github redpanda-data/redpanda v26.1.7
on GitHub

3 hours ago

Features

  • Add OAUTHBEARER SASL mechanism support to rpk, enabling OIDC-based authentication for the Kafka client, admin API, and schema registry. Pass the token via --password (raw value or token: format) with --sasl-mechanism OAUTHBEARER. by @david-yu in #30306
  • New cluster config oidc_http_proxy_url routes OIDC discovery and JWKS fetches through an HTTP forward proxy. Set to a URL of the form http://host:port or https://host:port to enable; leave unset (the default) to connect to the OIDC endpoint directly. When set, oidc_discovery_url must use https:// as plaintext OIDC endpoints through a forward proxy are not supported. The property is live-reloadable (no broker restart required). by @pgellert in #30407
  • Schema Registry now accepts /contexts/{context}/... prefixed URLs on all
    endpoints, allowing serde clients to target a non-default context by
    configuring their base URL (e.g. schema.registry.url=http://host:8081/contexts/.myctx). by @nguyen-andrew in #30363
  • rpk ai is a new managed plugin that installs and drives the Redpanda AI Gateway CLI (rpai). rpk ai install / upgrade / uninstall manage the binary; rpk ai <subcommand> runs rpai against the active rpk cloud profile's cluster (token via rpk cloud login, endpoint resolved from the cluster's AI Gateway v2 URL). by @simon0191 in #30304

Bug Fixes

  • Bare `rpk ai` (with the plugin installed) now prints the same help screen as `rpk ai --help`, including the `install`, `uninstall`, and `upgrade` subcommands. by @simon0191 in #30376
  • Fix a process abort when the tiered storage cache's local disk fills
    up while a segment download is in progress on a non-zero shard. by @nvartolomei in #30351
  • Fix an assertion crash in the cloud storage self-test when a multipart upload part failed mid-sequence. by @nvartolomei in #30346
  • Fixed schema registry returning 40403 when looking up Avro schemas that use unqualified named type references (e.g. "Inner") against registered schemas using fully-qualified references (e.g. "com.example.Inner") within
    the same namespace. by @ksitnik-tc in #30266
  • Fixed the vectorized_rpc_client_requests_pending gauge drifting
    over time. by @nvartolomei in #30295
  • Invalidates LSM iterators when exceptions are thrown. by @ballard26 in #30361
  • Upgraded OpenSSL from 3.5.5 to 3.5.6 to address CVE-2026-31790, which could allow an attacker supplying a malformed RSA public key to trigger use of uninitialized memory during RSA key encapsulation. by @tyson-redpanda in #30378
  • `rpk ai help`, `rpk ai version`, and `rpk ai ` no longer trigger an OAuth flow before responding. by @simon0191 in #30376

Improvements

  • Improves accuracy of TLS error reporting, making connection issues easier to diagnose. by @pgellert in #30289
  • #30271 Avoid potential oversized allocations in the segment index materialization path by @WillemKauf in #30275
  • rpk ai <sub> now reads the active cloud profile's cached AI Gateway URL (populated at profile creation) and only contacts the publicapi when the cache is empty, removing an extra round trip on every plugin invocation. by @simon0191 in #30304
  • PR #30317 cluster/metrics_reporter: report local and cloud topic counts by @nvartolomei
  • PR #30337 metastore: run requests on metastore scheduling group by @nvartolomei
  • PR #30343 bazel: update seastar to 4152d2fc by @pgellert
  • PR #30345 ct: reconcilation pending offset lag metric by @WillemKauf
  • PR #30383 utils: add and use xml utilities by @WillemKauf
  • PR #30405 tests: Remove DCV DT support by @StephanDollberg

Full Changelog: v26.1.6...v26.1.7

Check out latest releases or
releases around redpanda-data/redpanda v26.1.7

Don't miss a new redpanda release

NewReleases is sending notifications on new releases.

Get notifications