v4.2.1

2026-04-27

Library updates

• [fix][sec] Upgrade BouncyCastle to 1.84 (CVE-2026-5588, CVE-2026-0636) (#25569)
• [fix][sec] Upgrade Jetty to address CVE-2026-2332 (#25527)
• [fix][sec] Upgrade Jetty to address CVE-2026-5795 (#25532)
• [fix][sec] Upgrade to async-http-client 2.14.5 to address CVE-2026-40490 (#25546)
• [fix][sec] Upgrade to Netty 4.1.132.Final to address CVEs (#25399)
• [fix][sec] Upgrade log4j to 2.25.4 to address CVE-2026-34477, CVE-2026-34478, CVE-2026-34480, CVE-2026-34481
• [fix] Upgrade Jetty to 12.1.6 to fix CVE-2026-1605 (#25485)

Broker

• [fix][broker] Change the schema incompatible log from ERROR to WARN level (#25483)
• [fix][broker] Fix backlog clearing for unloaded namespace bundles (#25272)
• [fix][broker] Lower log level of DrainingHashesTracker not-found entry to DEBUG (#25558)
• [fix][broker] Prevent timed-out producer creation from racing with retry (#25460)
• [fix][broker] pulsar admin stats internal with metadata command (#25557)
• [fix][broker] Revert "[improve][broker] Enhance advertised address resolution with fallback to localhost (#25238)" (#25523)
• [fix][broker] Unthrottle producers immediately when publish rate limiting is disabled (#25502)
• [fix][broker]Namespaces can be created with may empty replication_clusters policy (#25551)
• [fix][admin] Refactor namespace migration operation to async in rest api (#25478)
• [improve][broker] Close connection when close consumer write fails (#25520)
• [improve][broker] Use full bundle name for namespace bundle destination affinity in ModularLoadManagerImpl (#25518)

Client

• [fix][client] Fix thread-safety and refactor MessageCryptoBc key management (#25400)

Pulsar IO and Pulsar Functions

• [fix][io] Restore lz4 compression with Kafka IO connector after #25198 exclusion

Others

• [improve][common] Optimize TopicName.get() to reduce lock contention on cache lookup (#25367)
• [improve][broker] Improve the performance of TopicName constructor (#24463)

Tests & CI

• [fix][ci] Ensure discard_max_bytes is set to 0 only for existing block devices (#25510)
• [fix][test] Extend SameAuthParamsLookupAutoClusterFailoverTest phase timeouts (#25563)
• [fix][test] Fix flaky BrokerRegistryIntegrationTest port binding race (#25463)
• [fix][test] Fix flaky ExtensibleLoadManagerImpl client reconnection tests: PulsarClientException$AlreadyClosedException: Client already closed (#25509)
• [fix][test] Fix flaky ExtensibleLoadManagerTest.startBroker timeout (#25500)
• [fix][test] Fix flaky OffloadPrefixTest.testPositionOnEdgeOfLedger race with ledger rollover (#25561)
• [fix][test] Fix flaky ServerCnxTest.testCreateProducerTimeoutThenCreateSameNamedProducerShouldFail (#25497)
• [fix][test] Fix flaky testLoadBalancerServiceUnitTableViewSyncer (#25427)
• [fix][test] Flaky SameAuthParamsLookupAutoClusterFailoverTest (#25566)
• [fix][test] Recreate EventLoop in PublishRateLimiterTest setup (#25560)
• [fix][test] Relax BrokerRegistryIntegrationTest broker-close threshold (#25562)
• [improve][ci] Cleanup tune-runner-vm and clean-disk actions (#25444)
• [cleanup][ci] Remove documentation label bot (#25469)
• [cleanup][ci] Remove ready-to-test label enforcement (#25470)
• [cleanup][build] Bumped version to 4.2.1-SNAPSHOT
• [fix][build][branch-4.2] Use correct Jetty ee8 BOM coordinates
• [improve][ci] Backport fix for ssh-access action

For the complete list, check the full changelog.

v4.0.10

2026-04-27

Upgrade notice

This release upgrades Jetty from 9.4.x to 12.1.8 to address several high-severity CVEs in Jetty 9.4.x (#25534). For background and discussion, see the dev list thread.

The upgrade introduces the following breaking changes:

1. AdditionalServlet interface change. The org.apache.pulsar.broker.web.plugin.servlet.AdditionalServlet interface was coupled directly to the Jetty 9 org.eclipse.jetty.servlet.ServletHolder class. This coupling has been removed, so external implementations of this plugin API need to be updated.

2. Athenz authentication requires Java 17+. pulsar-client-auth-athenz now depends on Jetty and therefore requires Java 17+. The Pulsar Client and Pulsar Admin client themselves remain Java 8+ compatible.

3. Prometheus metrics provider class relocation. The default Prometheus metrics provider classes for BookKeeper and ZooKeeper have been replaced because the previous defaults depended on Jetty 9.4.x. If you are using the previous default configuration file in your deployment, update the following settings:

   Config file	Setting	Old value	New value
   bookkeeper.conf	statsProviderClass	org.apache.bookkeeper.stats.prometheus.PrometheusMetricsProvider	org.apache.pulsar.metrics.prometheus.bookkeeper.PrometheusMetricsProvider
   zookeeper.conf	metricsProvider.className	org.apache.zookeeper.metrics.prometheus.PrometheusMetricsProvider	org.apache.pulsar.metrics.prometheus.zookeeper.PrometheusMetricsProvider

Users of the Apache Pulsar Helm chart prior to version 4.6.0 will need to set the bookie.configData.statsProviderClass key to org.apache.pulsar.metrics.prometheus.bookkeeper.PrometheusMetricsProvider:

bookie:
  configData:
    statsProviderClass: "org.apache.pulsar.metrics.prometheus.bookkeeper.PrometheusMetricsProvider"

