github alibaba/nacos 3.2.1
3.2.1 (Apr 23th, 2026)
on GitHub

9 hours ago

Nacos 3.2.1 is a patch release focused on critical bug fixes and feature enhancements for issues discovered in 3.2.0. This release delivers significant improvements to AI Registry functionality, database compatibility, security, and console user experience.

Key highlights include:

  • AI Registry Maturity: Complete Prompt lifecycle management with UI, A2A AgentCard v1 protocol support, skill bizTag filtering, and resource spec storage for MCP servers
  • Security Enhancements: Fixed LDAP authentication bypass vulnerability, added OIDC/OAuth2 SSO login support for both consoles
  • Database Compatibility: Comprehensive PostgreSQL, Oracle, MySQL, and Derby fixes including deterministic pagination and schema timestamp issues
  • Dependency Upgrades: Spring Boot 3.5.13, MCP SDK 0.17.0, and log4j-core 2.25.4
  • Concurrency & Reliability: Eliminated race conditions in AI publish pipeline, naming module, client failover, and config export operations
  • Console UX: Fixed configuration editing errors, namespace ID validation, batch import, token expiry handling, and UI bugs in both legacy and next consoles

Feature

  • [#14621] A2A Registry 1.0 adapter with unified and normalized supported interfaces in agent card handling
  • [#14796] Add MCP server resource specification support
  • [#14807] Add Prompt lifecycle management UI for both legacy and next consoles
  • [#14809] Enhance AI resource list APIs with filters and ordering support
  • [#14847] Support AI resource subtype parsing in authentication plugin
  • [#14895] Support filtering skills by bizTag in list API and console UI
  • [#14794] Support force-publish skills for admin user

Enhancement/Refactor

  • [#14743] Close CallableStatement in DerbySnapshotOperation to prevent JDBC resource leak
  • [#14750] Fix check-then-act race condition in FailoverReactor.isFailoverSwitch
  • [#14751] Fix check-then-act race conditions on ConcurrentHashMap in naming module
  • [#14784] Validate input parameters in ops controller forms for better security
  • [#14806] Improve cluster metrics aggregation completeness signal in v3 API
  • [#14818] Improve cluster metrics aggregation completeness signal in v3 API
  • [#14822] Extract duplicated logic from SkillOperationServiceImpl and AgentSpecOperationServiceImpl into AiResourceManager and VersionUtils
  • [#14834] Upgrade UI dependencies for both legacy and next consoles
  • [#14873] Add config option to enable or disable visibility plugin
  • [#14883] Add default scope resolution for new resource creation in visibility plugin
  • [#14884] Standardize pipeline API and fix legacy console UI bugs
  • [#14893] Add copilot feature toggle and redesign plugin management layout
  • [#14927] Fix TOCTOU race condition and thread leak in ClientWorker.ensureSyncExecutor()
  • [#14928] Fix TOCTOU race condition in removeSubscriberIndexes causing data loss

