDK proxy
• [#​5281] parallel request handle throw IndexOutOfBoundsException
• [#​5288] fix auto-increment of pk columns in Oracle in AT mode
• [#​5287] fix auto-increment of pk columns in PostgreSQL in AT mode
• [#​5299] fix GlobalSession deletion when retry rollback or retry commit timeout
• [#​5307] fix that keywords don't add escaped characters
• [#​5311] remove RollbackRetryTimeout sessions during in file storage recover
• [#​4734] check if table meta cache should be refreshed in AT mode
• [#​5316] fix G1 jvm parameter in jdk8
• [#​5321] fix When the rollback logic on the TC side returns RollbackFailed, the custom FailureHandler is not executed
• [#​5332] fix bugs found in unit tests
• [#​5145] fix global session is always begin in saga mode
• [#​5413] fix bad service configuration file and compilation failure
• [#​5415] fix transaction timeout on client side not execute hook and failureHandler
• [#​5447] fix oracle xa mode cannnot be used By same database
• [#​5472] fix if using @GlobalTransactional in RM, ShouldNeverHappenException will be thrown
• [#​5535] fix the log file path was loaded incorrectly
• [#​5538] fix finished transaction swallows exception when committing
• [#​5539] fix the full table scan issue with 'setDate' condition in Oracle 10g
• [#​5540] fix GlobalStatus=9 can't be cleared in DB storage mode
• [#​5552] fix mariadb rollback failed
• [#​5583] fix grpc interceptor xid unbinding problem
• [#​5602] fix log in participant transaction role
• [#​5645] fix oracle insert undolog failed
• [#​5659] fix the issue of case sensitivity enforcement on the database after adding escape characters to keywords
• [#​5663] fix the timeout is null when the connectionProxyXA connection is reused
• [#​5675] fix compatibility between xxx.grouplist and grouplist.xxx configuration items
• [#​5690] fix console print unauthorized error
• [#​5711] fix get configuration item contains underlined error

optimize:

• [#​5208] optimize throwable getCause once more
• [#​5212] optimize log message level
• [#​5237] optimize exception log message print(EnhancedServiceLoader.loadFile#cahtch)
• [#​5089] optimize the check of the delay value of the TCC fence log clean task
• [#​5243] optimize kryo 5.4.0 optimize compatibility with jdk17
• [#​5153] Only AT mode try to get channel with other app
• [#​5177] If server.session.enable-branch-async-remove is true, delete the branch asynchronously and unlock it synchronously.
• [#​5273] optimize the compilation configuration of the protobuf-maven-plugin plug-in to solve the problem of too long command lines in higher versions.
• [#​5303] remove startup script the -Xmn configuration
• [#​5325] add store mode,config type and registry type log info
• [#​5315] optimize the log of SPI
• [#​5323] add time info for global transaction timeout log
• [#​5414] optimize transaction fail handler
• [#​5537] optimize transaction log on client side
• [#​5541] optimize server log output
• [#​5548] update expire gpg key and publish workflow
• [#​5638] optimize: set server's transaction level to READ_COMMITTED
• [#​5646] refactor ColumnUtils and EscapeHandler
• [#​5648] optimize server logs print
• [#​5647] support case-sensitive attributes for table and column metadata
• [#​5678] optimize escape character for case of columnNames
• [#​5684] optimize github actions for CodeQL, skywalking-eyes and checkout
• [#​5700] optimize distributed lock log

security:

• [#​5172] fix some security vulnerabilities
• [#​5683] add Hessian Serializer WhiteDenyList
• [#​5696] fix several node.js security vulnerabilities

test:

• [#​5380] fix UpdateExecutorTest failed
• [#​5382] fix multi spring version test failed

Thanks to these contributors for their code commits. Please report an unintended omission.

• slievrly
• xssdpgy
• albumenj
• PeppaO
• yuruixin
• dmego
• CrazyLionLi
• xingfudeshi
• Bughue
• pengten
• wangliang181230
• GoodBoyCoder
• a364176773
• isharpever
• ZhangShiYeChina
• mxsm
• l81893521
• liuqiufeng
• yixia
• jumtp

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

v1.6.1: (Not Apache release)

Compare Source

Seata 1.6.1 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature:

• [#​5115] support for spring-boot:3.x

bugfix:

• [#​5179] fix ClassNotFoundException when server starts using Eureka

optimize:

• [#​5120] unify the format of configuration items in yml files
• [#​5180] GlobalTransactionScanner,SeataAutoDataSourceProxyCreator declare @​bean methods as static
• [#​5182] fix some security vulnerabilities in GGEditor
• [#​5183] optimize the default values for some switches

Thanks to these contributors for their code commits. Please report an unintended omission.