Library updates

• [fix][sec] Upgrade BouncyCastle to 1.84 (CVE-2026-5588, CVE-2026-0636) (#25569)
• [fix][sec] Upgrade to async-http-client 2.14.5 to address CVE-2026-40490 (#25546)
• [fix][sec] Upgrade to Netty 4.1.132.Final to address CVEs (#25399)
• [fix][sec] Bump google.golang.org/grpc from 1.60.0 to 1.79.3 in /pulsar-function-go (#25353)
• [fix][sec] Bump org.apache.zookeeper:zookeeper from 3.9.4 to 3.9.5 (#25303)
• [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)
• [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)
• [fix][sec] Upgrade Python protobuf version to 6.33.5 to address CVE-2026-0994 (#25250)
• [fix][sec][branch-4.0] Upgrade to Jetty 12.1.8 to address several CVEs (#25534)
• [improve][fn] Upgrade Pulsar Python client version to 3.10.0 (#25251)
• [fix][sec] Upgrade log4j to 2.25.4 to address CVE-2026-34477, CVE-2026-34478, CVE-2026-34480, CVE-2026-34481
• [improve] Upgrade RoaringBitmap to 1.6.9 version (#25253)

Broker

• [fix][broker] Change the schema incompatible log from ERROR to WARN level (#25483)
• [fix][broker] Fix backlog clearing for unloaded namespace bundles (#25272)
• [fix][broker] Lower log level of DrainingHashesTracker not-found entry to DEBUG (#25558)
• [fix][broker] Prevent timed-out producer creation from racing with retry (#25460)
• [fix][broker] pulsar admin stats internal with metadata command (#25557)
• [fix][broker] Unthrottle producers immediately when publish rate limiting is disabled (#25502)
• [fix][broker]Namespaces can be created with may empty replication_clusters policy (#25551)
• [fix][admin] Refactor namespace migration operation to async in rest api (#25478)
• [improve][broker] Close connection when close consumer write fails (#25520)
• [improve][broker] Use full bundle name for namespace bundle destination affinity in ModularLoadManagerImpl (#25518)
• [fix][broker] Fix concurrency bug in BucketDelayedDeliveryTracker (#25346)
• [fix][broker] Fix ExtensibleLoadManagerImpl stuck Assigning bundle state after broker restart (#25379)
• [fix][broker] fix flaky test in SystemTopicBasedTopicPoliciesServiceTest (#25098)
• [fix][broker] Fix IllegalArgumentException in BucketDelayedDeliveryTracker.addMessage (#25371)
• [fix][broker] Fix race condition in ServerCnx producer/consumer async callbacks (#25352)
• [fix][broker] Guard AsyncTokenBucket against long overflow (#25262)
• [fix][broker] Handle missing replicator during snapshot request processing (#25266)
• [fix][broker] Return failed future instead of throwing exception in async methods (#25289)
• [fix][broker] Support namespace unsubscribe when bundles are unloaded (#25276)
• [fix][broker]Producer with AUTO_PRODUCE schema failed to reconnect, which caused by schema incompatible (#25437)
• [fix][broker]system topic was created with different partitions acrossing clusters after enabled namespace-level replication (#25312)
• [fix][admin] Refactor namespace anti affinity group sync operations to async in rest api (#25086)
• [fix][offload] Close all resources in BlobStoreBackedReadHandleImplV2.closeAsync (#25296)
• [improve][broker] Change log level from warn to debug when cursor mark-deleted position ledger doesn't exist (#25200)
• [improve][broker] Optimize AsyncTokenBucket overflow solution further to reduce fallback to BigInteger (#25269)
• [improve][broker]Reduce the lock range of SimpleCache to enhance performance (#25293)
• [refactor][broker] Decouple delayed delivery trackers from dispatcher (#25384)

Client

• [fix][client] Fix thread-safety and refactor MessageCryptoBc key management (#25400)
• [fix][client] Fail messages immediately in ProducerImpl when in terminal state (#25317)
• [fix][client] Fix async APIs to return failed futures on validation errors (#25287)
• [fix][client] Reduce logging in OAuth auth to fix parsing of Pulsar cli command output (#25254)
• [improve][client][branch-4.0] Deduplicate in-progress lookup requests also for HttpLookupService (#25017)

Pulsar IO and Pulsar Functions

• [fix][io][kca] kafka headers silently dropped (#25325)
• [fix][io] Restore lz4 compression with Kafka IO connector after #25198 exclusion

Others

• [improve][common] Optimize TopicName.get() to reduce lock contention on cache lookup (#25367)
• [improve][broker] Improve the performance of TopicName constructor (#24463)
• [feat][bookkeeper] add certs refresh (#25370)

Tests & CI

• [fix][ci] Ensure discard_max_bytes is set to 0 only for existing block devices (#25510)
• [fix][test] Extend SameAuthParamsLookupAutoClusterFailoverTest phase timeouts (#25563)
• [fix][test] Fix flaky BrokerRegistryIntegrationTest port binding race (#25463)
• [fix][test] Fix flaky ExtensibleLoadManagerImpl client reconnection tests: PulsarClientException$AlreadyClosedException: Client already closed (#25509)
• [fix][test] Fix flaky ExtensibleLoadManagerTest.startBroker timeout (#25500)
• [fix][test] Fix flaky OffloadPrefixTest.testPositionOnEdgeOfLedger race with ledger rollover (#25561)
• [fix][test] Fix flaky ServerCnxTest.testCreateProducerTimeoutThenCreateSameNamedProducerShouldFail (#25497)
• [fix][test] Fix flaky testLoadBalancerServiceUnitTableViewSyncer (#25427)
• [fix][test] Flaky SameAuthParamsLook...

