Skip to content

Releases: redpanda-data/redpanda

v26.1.12

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 28 Jun 05:05
767244b

Bug Fixes

  • Fixes a bug in which a generate_report() request to the transform system could result in a nullptr dereference at startup by @WillemKauf in #30910
  • Fixes a bug in which a stale read in the l0 write scheduler could result in a division by zero (raising SIGFPE). by @WillemKauf in #30920
  • Fixes a reactor stall seen when there are a large number of pending files in the Iceberg Topics coordinator. by @andrwng in #30880
  • PR #30929 [v26.1.x] datalake: Fix deleted namespace race for REST_HADOOP catalog by @wdberkeley
  • PR #30944 [v26.1.x] dt/kgo: surface worker crashes as descriptive errors by @nvartolomei

Improvements

Full Changelog: v26.1.11...v26.1.12

v26.1.11

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 25 Jun 23:58
746d652

Features

  • rpk --print-tree: emits the full rpk command tree as a single JSON document, suited for LLMs and automations. by @r-vasquez in #30834

Bug Fixes

  • Fix consumer group lag metrics inflated after retention or trim-prefix. by @bartoszpiekny-redpanda in #30870
  • Fixed shadow link replication advancing the shadow partition start
    offset past the source partition's start offset when a replicator
    resumes after a shadow partition leadership change. by @Lazin in #30819
  • Fixes a bug in which hung requests to the schema registry or in shadow linking could cause a deadlock during shutdown. by @WillemKauf in #30788
  • Fixes a crash that could occur in the Cloud Topics metastore upon certain errors from during metastore database compaction. by @andrwng in #30775
  • Fixes a wedge in multi-output transforms where a produce failure on one output topic silently stalled the processor instead of restarting it. by @WillemKauf in #30855
  • Upgrade krb5 to 1.22.2 to address CVE-2026-40355 and CVE-2026-40356 (NegoEx parsing vulnerabilities). by @tyson-redpanda in #30874
  • #30561 Fixed a bug in the schema registry where adding a new required field to a JSON schema was incorrectly allowed under BACKWARD compatibility mode. by @TheJohnMatti in #30563

Improvements

Full Changelog: v26.1.10...v26.1.11

v26.1.10

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 12 Jun 15:46
a617615

Features

  • New live-reloadable cluster configs oidc_http_proxy_username /
    oidc_http_proxy_password add HTTP Basic authentication to the OIDC forward
    proxy (oidc_http_proxy_url); set both to authenticate, leave unset for an
    anonymous proxy. The password is secret. by @nguyen-andrew in #30767

Bug Fixes

  • Fix schema evolution incorrectly rejecting new optional Iceberg columns whose nested types contain structurally-required fields (e.g. maps, whose keys are always required). by @nvartolomei in #30590
  • Fixed Avro schema lookup false negatives when equivalent nested primitive schemas used simple form, such as "string", and object form, such as {"type":"string"}. by @pgellert in #30641
  • Fixed a leak in the Iceberg translation subsystem where per-partition
    metrics were not released after a partition was removed from a broker. by @nvartolomei in #30706
  • Fixes a bug in the feature_table in which nodes which are holding back the cluster-wide cluster_version, when decommissioned, result in the cluster_version never being updated until a restart/controller leadership move is forced. by @WillemKauf in #30636
  • Fixes a bug where fetches against tiered storage could fail when retention advances past all segments and new segments are added. by @wdberkeley in #30637
  • Patched krb5 against CVE-2026-40355 (null pointer dereference) and CVE-2026-40356 (integer underflow) in NegoEx message parsing, both exploitable by an unauthenticated remote attacker to crash the process (CVSS 8.7). by @tyson-redpanda in #30572
  • The day partition transform now produces a date-typed partition
    column (matching the Iceberg spec) instead of int. by @mmaslankaprv in #30534
  • report Iceberg-disabled topics as DISABLED in translation_state response. by @bharathv in #30770