• slievrly
• wangliang181230
• xingfudeshi
• whxxxxx
• xssdpgy

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

v1.6.0: (Not Apache release)

Compare Source

Seata 1.6.0 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature：

• [#​4863] support oracle and postgresql multi primary key
• [#​4649] seata-server support multiple registry
• [#​4779] support Apache Dubbo3
• [#​4479] TCC mode supports tcc annotation marked on both interface and implementation class
• [#​4877] seata client support jdk17
• [#​4914] support mysql update join sql
• [#​4542] support oracle timestamp types
• [#​5111] support Nacos contextPath
• [#​4802] dockerfile support arm64

bugfix：

• [#​4780] fix can't post TimeoutRollbacked event after a successful timeout rollback
• [#​4954] fix output expression incorrectly throws npe
• [#​4817] fix in high version springboot property not Standard
• [#​4838] fix when use Statement.executeBatch() can not generate undo log
• [#​4533] fix rollback event repeated and some event status not correct
• [#​4912] fix mysql InsertOnDuplicateUpdate column case is different and cannot be matched
• [#​4543] fix support Oracle nclob types
• [#​4915] fix failed to get server recovery properties
• [#​4919] fix XID port and address null:0 before coordinator.init
• [#​4928] fix rpcContext.getClientRMHolderMap NPE
• [#​4953] fix InsertOnDuplicateUpdate bypass modify pk
• [#​4978] fix kryo support circular reference
• [#​4874] fix startup failure by using OpenJDK 11
• [#​5018] fix loader path in startup scripts
• [#​5004] fix duplicate image row for update join
• [#​5032] fix mysql InsertOnDuplicateUpdate sql query error caused by placeholder index calculation error
• [#​5033] fix null exception when sql columns is empty for insert on duplicate
• [#​5038] remove @​EnableConfigurationProperties({SagaAsyncThreadPoolProperties.class})
• [#​5050] fix global session is not change to Committed in saga mode
• [#​5052] fix update join condition placeholder param error
• [#​5031] fix mysql InsertOnDuplicateUpdate should not use null index value as image sql query condition
• [#​5075] fix InsertOnDuplicateUpdateExecutor could not intercept the sql which has no primary and unique key
• [#​5093] fix access key loss after seata server restart
• [#​5092] fix when seata and jpa are used together, their AutoConfiguration order is incorrect
• [#​5109] fix NPE caused when there is no @​GlobalTransactional annotation on the RM side
• [#​5098] Druid disable oracle implicit cache
• [#​4860] fix metrics tags coverage in the seata-server side
• [#​5028] fix insert value null parsed as string in insert on duplicate SQL
• [#​5078] fix could not intercept the sql witch has no primary and unique key
• [#​5097] fix access key loss after server restart
• [#​5131] fix rollback xa connection active state
• [#​5134] fix hikari datasource auto proxy fail
• [#​5163] fix bad service configuration file and compilation failure