v3.0.17

2026-04-27

Library updates

• [fix][sec] Upgrade BouncyCastle to 1.84 (CVE-2026-5588, CVE-2026-0636) (#25569)
• [fix][sec] Upgrade to async-http-client 2.14.5 to address CVE-2026-40490 (#25546)
• [fix][sec] Upgrade to Netty 4.1.132.Final to address CVEs (#25399)
• [fix][sec] Bump org.apache.zookeeper:zookeeper from 3.9.4 to 3.9.5 (#25303)
• [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)
• [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)
• [fix][sec] Upgrade Python protobuf version to 6.33.5 to address CVE-2026-0994 (#25250)
• [improve][fn] Upgrade Pulsar Python client version to 3.10.0 (#25251)
• [fix][sec] Exclude org.lz4:lz4-java and standardize on at.yawk.lz4-java to remediate CVE-2025-12183 and CVE-2025-66566 (#25198)
• [fix][sec] Override kafka-clients in kinesis-kpl-shaded to remediate CVE-2024-31141 and CVE-2025-27817 (#24935)
• [fix][sec] Upgrade log4j to 2.25.4 to address CVE-2026-34477, CVE-2026-34478, CVE-2026-34480, CVE-2026-34481 (#25521)
• [fix][sec]Upgrade jackson to 2.17.2 (#23174)
• [improve] Upgrade Netty to 4.1.131.Final (#25232)

Broker

• [improve][broker] Close connection when close consumer write fails (#25520)

Client

• [fix][client] Fail messages immediately in ProducerImpl when in terminal state (#25317)

Pulsar IO and Pulsar Functions

• [fix][io] Restore lz4 compression with Kafka IO connector after #25198 exclusion

Others

• [improve][common] Optimize TopicName.get() to reduce lock contention on cache lookup (#25367)
• [improve][broker] Improve the performance of TopicName constructor (#24463)

Tests & CI

• [improve][ci] Cleanup tune-runner-vm and clean-disk actions (#25444)
• [cleanup][ci] Remove documentation label bot (#25469)
• [cleanup][ci] Remove ready-to-test label enforcement (#25470)
• [fix][ci] Fix .github/actions/ssh-access which is used for debugging Pulsar CI in forks (#25075)
• [fix][test] Stabilize FunctionAssignmentTailerTest.testErrorNotifier by synchronizing mock stubbing with CountDownLatch (#24875)
• [cleanup][build] Bumped version to 3.0.17-SNAPSHOT
• [fix][build][branch-3.0] Fix presto-distribution license file
• [fix][build][branch-3.0] Fix trino license
• [fix][build][branch-3.0] Fix trino license file
• [fix][ci][branch-3.0] Fix docker daemon configuration for branch-3.0
• [fix][ci][branch-3.0] Revert adding min-api-version: 1.24 to /etc/docker/daemon.json
• [improve][ci] Backport fix for ssh-access action

For the complete list, check the full changelog.

v4.2.0

2026-04-01

Approved PIPs

• PIP-434: Expose Netty channel configuration WRITE_BUFFER_WATER_MARK to pulsar conf and pause receive requests when channel is unwritable
• PIP-437: Granular and Fixed-Delay Policies for Message Delivery
• PIP-439: Adding Transaction Support to Pulsar Functions Through Managed Transaction Wrapping
• PIP-442: Add memory limits for CommandGetTopicsOfNamespace and CommandWatchTopicList on Broker and Proxy
• PIP-443: Stop using Netty Recycler in new code
• PIP-444: Rate limit for deleting ledger to alleviate the zk pressure.
• PIP-446: Support Native OpenTelemetry Tracing in Pulsar Java Client
• PIP-447: Customizable Prometheus Labels for Topic Metrics
• PIP-452: Customizable topic listing of namespace with properties
• PIP-453: Improve the metadata store threading model
• PIP-454: Metadata Store Migration Framework
• PIP-464: Deprecate legacy Jackson JsonSchema format for SchemaType.JSON

