NATS
v2.12.8Networking & MessagingNATS v2.12.8 is a substantial bug-fix release targeting JetStream stability — particularly clustered stream/consumer reliability, Raft edge cases, and a bearer JWT disclosure vulnerability in the monitoring API.
securityPatch immediately: /connz was leaking bearer JWTs
Any deployment using JWT-based auth with the monitoring endpoint exposed (even internally) was potentially leaking bearer tokens in /connz responses. Rotate any JWTs that may have been exposed, audit monitoring endpoint access logs, and upgrade to v2.12.8 now. If you can't upgrade immediately, restrict /connz access via firewall or NATS monitoring auth.
securityCLI argument secrets now redacted in monitoring
Route and cluster URLs passed as CLI arguments (which often contain credentials) were previously visible in monitoring output. Upgrade to v2.12.8 and review any monitoring dashboards or log aggregation pipelines that may have captured this data historically.
enhancementJetStream cluster operators: test your scaling and recovery paths
This release fixes several nasty edge cases — stream leader catch-up from snapshots, Raft commit index resets on term mismatches, in-flight assignment visibility for stream/consumer info, and the 'last sequence mismatch' error from failed proposals. If you've been seeing any of these intermittent errors in clustered JetStream, v2.12.8 is a high-priority upgrade. After upgrading, monitor for reduced error rates in stream info and consumer info endpoints during scaling operations.
主な変更 (5)
- Bearer JWTs no longer exposed via the /connz monitoring endpoint — direct security fix requiring immediate attention
- Route and cluster URL secrets are now redacted when passed as CLI arguments
- Multiple JetStream panic fixes: consumer pause endpoint, scaling after stream update, and legacy Raft snapshot recovery
- Stream sourcing duplicate message bug resolved for leafnode reconnection and proposal error scenarios
- Consumer starting sequence scan is now async, removing a metalayer pause that could cause latency spikes