github nats-io/nats-server v2.11.16
Release v2.11.16
on GitHub

latest release: v2.12.7
10 hours ago

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

  • 1.25.9

CVEs

  • TBD

Fixed

General

  • no_auth_user is now restricted to client connections only
  • Overlapping wildcard patterns in ACL deny patterns are now enforced correctly
  • Queue subscriptions can no longer incorrectly bypass non-queue ACL deny patterns

Leafnodes

  • Pre-CONNECT guard improvements for leafnode connections, fixing a potential panic
  • ACL permissions are now correctly enforced for inbound leaf messages in all cases
  • Duplicate INFO permissions updates are now only accepted for solicited leaf connections
  • The max_payload limit is now correctly enforced for leafnode connections

WebSockets

  • The fast-path for connections with no CONNECT block will now use the WebSocket-specific no_auth_user instead of the global one if configured

Complete Changes

v2.11.15...v2.11.16

Check out latest releases or
releases around nats-io/nats-server v2.11.16

Don't miss a new nats-server release

NewReleases is sending notifications on new releases.

Get notifications