optimize：

• [#​4774] optimize mysql8 dependencies for seataio/seata-server image
• [#​4790] Add a github action to publish Seata to OSSRH
• [#​4765] mysql 8.0.29 not should be hold for connection
• [#​4750] optimize unBranchLock romove xid
• [#​4797] optimize the github actions
• [#​4800] Add NOTICE as Apache License V2
• [#​4681] optimize the check lock during global transaction
• [#​4761] use hget replace hmget because only one field
• [#​4414] exclude log4j dependencies
• [#​4836] optimize BaseTransactionalExecutor#buildLockKey(TableRecords rowsIncludingPK) method more readable
• [#​4865] fix some security vulnerabilities in GGEditor
• [#​4590] auto degrade enable to dynamic configure
• [#​4490] tccfence log table delete by index
• [#​4911] add license checker workflow
• [#​4917] upgrade package-lock.json fix vulnerabilities
• [#​4924] optimize pom dependencies
• [#​4932] extract the default values for some properties
• [#​4925] optimize java doc warning
• [#​4921] fix some vulnerabilities in console and upgrade skywalking-eyes
• [#​4936] optimize read of storage configuration
• [#​4946] pass the sqlexception to client when get lock
• [#​4962] optimize build and fix the base image
• [#​4974] optimize cancel the limit on the number of globalStatus queries in Redis mode
• [#​4981] optimize tcc fence record not exists errMessage
• [#​4985] fix undo_log id repeat
• [#​4995] fix mysql InsertOnDuplicateUpdate duplicate pk condition in after image query sql
• [#​5047] remove useless code
• [#​5051] undo log dirty throw BranchRollbackFailed_Unretriable
• [#​5075] intercept the InsertOnDuplicateUpdate statement which has no primary key and unique index value
• [#​5104] remove the druid dependency in ConnectionProxy
• [#​5124] support oracle on delete tccfence logs
• [#​4468] support kryo 5.3.0
• [#​4807] optimize docker image and oss publish
• [#​4445] optimize transaction timeout judgment
• [#​4958] do not execute triggerAfterCommit() if timeout
• [#​4582] redis mode support sorted set by timeout
• [#​4963] add ARM64 CI workflow
• [#​4434] remove seata-server's CMS parameters

Thanks to these contributors for their code commits. Please report an unintended omission.

• slievrly
• renliangyu857
• wangliang181230
• a364176773
• tuwenlin
• conghuhu
• a1104321118
• duanqiaoyanyu
• robynron
• lcmvs
• github-ganyu
• 1181954449
• zw201913
• wingchi-leung
• AlexStocks
• liujunlin5168
• pengten
• liuqiufeng
• yujianfei1986
• Bughue
• AlbumenJ
• doubleDimple
• jsbxyyx
• tuwenlin
• CrazyLionLi
• whxxxxx
• neillee95
• crazy-sheep
• zhangzq7
• l81893521
• zhuyoufeng
• xingfudeshi
• odidev
• miaoxueyu

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

v1.5.2: (Not Apache release)

Seata 1.5.2 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature：

• [#​4661] support xid consistency load balance
• [#​4676] support server to expose Nacos services by mounting SLB
• [#​4642] support batch message parallel processing
• [#​4567] support where method condition(find_in_set)

bugfix：

• [#​4515] fix the error of SeataTCCFenceAutoConfiguration when database unused
• [#​4661] fix sql exception with PostgreSQL in module console
• [#​4667] fix the exception in RedisTransactionStoreManager for update map During iteration
• [#​4678] fix the error of key transport.enableRmClientBatchSendRequest cache penetration if not configure
• [#​4701] fix missing command line args
• [#​4607] fix bug on skipping lock check
• [#​4696] fix oracle database insert value
• [#​4726] fix batch message send may return NullPointException
• [#​4729] fix set AspectTransactional.rollbackForClassName with wrong value
• [#​4653] fix the sql exception when pk is non-numeric in INSERT_ON_DUPLICATE SQL

optimize：

• [#​4650] fix some security vulnerabilities
• [#​4670] optimize the thread pool size of branchResultMessageExecutor
• [#​4662] optimize rollback transaction metrics
• [#​4693] optimize the console navigation bar
• [#​4700] fix maven-compiler-plugin and maven-resources-plugin execute failed
• [#​4711] separate lib dependencies for deployments
• [#​4720] optimize pom description
• [#​4728] upgrade logback dependency to 1.2.9
• [#​4745] support mysql8 in release package
• [#​4626] Replace flatten-maven-plugin with easyj-maven-plugin to fix the conflict between shade and flatten
• [#​4629] check relation of before status and after status when updating global session
• [#​4662] make EnhancedServiceLoader more readable

test:

• [#​4544] optimize jackson dependencies in TransactionContextFilterTest
• [#​4731] fix UT failed in AsyncWorkerTest and LockManagerTest

Thanks to these contributors for their code commits. Please report an unintended omission.

• slievrly
• pengten
• YSF-A
• tuwenlin
• Ifdevil
• wingchi-leung
• liurong
• opelok-z
• a364176773
• 2129zxl
• Smery-lxm
• doubleDimple
• wangliang181230
• Bughue
• AYue-94
• lingxiao-wu
• caohdgege

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

---

• If you want to rebase/retry this PR, check this box