Improvements

  • Added a new cluster property iceberg_default_schema_case_insensitive with possible values of yes, no, or auto, default is auto. This property determines whether the Iceberg subsystem compares field names case-insensitively or not. The auto value means the system will attempt to detect if it should use case insensitive comparison. This will happen if the detected REST catalog is AWS Glue, which addresses a sporadic issue with AWS Glue where it would return field names lower-cased instead of verbatim. by @wdberkeley in #30577
  • Avoid recompression of unchanged batches in the local storage and cloud topics compaction implementation. by @WillemKauf in #30672
  • Optimize the segment_meta_cstore::insert_entries() path for the generic append case. by @WillemKauf in #30610
  • Prevent oversized allocations in the kafka layer when utilizing large consumer groups by @WillemKauf in #30753
  • Purging an Iceberg table managed by the filesystem catalog will now delete all the table's files, not just the metadata files. by @wdberkeley in #30698
  • The iceberg translation state REST endpoint now returns a partition
    state entry for every partition of the topic and reports the topic's
    partition_count. by @mmaslankaprv in #30657

Full Changelog: v26.1.9...v26.1.10

v25.3.15

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 04 Jun 21:12
9cfb9c8

Features

  • Add OAUTHBEARER SASL mechanism support to rpk, enabling OIDC-based authentication for the Kafka client, admin API, and schema registry. Pass the token via --password (raw value or token: format) with --sasl-mechanism OAUTHBEARER. by @david-yu in #30312

Bug Fixes

  • Allow combining aws_sigv4 Iceberg REST catalog authentication with the sts cloud credentials source. by @nvartolomei in #30554
  • Correctly decode variable-length Avro decimal payloads on the
    ingest path. by @nvartolomei in #30518
  • Fix Iceberg map columns being unreadable from strict Parquet readers
    (e.g. Apache Spark) due to a missing LogicalType.MAP annotation in
    the written Parquet schema. by @nvartolomei in #30458
  • Fix a process abort when the tiered storage cache's local disk fills
    up while a segment download is in progress on a non-zero shard. by @nvartolomei in #30352
  • Fix corruption of negative decimal partition values in Iceberg
    manifests for decimal columns whose precision does not require 16
    bytes (e.g. decimal(10,2)). by @nvartolomei in #30518
  • Fix schema evolution incorrectly rejecting new optional Iceberg columns whose nested types contain structurally-required fields (e.g. maps, whose keys are always required). by @nvartolomei in #30591
  • Fix tiered storage I/O remaining throttled at the previously-configured rate after cloud_storage_max_throughput_per_shard was unset. by @nvartolomei in #30472
  • Fixed Avro schema lookup false negatives when equivalent nested primitive schemas used simple form, such as "string", and object form, such as {"type":"string"}. by @pgellert in #30642
  • Fixed schema registry returning 40403 when looking up Avro schemas that use unqualified named type references (e.g. "Inner") against registered schemas using fully-qualified references (e.g. "com.example.Inner") within
    the same namespace. by @ksitnik-tc in #30267
  • Fixed the vectorized_rpc_client_requests_pending gauge drifting
    over time. by @nvartolomei in #30297
  • Fixes a bug in the feature_table in which nodes which are holding back the cluster-wide cluster_version, when decommissioned, result in the cluster_version never being updated until a restart/controller leadership move is forced. by @WillemKauf in #30634
  • Fixes a bug where fetches against tiered storage could fail when retention advances past all segments and new segments are added. by @wdberkeley in #30639
  • Fixes an issue that prevented raft followers across high-RTT links from establishing connections long enough to receive heartbeat request replies. by @ballard26 in #30550
  • Patched krb5 against CVE-2026-40355 (null pointer dereference) and CVE-2026-40356 (integer underflow) in NegoEx message parsing, both exploitable by an unauthenticated remote attacker to crash the process (CVSS 8.7). by @tyson-redpanda in #30571
  • Upgraded OpenSSL from 3.0.19 to 3.0.20 to address CVE-2026-31790, which could allow an attacker supplying a malformed RSA public key to trigger use of uninitialized memory during RSA key encapsulation. by @tyson-redpanda in #30239
  • Upgraded libxml2 to v2.15.3 to fix CVE-2026-6732 type confusion vulnerability in XSD validation. by @tyson-redpanda in #30394
  • #30439 Schema Registry: fixed protobuf compatibility checks incorrectly failing
    with MESSAGE_REMOVED when a map field is removed. by @QueLLL in #30440
  • #30504 Fixes a bug in which a double metric registration could occur when sts credentials were used for both iceberg and tiered_storage systems. by @WillemKauf in #30505
  • cluster: fix enterprise validation for iceberg enablement by @WillemKauf in #30526
  • datalake: stop bucketing unknown_error as file_io_error by @nvartolomei in #30617