BugFix

  • [#14046] Fix ConfigInfoMapperByMySql.findConfigInfoLike4PageFetchRows result accuracy on MySQL
  • [#14741] Add ORDER BY to findConfigInfoLike4PageFetchRows for deterministic pagination
  • [#14742] Add ORDER BY to findConfigInfo4PageFetchRows for deterministic pagination
  • [#14746] Add ORDER BY to remaining MySQL pagination queries for deterministic results
  • [#14747] Add ORDER BY to Oracle pagination queries for deterministic results
  • [#14748] Add ORDER BY to Derby pagination queries for deterministic results
  • [#14764] Fix namespace ID validation issue in new UI when adding custom namespace
  • [#14765] Fix configuration file editing error in 3.2 console
  • [#14768] Fix /v3/console/ai/mcp/importToolsFromMcp failure due to json-schema-validator dependency conflict
  • [#14771] Fix batch import failure in legacy console UI
  • [#14775] Add missing OIDC-related configurations to application.properties template
  • [#14778] Fix clusterName forced to DEFAULT in v3 HTTP API
  • [#14783] Remove downloadSkillZip from AiClientProxy interface and route skill download directly to HTTP client
  • [#14786] Eliminate race condition in AI publish pipeline by pre-generating executionId
  • [#14810] Fix PostgreSQL schema default timestamp issues causing startup failures
  • [#14812] Set default timestamps to current time in Oracle and PostgreSQL schemas
  • [#14828] Fix cross-type version contamination when querying ai_resource_version by name
  • [#14832] Fix PostgreSQL compatibility issues for AI resource persistence and capacity modules
  • [#14836] Fix cross-type version contamination in ai_resource_version queries
  • [#14837] Enforce type isolation for ai_resource_version queries
  • [#14843] Fix ActionTypes.WRITE to ActionTypes.READ for getting instance detail in InstanceControllerV3
  • [#14849] Fix instance detail permission check in InstanceControllerV3
  • [#14852] Fix prompt bizTags handling in both legacy and next UIs
  • [#14853] Fix login page loop and header when auth is disabled in next console
  • [#14856] Redirect to login page on token invalid/expired responses
  • [#14862] Fix LDAP authentication bypass via hardcoded credentials in proxy user synchronization
  • [#14875] Fix misleading error messages in maintainer-client ParamUtil
  • [#14886] Fix legacy console UI bugs and improve robustness
  • [#14892] Fix misleading value reporting in maintainer-client when timeout/retry properties are invalid
  • [#14908] Fix skill content loss in SkillRemoteHandler#createDraft when passing skillCard as targetVersion
  • [#14910] Add null check for optional ids parameter in exportConfigV2
  • [#14915] Add null check for metaDataItem in config import
  • [#14917] Reject login with LDAP-prefixed usernames to prevent auth bypass
  • [#14947] Fix exception when adding Prompt page in console

Dependencies

  • [#14782] Upgrade MCP SDK to 0.17.0 to resolve json-schema-validator conflict
  • [#14834] Upgrade UI dependencies (both legacy and next consoles)
  • [#14910] Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4
  • [#14955] Upgrade Spring Boot from 3.4.10 to 3.5.13

⚠️ Breaking Changes & Migration Notes

Database Schema Updates (Critical)

Action Required: This release includes critical fixes for PostgreSQL, Oracle, MySQL, and Derby schemas, particularly around default timestamp values and ORDER BY clauses for deterministic pagination.

Before upgrading:

  1. Backup your existing database
  2. Apply the updated schema script: conf/schema.sql (for your database type)
  3. Restart Nacos server after schema migration

Affected databases:

  • PostgreSQL: Default timestamp fixes, AI resource persistence compatibility
  • Oracle: Default timestamp fixes
  • MySQL: Pagination query accuracy improvements
  • Derby: ORDER BY clause additions, JDBC resource leak fixes

Failure to apply schema changes may result in:

  • Database startup failures (PostgreSQL)
  • Inconsistent pagination results
  • JDBC resource leaks
  • AI resource version contamination

OIDC/OAuth2 SSO Configuration

This release adds OIDC/OAuth2 SSO login support for both legacy and next consoles. To enable: 

# OIDC Configuration
nacos.auth.oidc.enabled=true
nacos.auth.oidc.issuer-uri=<your-oidc-issuer-uri>
nacos.auth.oidc.client-id=<your-client-id>
nacos.auth.oidc.client-secret=<your-client-secret>
nacos.auth.oidc.redirect-uri=${domain}/v3/console/login

Java Version Requirements

Module Java Required
Nacos-Server / Nacos-Console Java 17
Nacos-Client Java 8
Nacos-Maintainer-Client Java 8

📚 What's New in AI Registry

A2A Registry 1.0

  • AgentCard v1 Protocol: Full support for A2A AgentCard v1 protocol with extended capabilities
  • Unified Interfaces: Normalized and validated supported interfaces in agent card handling
  • Version Meta API: New API to query agent spec metadata without loading full content

New Contributors

Full Changelog: 3.2.0...3.2.1

Check out latest releases or
releases around alibaba/nacos 3.2.1

Don't miss a new nacos release

NewReleases is sending notifications on new releases.

Get notifications