TL;DR: Patch release fixing a migration regression from 26.4.0 and a critical SAML SSO security vulnerability. Upgrade promptly.
Warning
⚠️ Security Advisory: This release patches GHSA-rcmw-7mc7-3rj7 — improper authentication in the SAML SSO flow. If you're using SAML SSO, this is a required upgrade.
No configuration changes required.
SeaweedFS Now Actually Running Its Cleanup Workers
Turns out the SeaweedFS all-in-one binary doesn't spawn its worker and admin modules automatically, which meant cleanup processes were never running. This had been reported a few times, but issue #4106 finally made the picture clear enough to act on.
We've added two dedicated containers to handle this properly. Don't fret about the footprint — they're written in Go, so resource overhead is minimal. Cleanup will now actually happen as intended.
Thanks to everyone who reported this and helped validate the patch.
Taskworker Memory Leak Under High Ingestion
If you're running high ingestion throughput, you may have hit the taskworker memory leak reported in issue #4265. We've addressed it by adding --max-child-task-count to the default taskworker container configuration.
One heads-up: if you've set up workload isolation for taskworker via docker-compose.override.yml, you'll need to add that flag manually to your overrides — it won't carry over automatically.
Other Notable Fixes
- OpenTelemetry projects no longer crash Insights → Backend page. Full OTel project support was causing a crash there; that's resolved. (#4262)
- Reduced ClickHouse CPU usage by suppressing additional redundant data points. (#4266)
- PostgreSQL bumped to 14.22 (patch version). Worth noting: migration to PostgreSQL 17 is coming — it's currently in testing on SaaS, so self-hosted support won't be far behind.
Questions or want to talk through your setup? Find us on Sentry's Discord — always happy to chat.