Library updates

• [improve][broker] Upgrade bookkeeper to 4.17.3 (#25166)
• [improve][ml] Upgrade Oxia client to 0.7.0 (#24824)
• [fix][sec] Added Exclusions for tomcat-embed-core and derby and override mina-core to remediate CVEs (#24949)
• [fix][sec] Bump at.yawk.lz4:lz4-java from 1.9.0 to 1.10.1 in /pulsar-common (#25045)
• [fix][sec] Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in /pulsar-function-go (#24987)
• [fix][sec] Bump google.golang.org/grpc from 1.60.0 to 1.79.3 in /pulsar-function-go (#25353)
• [fix][sec] Bump io.vertx:vertx-web from 4.5.10 to 4.5.22 (#24889)
• [fix][sec] Bump org.apache.solr:solr-core from 9.8.0 to 9.10.1 in /pulsar-io/solr (#25175)
• [fix][sec] Bump org.apache.zookeeper:zookeeper from 3.9.4 to 3.9.5 (#25303)
• [fix][sec] Eliminate commons-collections dependency (#25024)
• [fix][sec] Exclude org.lz4:lz4-java and standardize on at.yawk.lz4-java to remediate CVE-2025-12183 and CVE-2025-66566 (#25198)
• [fix][sec] Override commons-beanutils and commons-configuration2 to remediate CVEs (#24936)
• [fix][sec] Override kafka-clients in kinesis-kpl-shaded to remediate CVE-2024-31141 and CVE-2025-27817 (#24935)
• [fix][sec] Override msgpack-core to 0.9.11 to address CVE-2026-21452 (#25233)
• [fix][sec] Override nimbus-jose-jwt to remediate CVE-2023-52428 and CVE-2025-53864 (#24937)
• [fix][sec] Update Hbase version to 2.6.3-hadoop3 and exclude Avro from hbase-client to remediate CVEs (#24953)
• [fix][sec] Upgrade aircompressor to 2.0.3 to resolve CVE-2025-67721 (#25256)
• [fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to remediate CVE-2025-8916 (#24923)
• [fix][sec] Upgrade hadoop3 version from 3.4.0 to 3.4.1 (#24950)
• [fix][sec] Upgrade Jackson version to 2.18.6 (#25264)
• [fix][sec] Upgrade Jetty to 9.4.58.v20250814 to address CVE-2025-5115 (#24897)
• [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095)
• [fix][sec] Upgrade log4j to 2.25.3 to address CVE-2025-68161 (#25102)
• [fix][sec] Upgrade Netty to 4.1.127.Final to address CVEs (#24717)
• [fix][sec] Upgrade Netty to 4.1.130.Final (#25078)
• [fix][sec] Upgrade OpenSearch to 2.19.4 to remediate CVE-2025-9624 (#25206)
• [fix][sec] Upgrade Python protobuf version to 6.33.5 to address CVE-2026-0994 (#25250)
• [fix][sec] Upgrade Spring to 6.2.12 to remediate CVE-2025-22233 and CVE-2025-41249 (#24903)
• [fix][sec] Upgrade vertx to address CVE-2026-1002 (#25152)
• [fix][build] Fix Eclipse/VSCode support after Jetty 12 upgrade (#25169)
• [fix][build] Fix IntelliJ build after Jetty 12 upgrade (#25155)
• [fix][ci] Fix CI for Java 25 including upgrade of Gradle Develocity Maven extension (#24767)
• [improve][fn] Upgrade Kubernetes client-java version to 23.0.0 and add k8s e2e integration tests (#25000)
• [improve][fn] Upgrade Pulsar Python client version to 3.10.0 (#25251)
• [fix][test] Upgrade docker-java to 3.7.0 (#25209)
• [improve][io] Replace Qpid in tests with RabbitMQ in Testcontainers and upgrade RabbitMQ client version (#25085)
• [improve][io] Upgrade Debezium to 3.4.2 and Kafka Client/Connect to 4.1.1 (#25335)
• [improve][io] Upgrade Debezium version to 3.2.4.Final (#24896)
• [improve][io] Upgrade Debezium version to 3.2.5.Final (#25029)
• [improve][io] Upgrade to Debezium 3.2.2 (#24712)
• [improve][monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 (#24994)
• [improve][build] Upgrade Apache Parent POM to version 35 (#24742)
• [improve][build] Upgrade errorprone to 2.45.0 version (#25054)
• [improve][build] Upgrade LightProto to 0.6.1 (#25332)
• [improve][build] Upgrade Lombok to 1.18.42 to fully support JDK25 (#24763)
• [improve][build] Upgrade Mockito, AssertJ and ByteBuddy to fully support JDK25 (#24764)
• [improve][build] Upgrade SpotBugs to a version that supports JDK25 (#24768)
• [improve][build] Upgrade Testcontainers to 1.21.3 (#24982)
• [improve][ci] Upgrade GitHub Actions workflows to use ubuntu-24.04 (#24841)
• [improve][misc] Upgrade jjwt library version to 0.13.0 (#25043)
• [improve][misc] Upgrade Netty to 4.1.128.Final (#24911)
• [improve][misc] Upgrade snappy version to 1.1.10.8 (#25182)
• [improve][misc] Upgrade to Alpine 3.23 (#25180)
• [improve][misc] Upgrade to Jetty 12.1.x (#25100)
• [feat][meta] upgrade oxia version to 0.7.2 (#24976)
• [feat][misc] upgrade oxia version to 0.6.2 (#24689)
• [fix] Upgrade gson to 2.13.2 (#25022)
• [improve] Upgrade Alpine base image to 3.22 version (#24840)
• [improve] Upgrade Apache Commons library versions (#24983)
• [improve] Upgrade Caffeine to 3.2.3 (#24984)
• [improve] Upgrade Log4j2 to 2.25.2 and slf4j to 2.0.17 (#24985)
• [improve] Upgrade Netty to 4.1.131.Final (#25232)
• [improve] Upgrade RoaringBitmap to 1.6.9 version (#25253)
• [fix] Update gRPC to 1.75.0 (#24813)
• [fix] Exclude commons-lang dep from bookkeeper (#24749)
• [improve] replace jcip annotations to jsr305 annotations (#25252)

Broker

• [fix][broker] Add schema version in rest produce api (#25004)
• [fix][broker] Allow intermittent error from topic policies service when loading topics...

v4.1.3

2026-02-19

Library updates

• [improve][broker] Upgrade bookkeeper to 4.17.3 (#25166)
• [fix][sec] Bump at.yawk.lz4:lz4-java from 1.9.0 to 1.10.1 in /pulsar-common (#25045)
• [fix][sec] Bump org.apache.solr:solr-core from 9.8.0 to 9.10.1 in /pulsar-io/solr (#25175)
• [fix][sec] Eliminate commons-collections dependency (#25024)
• [fix][sec] Exclude org.lz4:lz4-java and standardize on at.yawk.lz4-java to remediate CVE-2025-12183 and CVE-2025-66566 (#25198)
• [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095)
• [fix][sec] Upgrade log4j to 2.25.3 to address CVE-2025-68161 (#25102)
• [fix][sec] Upgrade Netty to 4.1.130.Final (#25078)
• [fix][sec] Upgrade OpenSearch to 2.19.4 to remediate CVE-2025-9624 (#25206)
• [fix][sec] Upgrade vertx to address CVE-2026-1002 (#25152)
• [fix][test] Upgrade docker-java to 3.7.0 (#25209)
• [improve][io] Upgrade Debezium version to 3.2.5.Final (#25029)
• [improve][monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 (#24994)
• [improve][misc] Upgrade snappy version to 1.1.10.8 (#25182)
• [feat][meta] upgrade oxia version to 0.7.2 (#24976)
• [fix] Upgrade gson to 2.13.2 (#25022)
• [improve] Upgrade Apache Commons library versions (#24983)
• [improve] Upgrade Caffeine to 3.2.3 (#24984)
• [improve] Upgrade Log4j2 to 2.25.2 and slf4j to 2.0.17 (#24985)
• [improve] Upgrade Netty to 4.1.131.Final (#25232)
• [fix][sec] Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in /pulsar-function-go (#24987)