Improvements

  • Backport features_auto_finalization cluster configuration option to allow opting out of automatic upgrade finalization before upgrading to v26.2. by @dotnwat in #30461
  • Optimize the segment_meta_cstore::insert_entries() path for the generic append case. by @WillemKauf in #30609
  • #30270 Avoid potential oversized allocations in the segment index materialization path by @WillemKauf in #30274
  • Avoid oversized alloc in compaction reducers by @StephanDollberg in #30218
  • Validate iceberg_rest_catalog_endpoint at config time by @WillemKauf in #30569
  • Trace schema evolution inputs by @nvartolomei in #30603

Full Changelog: v25.3.14...v25.3.15

v26.1.9

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 22 May 12:40
12a270d

Bug Fixes

  • Allow combining aws_sigv4 Iceberg REST catalog authentication with the sts cloud credentials source. by @nvartolomei in #30553
  • Correctly decode variable-length Avro decimal payloads on the ingest path. by @nvartolomei in #30517
  • Fix corruption of negative decimal partition values in Iceberg manifests for decimal columns whose precision does not require 16
    bytes (e.g. decimal(10,2)). by @nvartolomei in #30517
  • Fix parsing of Iceberg table metadata whose sort orders use the spec-canonical singular source-id field (e.g. metadata produced by Unity Catalog). by @mmaslankaprv in #30477
  • Fix tiered storage I/O remaining throttled at the previously-configured rate after cloud_storage_max_throughput_per_shard was unset. by @nvartolomei in #30473
  • Fixes an issue that prevented raft followers across high-RTT links from establishing connections long enough to receive heartbeat request replies. by @ballard26 in #30549
  • #30502 Fixes a bug in which a double metric registration could occur when sts credentials were used for both iceberg and tiered_storage systems. by @WillemKauf in #30503

Improvements

  • Backport features_auto_finalization cluster configuration option to allow opting out of automatic upgrade finalization before upgrading to v26.2. by @dotnwat in #30460
  • PR #30507 cloud_topics/l1: fix UB in db_domain_manager error-logging paths by @Lazin
  • PR #30509 storage: don't override with shard_local_cfg() in ntp_config helpers by @WillemKauf
  • PR #30527 cluster: fix enterprise validation for iceberg enablement by @WillemKauf
  • PR #30540 ct/l1: guard stop_collecting_logs() on local_is_initialized() by @WillemKauf
  • PR #30542 rpk: bump Go to 1.26.3, x/net to v0.54.0 (Snyk findings) by @twmb

Full Changelog: v26.1.8...v26.1.9

v26.1.8

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 14 May 12:16
c7962c0

Features

  • New configuration: iceberg_rest_catalog_credentials_host: The hostname to connect to for retrieving role-based credentials for the Iceberg REST catalog. May be required when the REST catalog uses a different credentials source than cloud storage — for example, if cloud storage is configured to use STS with a custom credentials host, but the REST catalog uses aws_instance_metadata, this should be set to 169.254.169.254 to prevent the cloud storage host override from applying to catalog credential requests. by @wdberkeley in #30446

