Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.9

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

• 1.24.7 (#7273)

Dependencies

• golang.org/x/time v0.13.0 (#7273)
• golang.org/x/sys v0.36.0 (#7273)

Improved

JetStream

• Offline assets support (#7158)
  • Server version 2.12 will introduce new features that would otherwise break a 2.11 server after a downgrade. The server now reports the streams/consumers as offline and unsupported, keeping the data safe, but allowing to either delete the asset or upgrade back to the supported version without changes to the data itself.
• The raftz endpoint now reports the cluster traffic account (#7186)
• The stream info and consumer info endpoints now return leader_since (#7189)
• The stream info and consumer info endpoints now return system_account and traffic_account (#7193)
• The jsz monitoring endpoint now returns system_account and traffic_account (#7193)

Fixed

General

• Fix a panic that could happen at startup if building from source using non-Git version control (#7178)
• Fix an issue where issuing an account JWT update with a connection limit could cause older clients to be disconnected instead of newer ones (#7181, #7185)
• Route connections with invalid credentials will no longer rapidly reconnect (#7200)
• Allow a default_sentinel JWT from a scoped signing key instead of requiring it to solely be a bearer token for auth callout (#7217)
• Subject interest would not always be propagated for leaf nodes when daisy chaining imports/exports (#7255)
• Subject interest would sometimes be lost if the leaf node is a spoke (#7259)
• Lowering the max connections limit should no longer result in streams losing interest (#7258)

JetStream

• The Nats-TTL header will now be correct if the subject delete marker TTL overwrites it (#7177)
• In operator mode, the cluster_traffic state for an account is now restored correctly when enabling JetStream at startup (#7191)
• A potential data race during a consumer create or update when reading its paused state has been fixed (#7201)
• A race condition that could allow creating a consumer with more replicas than the stream has been fixed (#7202)
• A race condition that could allow creating the same stream with different configurations has been fixed (#7210, #7212)
• Raft will now correctly reject delayed entries from an old leader when catching up in the meantime (#7209, #7239)
• Raft will now also limit the amount of cached in-memory entries as the leader, avoiding excessive memory usage (#7233)
• A potential race condition delaying shutdown if a stream/consumer monitor goroutine was not started (#7211)
• A benign underflow when using an infinite (-1) MaxDeliver for consumers (#7216)
• A potential panic to send a leader elected advisory when shutting down before completing startup (#7246)
• Stopping a stream should no longer wait indefinitely if the consumer monitor goroutine wasn’t stopped (#7249)

... (truncated)

• 3c10f16 Release v2.11.9
• e7ee3f1 Cherry-picks for 2.11.9 (#7286)
• 009def0 fix url encoding for ocsp requests
• 39d48b8 Release v2.11.9-RC.3
• cfd563e Cherry-picks for 2.11.9-RC.3 (#7252)
• 5c20268 [FIXED] Empty placement triggers move request
• a0875d4 Fix internal JS clients disconnecting on account updates
• 94f4d99 Add TestJetStreamClusterAccountMaxConnectionsReconnect
• 3464f3f Update to Go 1.24.7
• 343e983 Update GHA workflow dependencies
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)