Broker

• [fix][broker] Add schema version in rest produce api (#25004)
• [fix][broker] Avoid split non-existent bundle (#25031)
• [fix][broker] Fence reset cursor by timestamp to avoid concurrent timestamp-based position lookups (#25151)
• [fix][broker] Fix chunked message loss when no consumers are available (#25077)
• [fix][broker] Fix compaction horizon might be reset to an old position when phase two is interrupted (#25119)
• [fix][broker] Fix creation of replicated subscriptions for partitioned topics (#24997)
• [fix][broker] Fix cursor position persistence in ledger trimming (#25087)
• [fix][broker] Fix httpProxyTimeout config (#25223)
• [fix][broker] Fix incomplete futures in topic property update/delete methods (#25228)
• [fix][broker] Fix issue with schemaValidationEnforced in geo-replication (#25012)
• [fix][broker] Fix ManagedCursorImpl.asyncDelete() method may lose previous async mark delete properties in race condition (#25165)
• [fix][broker] Fix markDeletedPosition race condition in ManagedLedgerImpl.maybeUpdateCursorBeforeTrimmingConsumedLedger() method (#25110)
• [fix][broker] Fix MultiRolesTokenAuthorizationProvider error when subscription prefix doesn't match. (#25121)
• [fix][broker] Fix potential NPE in InMemTransactionBuffer.appendBufferToTxn by returning a valid Position (#25039)
• [fix][broker] fix prepareInitPoliciesCacheAsync in SystemTopicBasedTopicPoliciesService (#24980)
• [fix][broker] Fix regex matching of namespace name which might contain a regex char (#25136)
• [fix][broker] Fix transactionMetadataFuture completeExceptionally with null value (#25231)
• [fix][broker] Fix various error-prone detected errors mainly in logging and String.format parameters (#25059)
• [fix][broker] Force EnsemblePolicies to resolve network location after rackInfoMap is updated due to changes in /ledgers/available znode (#25067)
• [fix][broker] PIP-442: Fix race condition in async semaphore permit updates that causes memory limits to become ineffective (#25066)
• [fix][broker] Prevent missed topic changes in topic watchers and schedule periodic refresh with patternAutoDiscoveryPeriod interval (#25188)
• [fix][broker]Fix incorrect backlog if use multiple acknowledge types on the same subscription (#25047)
• [fix][broker]Fix ledgerHandle failed to read by using new BK API (#25199)
• [fix][broker]Fix memory leak when using a customized ManagedLedger implementation (#25016)
• [fix][broker]Incorrect backlog that is larger than expected (#25037)
• [fix][broker]Infinitely failed to delete topic if the first time failed and enabled transaction (#25073)
• [fix][broker]pulsar_ml_reads_inflight_bytes and pulsar_ml_reads_available_inflight_bytes are 0 at the same time (#25105)
• [fix][broker]Topic deleting failed after removed local cluster from namespace policies (#25114)
• [fix][broker]Wrong backlog: expected 0 but got 1 (#24938)
• [fix][admin] Fix offload policy incompatible issue. (#25149)
• [fix][admin] Refactor bookie affinity group sync operations to async in rest api (#25050)
• [fix][ml] Fix cursor backlog size to account for individual acks (#25089)
• [fix][ml] Fix NoSuchElementException in EntryCountEstimator caused by a race condition (#25177)
• [fix][ml] Retry offload reads when OffloadReadHandleClosedException is encountered (#25148)
• [fix][meta] Metadata cache refresh might not take effect (#25246)
• [improve][broker] Add idle timeout support for http (#25224)
• [improve][broker] Add strictAuthMethod to require explicit authentication method (#25185)
• [improve][broker] Change log level from warn to debug when cursor mark-deleted position ledger doesn't exist (#25200)
• [improve][broker] Change the log level from error to info when throwing NotAllowedException (#25130)
• [improve][broker] Enhance logging for adding schema failures in ServerCnx (#25048)
• [improve][broker] Ensure metadata session state visibility and improve Unstable observability for ServiceUnitStateChannelImpl (#25132)
• [improve][broker] Fix replicated subscriptions race condition with mark delete update and snapshot completion (#16651)
• [improve][broker] Fix thread safety issue in ManagedCursorImpl.removeProperty (#25104)
• [improve][broker] Give the detail error msg when authenticate failed with AuthenticationException (#25221)
• [improve][broker] Improve replicated subscription snapshot cache so that subscriptions can be replicated when mark delete position update is not frequent (#25044)
• [improve][broker] Optimize Reader creation in TopicPoliciesService (#24658)
• [improve][broker] PIP-442: Add memory limits for topic list watcher (part 2) (#25070)
• [improve][broker] Use atomic counter for ongoing transaction count (#25053)
• [improve][broker]Add test for getting partitioned topic metadata with PulsarAdmin client (#25026)
• [improve][broker]Improve error response of failed to delete topic if it has replicators connected (#24975)
• [improve][broker]Remove the warn log that frequently prints (#25018)
• [improve][admin] ...

v4.0.9

2026-02-19

Library updates

• [improve][broker] Upgrade bookkeeper to 4.17.3 (#25166)
• [fix][sec] Bump at.yawk.lz4:lz4-java from 1.9.0 to 1.10.1 in /pulsar-common (#25045)
• [fix][sec] Bump org.apache.solr:solr-core from 9.8.0 to 9.10.1 in /pulsar-io/solr (#25175)
• [fix][sec] Eliminate commons-collections dependency (#25024)
• [fix][sec] Exclude org.lz4:lz4-java and standardize on at.yawk.lz4-java to remediate CVE-2025-12183 and CVE-2025-66566 (#25198)
• [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095)
• [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095)
• [fix][sec] Upgrade log4j to 2.25.3 to address CVE-2025-68161 (#25102)
• [fix][sec] Upgrade Netty to 4.1.130.Final (#25078)
• [fix][sec] Upgrade OpenSearch to 2.19.4 to remediate CVE-2025-9624 (#25206)
• [fix][sec] Upgrade vertx to address CVE-2026-1002 (#25152)
• [fix][test] Upgrade docker-java to 3.7.0 (#25209)
• [improve][monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 (#24994)
• [improve][monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 (#24994)
• [improve][misc] Upgrade snappy version to 1.1.10.8 (#25182)
• [feat][meta] upgrade oxia version to 0.7.2 (#24976)
• [fix] Upgrade gson to 2.13.2 (#25022)
• [improve] Upgrade Apache Commons library versions (#24983)
• [improve] Upgrade Log4j2 to 2.25.2 and slf4j to 2.0.17 (#24985)
• [improve] Upgrade Netty to 4.1.131.Final (#25232)
• [fix][sec] Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in /pulsar-function-go (#24987)