Bug Fixes

  • Avoid OOM under memory fragmentation when there are many ACLs. by @pgellert in #30401
  • Fix Iceberg map columns being unreadable from strict Parquet readers
    (e.g. Apache Spark) due to a missing LogicalType.MAP annotation in
    the written Parquet schema. by @nvartolomei in #30457
  • Fix an issue with Clout Topics garbage collection where deleting all cloud topics could leave stale objects in the bucket, forever. by @oleiman in #30283
  • Iceberg REST catalog credential refresh requests were sent to the wrong host when cloud_storage_credentials_host was set. The host override intended for cloud storage was applied globally, causing catalog credential fetches to fail if the catalog used a different credentials source with a different expected endpoint. by @wdberkeley in #30446
  • Upgraded libxml2 to v2.15.3 to fix CVE-2026-6732 type confusion vulnerability in XSD validation. by @tyson-redpanda in #30393
  • #30437 Schema Registry: fixed protobuf compatibility checks incorrectly failing
    with MESSAGE_REMOVED when a map field is removed. by @QueLLL in #30438
  • rpk/debug/bundle: dedup admin addresses across host forms by @hidalgopl in #30411
  • PR #30313 kafka/server: cap fetch memory allocation at max message size limit by @ballard26

Full Changelog: v26.1.7...v26.1.8

v26.1.7

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 08 May 12:48
ebee215

Features

  • Add OAUTHBEARER SASL mechanism support to rpk, enabling OIDC-based authentication for the Kafka client, admin API, and schema registry. Pass the token via --password (raw value or token: format) with --sasl-mechanism OAUTHBEARER. by @david-yu in #30306
  • New cluster config oidc_http_proxy_url routes OIDC discovery and JWKS fetches through an HTTP forward proxy. Set to a URL of the form http://host:port or https://host:port to enable; leave unset (the default) to connect to the OIDC endpoint directly. When set, oidc_discovery_url must use https:// as plaintext OIDC endpoints through a forward proxy are not supported. The property is live-reloadable (no broker restart required). by @pgellert in #30407
  • Schema Registry now accepts /contexts/{context}/... prefixed URLs on all
    endpoints, allowing serde clients to target a non-default context by
    configuring their base URL (e.g. schema.registry.url=http://host:8081/contexts/.myctx). by @nguyen-andrew in #30363
  • rpk ai is a new managed plugin that installs and drives the Redpanda AI Gateway CLI (rpai). rpk ai install / upgrade / uninstall manage the binary; rpk ai <subcommand> runs rpai against the active rpk cloud profile's cluster (token via rpk cloud login, endpoint resolved from the cluster's AI Gateway v2 URL). by @simon0191 in #30304

Bug Fixes

  • Bare `rpk ai` (with the plugin installed) now prints the same help screen as `rpk ai --help`, including the `install`, `uninstall`, and `upgrade` subcommands. by @simon0191 in #30376
  • Fix a process abort when the tiered storage cache's local disk fills
    up while a segment download is in progress on a non-zero shard. by @nvartolomei in #30351
  • Fix an assertion crash in the cloud storage self-test when a multipart upload part failed mid-sequence. by @nvartolomei in #30346
  • Fixed schema registry returning 40403 when looking up Avro schemas that use unqualified named type references (e.g. "Inner") against registered schemas using fully-qualified references (e.g. "com.example.Inner") within
    the same namespace. by @ksitnik-tc in #30266
  • Fixed the vectorized_rpc_client_requests_pending gauge drifting
    over time. by @nvartolomei in #30295
  • Invalidates LSM iterators when exceptions are thrown. by @ballard26 in #30361
  • Upgraded OpenSSL from 3.5.5 to 3.5.6 to address CVE-2026-31790, which could allow an attacker supplying a malformed RSA public key to trigger use of uninitialized memory during RSA key encapsulation. by @tyson-redpanda in #30378
  • `rpk ai help`, `rpk ai version`, and `rpk ai ` no longer trigger an OAuth flow before responding. by @simon0191 in #30376

