Dapr 1.16.9

This update includes bug fixes:

Upgade Go to 1.24.13
Pulsar PubSub subscription options ignored

Upgade Go to 1.24.13

Problem

Vulnerability #1: GO-2026-4341
Vulnerability #2: GO-2026-4340

Impact

Root Cause

Solution

Upgrade Go to 1.24.13 ### References - Go 1.24.13 Release Notes

Pulsar PubSub subscription options ignored

Problem

The Pulsar PubSub component ignored subscribeInitialPosition and subscribeMode metadata when creating subscriptions.

Impact

Subscriptions did not reflect configured metadata, leading to unexpected consumption behavior.

Root Cause

Subscribe() used hardcoded constants instead of the metadata-derived values for subscribeInitialPosition and subscribeMode.

Solution

Subscribe() now uses p.metadata.SubscriptionInitialPosition and p.metadata.SubscriptionMode, and a regression test verifies metadata is applied to consumer options.

dapr/dapr v1.16.9 Dapr Runtime v1.16.9 on GitHub

Dapr 1.16.9

Upgade Go to 1.24.13

Problem

Impact

Root Cause

Solution

Pulsar PubSub subscription options ignored

Problem

Impact

Root Cause

Solution

dapr/dapr v1.16.9
Dapr Runtime v1.16.9

on GitHub