Broker

• [fix][broker] Add schema version in rest produce api (#25004)
• [fix][broker] Avoid split non-existent bundle (#25031)
• [fix][broker] Fence reset cursor by timestamp to avoid concurrent timestamp-based position lookups (#25151)
• [fix][broker] Fix chunked message loss when no consumers are available (#25077)
• [fix][broker] Fix compaction horizon might be reset to an old position when phase two is interrupted (#25119)
• [fix][broker] Fix creation of replicated subscriptions for partitioned topics (#24997)
• [fix][broker] Fix cursor position persistence in ledger trimming (#25087)
• [fix][broker] Fix httpProxyTimeout config (#25223)
• [fix][broker] Fix incomplete futures in topic property update/delete methods (#25228)
• [fix][broker] Fix issue with schemaValidationEnforced in geo-replication (#25012)
• [fix][broker] Fix ManagedCursorImpl.asyncDelete() method may lose previous async mark delete properties in race condition (#25165)
• [fix][broker] Fix markDeletedPosition race condition in ManagedLedgerImpl.maybeUpdateCursorBeforeTrimmingConsumedLedger() method (#25110)
• [fix][broker] Fix MultiRolesTokenAuthorizationProvider error when subscription prefix doesn't match. (#25121)
• [fix][broker] Fix potential NPE in InMemTransactionBuffer.appendBufferToTxn by returning a valid Position (#25039)
• [fix][broker] fix prepareInitPoliciesCacheAsync in SystemTopicBasedTopicPoliciesService (#24980)
• [fix][broker] Fix regex matching of namespace name which might contain a regex char (#25136)
• [fix][broker] Fix transactionMetadataFuture completeExceptionally with null value (#25231)
• [fix][broker] Fix various error-prone detected errors mainly in logging and String.format parameters (#25059)
• [fix][broker] Force EnsemblePolicies to resolve network location after rackInfoMap is updated due to changes in /ledgers/available znode (#25067)
• [fix][broker] PIP-442: Fix race condition in async semaphore permit updates that causes memory limits to become ineffective (#25066)
• [fix][broker] Prevent missed topic changes in topic watchers and schedule periodic refresh with patternAutoDiscoveryPeriod interval (#25188)
• [fix][broker]Fix incorrect backlog if use multiple acknowledge types on the same subscription (#25047)
• [fix][broker]Fix ledgerHandle failed to read by using new BK API (#25199)
• [fix][broker]Fix memory leak when using a customized ManagedLedger implementation (#25016)
• [fix][broker]Incorrect backlog that is larger than expected (#25037)
• [fix][broker]Infinitely failed to delete topic if the first time failed and enabled transaction (#25073)
• [fix][broker]pulsar_ml_reads_inflight_bytes and pulsar_ml_reads_available_inflight_bytes are 0 at the same time (#25105)
• [fix][broker]Topic deleting failed after removed local cluster from namespace policies (#25114)
• [fix][broker]Wrong backlog: expected 0 but got 1 (#24938)
• [fix][admin] Fix offload policy incompatible issue. (#25149)
• [fix][admin] Refactor bookie affinity group sync operations to async in rest api (#25050)
• [fix][ml] Fix cursor backlog size to account for individual acks (#25089)
• [fix][ml] Fix NoSuchElementException in EntryCountEstimator caused by a race condition (#25177)
• [fix][ml] Retry offload reads when OffloadReadHandleClosedException is encountered (#25148)
• [fix][meta] Metadata cache refresh might not take effect (#25246)
• [improve][broker] Add idle timeout support for http (#25224)
• [improve][broker] Add strictAuthMethod to require explicit authentication method (#25185)
• [improve][broker] Change the log level from error to info when throwing NotAllowedException (#25130)
• [improve][broker] Enhance logging for adding schema failures in ServerCnx (#25048)
• [improve][broker] Ensure metadata session state visibility and improve Unstable observability for ServiceUnitStateChannelImpl (#25132)
• [improve][broker] Fix replicated subscriptions race condition with mark delete update and snapshot completion (#16651)
• [improve][broker] Fix thread safety issue in ManagedCursorImpl.removeProperty (#25104)
• [improve][broker] Give the detail error msg when authenticate failed with AuthenticationException (#25221)
• [improve][broker] Improve replicated subscription snapshot cache so that subscriptions can be replicated when mark delete position update is not frequent (#25044)
• [improve][broker] Optimize Reader creation in TopicPoliciesService (#24658)
• [improve][broker] PIP-442: Add memory limits for topic list watcher (part 2) (#25070)
• [improve][broker] Use atomic counter for ongoing transaction count (#25053)
• [improve][broker]Add test for getting partitioned topic metadata with PulsarAdmin client (#25026)
• [improve][broker]Improve error response of failed to delete topic if it has replicators connected (#24975)
• [improve][broker]Remove the warn log that frequently prints (#25018)
• [improve][admin] Add counter for marker messages in PersistentTopics.analyzeSubscriptionBacklog() rest a...