Improvements

  • Improves accuracy of TLS error reporting, making connection issues easier to diagnose. by @pgellert in #30289
  • #30271 Avoid potential oversized allocations in the segment index materialization path by @WillemKauf in #30275
  • rpk ai <sub> now reads the active cloud profile's cached AI Gateway URL (populated at profile creation) and only contacts the publicapi when the cache is empty, removing an extra round trip on every plugin invocation. by @simon0191 in #30304
  • PR #30317 cluster/metrics_reporter: report local and cloud topic counts by @nvartolomei
  • PR #30337 metastore: run requests on metastore scheduling group by @nvartolomei
  • PR #30343 bazel: update seastar to 4152d2fc by @pgellert
  • PR #30345 ct: reconcilation pending offset lag metric by @WillemKauf
  • PR #30383 utils: add and use xml utilities by @WillemKauf
  • PR #30405 tests: Remove DCV DT support by @StephanDollberg

Full Changelog: v26.1.6...v26.1.7

v26.1.6

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 22 Apr 01:35
20875b5

Bug Fixes

  • Changes to cloud_storage_throughput_limit_percent cluster config now take effect at runtime instead of being ignored until restart. by @nvartolomei in #30233
  • Fixes a potential deadlock arising from race between raft snapshots and transaction opertions. by @bharathv in #30226
  • Prevents a potential oversized allocation in kafka protocol parsing of tagged fields by @rockwotj in #30166
  • PR #30209 [v26.1.x] utils: fix token bucket underflow after rate decrease by @nvartolomei

Improvements

  • Better guard against malformed requests when parsing kafka messages by @rockwotj in #30196
  • Cloud topics long-term storage metadata will now be managed as a part of the cloud cache. by @andrwng in #30201
  • PR #30180 [v26.1.x] c/rm_stm: downgrade log level of skipping cleanup by @bharathv
  • PR #30212 [v26.1.x] cloud_io: release client lease before retry backoff sleep by @nvartolomei
  • PR #30215 [v26.1.x] storage: Avoid oversized alloc in compaction reducers by @StephanDollberg
  • PR #30221 [v26.1.x] lsm/io: skip delete_objects call when no keys to delete by @nvartolomei
  • PR #30234 [v26.1.x] ct/l1: remove unnecessary std::to_underlying in error formatting by @nvartolomei

Full Changelog: v26.1.5...v26.1.6

v25.3.14

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 16 Apr 14:42
b6e62de

Bug Fixes

  • Fixes a rare crash due to race condition between transaction related operations and partition shutdown. by @bharathv in #30084
  • Prevents a potential oversized allocation in kafka protocol parsing of tagged fields by @rockwotj in #30167
  • Security: Prevent the default OpenSSL config from being loaded from the host machine (OPENSSL_CONF env var or /etc/ssl/openssl.cnf file) in self-hosted installations to ensure that only redpanda configs control the crypto and TLS settings of the broker. by @pgellert in #30144

Improvements

  • Don't error on potentially unknown cluster properties when attempting to issue removal requests through the admin API. by @WillemKauf in #30061

Full Changelog: v25.3.13...v25.3.14

v26.1.5

Choose a tag to compare

@vbotbuildovich vbotbuildovich released this 15 Apr 14:20
3a6d76e

Bug Fixes

  • Prevent the default OpenSSL config from being loaded from the host machine (OPENSSL_CONF env var or /etc/ssl/openssl.cnf file) in self-hosted installations to ensure that only redpanda configs control the crypto and TLS settings of the broker. by @pgellert in #30141
  • fixes a 3-way circular deadlock can occur in rm_stm involving. The deadlock can happen when processing transactions by @mmaslankaprv in #30153

Full Changelog: v26.1.4...v26.1.5