v3.0.16

2026-02-16

Library updates

• [fix][sec] Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in /pulsar-function-go (#24987)
• [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095)
• [fix][sec] Upgrade log4j to 2.25.3 to address CVE-2025-68161 (#25102)
• [fix][sec] Upgrade Netty to 4.1.130.Final (#25078)
• [fix][sec] Upgrade vertx to address CVE-2026-1002 (#25152)
• [fix][test] Upgrade docker-java to 3.7.0 (#25209)
• [fix] Upgrade gson to 2.13.2 (#25022)

Broker

• [fix][broker] Fix chunked message loss when no consumers are available (#25077)
• [fix][broker] Fix creation of replicated subscriptions for partitioned topics (#24997)
• [fix][broker] Fix httpProxyTimeout config (#25223)
• [fix][broker] Fix incomplete futures in topic property update/delete methods (#25228)
• [fix][broker] Fix issue with schemaValidationEnforced in geo-replication (#25012)
• [fix][broker] Fix MultiRolesTokenAuthorizationProvider error when subscription prefix doesn't match. (#25121)
• [fix][broker] Fix regex matching of namespace name which might contain a regex char (#25136)
• [fix][broker] Fix transactionMetadataFuture completeExceptionally with null value (#25231)
• [fix][broker] Fix various error-prone detected errors mainly in logging and String.format parameters (#25059)
• [fix][broker] Force EnsemblePolicies to resolve network location after rackInfoMap is updated due to changes in /ledgers/available znode (#25067)
• [fix][broker] Use poll instead remove to avoid NoSuchElementException (#24933)
• [fix][broker][branch-3.0] fix prepareInitPoliciesCacheAsync in SystemTopicBasedTopicPoliciesService (#24978)
• [fix][admin] Fix asyncGetRequest to handle 204 (#25124)
• [fix][ml] Fix NoSuchElementException in EntryCountEstimator caused by a race condition (#25177)
• [fix][meta] Use getChildrenFromStore to read children data to avoid lost data (#24665)
• [improve][broker] Give the detail error msg when authenticate failed with AuthenticationException (#25221)
• [improve][ml] Optimize ledger opening by skipping fully acknowledged ledgers (#24655)
• [improve][meta] Improve fault tolerance of blocking calls by supporting timeout (#21028)
• [fix] Handle TLS close_notify to avoid SslClosedEngineException: SSLEngine closed already (#24986)

Client

• [fix][client] Fix AutoProduceBytesSchema.clone() method (#25015)
• [fix][client] Fix double recycling of the message in isValidConsumerEpoch method (#25008)
• [fix][client] Fix invalid parameter type passed to Map.get in TopicsImpl.getListAsync method (#25069)
• [fix][client] Fix producer synchronous retry handling in failPendingMessages method (#25207)
• [fix][client] Fix race condition between isDuplicate() and flushAsync() method in PersistentAcknowledgmentsGroupingTracker due to incorrect use Netty Recycler (#25208)
• [fix][client] Fix thread-safety of AutoProduceBytesSchema (#25014)
• [fix][client] PIP-84: Skip processing a message in the message listener if the consumer epoch is no longer valid (#25007)
• [fix][client] Skip processing messages in the listener when the consumer has been closed (#25006)
• [fix][client]Producer stuck or geo-replication stuck due to wrong value of message.numMessagesInBatch (#25106)
• [improve][client] Test no exception could be thrown for invalid epoch in message (#25013)
• [fix] Handle TLS close_notify to avoid SslClosedEngineException: SSLEngine closed already (#24986)

Pulsar IO and Pulsar Functions

• [fix][fn] complete flushAsync before closeAsync in ProducerCache and wait for completion in closing the cache (#25140)
• [fix][fn] Fix graceful Pulsar Function shutdown so that consumers and producers are closed (#25157)

Others

• [fix][proxy] Close client connection immediately when credentials expire and forwardAuthorizationCredentials is disabled (#25179)
• [fix][proxy] Fix memory leaks in ParserProxyHandler (#25142)
• [improve][proxy] Add regression tests for package upload with 'Expect: 100-continue' (#25211)
• [fix][misc] Allow JWT tokens in OpenID auth without nbf claim (#25197)
• [improve] Eliminate unnecessary duplicate schema lookups for partitioned topics in client and geo-replication (#25011)

Tests & CI

• [fix][build] Remove Confluent and Restlet maven repositories from top level pom.xml (#24981)
• [improve][test][branch-3.0] Add test for issue #25220

For the complete list, check the full changelog.

v4.1.2

2025-11-17

Library updates

• [fix] Update gRPC to 1.75.0 (#24813)
• [improve][misc] Upgrade Netty to 4.1.128.Final (#24911)
• [improve] Upgrade Alpine base image to 3.22 version (#24840)
• [improve][ml] Upgrade Oxia client to 0.7.0 (#24824)
• [fix][sec] Added Exclusions for tomcat-embed-core and derby and override mina-core to remediate CVEs (#24949)
• [fix][sec] Bump io.vertx:vertx-web from 4.5.10 to 4.5.22 (#24889)
• [fix][sec] Override commons-beanutils and commons-configuration2 to remediate CVEs (#24936)
• [fix][sec] Override kafka-clients in kinesis-kpl-shaded to remediate CVE-2024-31141 and CVE-2025-27817 (#24935)
• [fix][sec] Override nimbus-jose-jwt to remediate CVE-2023-52428 and CVE-2025-53864 (#24937)
• [fix][sec] Update Hbase version to 2.6.3-hadoop3 and exclude Avro from hbase-client to remediate CVEs (#24953)
• [fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to remediate CVE-2025-8916 (#24923)
• [fix][sec] Upgrade hadoop3 version from 3.4.0 to 3.4.1 (#24950)
• [fix][sec] Upgrade Jetty to 9.4.58.v20250814 to address CVE-2025-5115 (#24897)
• [fix][sec] Upgrade Spring to 6.2.12 to remediate CVE-2025-22233 and CVE-2025-41249 (#24903)
• [improve][io] Upgrade Debezium version to 3.2.4.Final (#24896)
• [improve][ci] Upgrade GitHub Actions workflows to use ubuntu-24.04 (#24841)

Broker

• [fix][broker] Allow intermittent error from topic policies service when loading topics (#24829)
• [fix][broker] AvgShedder comparison error (#24954)
• [fix][broker] Avoid recursive update in ConcurrentHashMap during policy cache cleanup (#24939)
• [fix][broker] BacklogMessageAge is not reset when cursor mdPosition is on an open ledger (#24915)
• [fix][broker] Ensure LoadSheddingTask is scheduled after metadata service is available again (#24838)
• [fix][broker] ExtensibleLoadManager: handle SessionReestablished and Reconnected events to re-register broker metadata (#24932)
• [fix][broker] Fix bug in PersistentMessageExpiryMonitor which blocked further expirations (#24941)
• [fix][broker] fix getMaxReadPosition in TransactionBufferDisable should return latest (#24898)
• [fix][broker] Fix incorrect topic loading latency metric and timeout might not be respected (#24785)
• [fix][broker] Fix stack overflow caused by race condition when closing a connection (#24934)
• [fix][broker] Fix totalAvailablePermits not reduced when removing consumer from non-persistent dispatcher (#24885)
• [fix][broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namespace policies updating (#24860)
• [fix][broker] Flaky-test: ExtensibleLoadManagerImplTest.testDisableBroker (#24770)
• [fix][broker] Flaky-test: TopicTransactionBufferTest.testMessagePublishInOrder (#24826)
• [fix][broker] Run ResourceGroup tasks only when tenants/namespaces registered (#24859)
• [fix][broker] Stop to retry to read entries if the replicator has terminated (#24880)
• [fix][broker] Trigger topic creation event only once for non-existent topic (#24802)
• [fix][broker] Use poll instead remove to avoid NoSuchElementException (#24933)
• [fix][broker]Leaving orphan schemas and topic-level policies after partitioned topic is deleted by GC (#24971)
• [fix][broker]Transactional messages can never be sent successfully if concurrently taking transaction buffer snapshot (#24945)
• [fix][admin] Set local policies overwrites "number of bundles" passed during namespace creation (#24762)
• [fix][ml] Fix getNumberOfEntries may point to deleted ledger (#24852)
• [fix][ml] Fix ledger trimming race causing cursor to point to deleted ledgers (#24855)
• [fix][ml] PIP-430: Fix concurrency issue in MessageMetadata caching and improve caching (#24836)
• [fix]Fixed getChildren('/') on Oxia based provider (#24863)
• [improve][broker] Add tests for using absolute FQDN for advertisedAddress and remove extra dot from brokerId (#24787)
• [improve][broker] Cache last publish timestamp for idle topics to reduce storage reads (#24825)
• [improve][broker] Don't log an error when updatePartitionedTopic is called on a non-partitioned topic (#24943)
• [improve][broker] Optimize lookup result warn log (#24942)
• [improve][broker] Part-1 of PIP-434: Expose Netty channel configuration WRITE_BUFFER_WATER_MARK to pulsar conf and pause receive requests when channel is unwritable (#24423)
• [improve][broker] Part-2 of PIP-434: Use ServerCnxThrottleTracker, instead of modifying channel.readable directly (#24799)
• [improve][broker] PIP-434: add configurations to broker.conf (#24800)
• [improve][broker] Reduce the broker close time to avoid useless wait for event loop shutdown (#24895)
• [improve][broker] Replace isServiceUnitActiveAsync with checkTopicNsOwnership (#24780)
• [improve][broker]Call scheduleAtFixedRateNonConcurrently for scheduled tasks, instead of scheduleAtFixedRate (#24596)
• [improve][broker]Improve NamespaceService log that is printed when cluster was removed (#24801)
• [improve][broker]Skip to mark delete if the target position of expira… (#24881)
• [fix][txn] fix concurrent error cause txn stuck in TransactionBufferHandlerImpl#endTxn (#23551)
• [cleanup][broker] Remove unused configuration maxMessageSizeCheckIntervalInSeconds (#24958)
• [feat][monitor] Add ML write latency histogram and entry size histogram as OTel metrics (#24815)
• [feat][monitor] Add publish latency histogram as OTel metrics (#24810)
• [feat] PIP-442: Add memory limits for CommandGetTopicsOfNamespace (#24833)

Client

• [fix][client] Add description method to ClientBuilder (#24728)
• [fix][client] Fix deduplication for getPartitionedTopicMetadata to include method parameters (#24965)
• [fix][client] Fix getPendingQueueSize for PartitionedTopicProducerStatsRecorderImpl: avoid NPE and implement aggregation (#24830)
• [fix][client] Fix PulsarAdmin description check and add test (#24734)
• [fix][client] Fix thread leak in reloadLookUp method which is used by ServiceUrlProvider (#24794)
• [fix][client] Make auto partitions update work for old brokers without PIP-344 (#24822)
• [improve][client] Allow adding custom description to User-Agent header (#24729)
• [improve][client] Deduplicate getTopicsUnderNamespace in BinaryProtoLookupService (#24962)
• [improve][client] PIP-420: Update the schema ID format (#24798)
• [improve][client]Add null check for Pulsar client clock configuration (#24848)
• [feat][client] Implement PIP-234 for sharing thread pools and DNS resolver/cache across multiple Pulsar Client instances (#24790)
• [feat][client] PIP-234: Support shared resources in PulsarAdmin to reduce thread usage (#24893)
• [improve][client/broker] Add Dns...

v4.0.8

2025-11-17

Library updates

• [fix] Update gRPC to 1.75.0 (#24813)
• [improve][misc] Upgrade Netty to 4.1.128.Final (#24911)
• [improve][ml] Upgrade Oxia client to 0.7.0 (#24824)
• [fix][sec] Added Exclusions for tomcat-embed-core and derby and override mina-core to remediate CVEs (#24949)
• [fix][sec] Bump io.vertx:vertx-web from 4.5.10 to 4.5.22 (#24889)
• [fix][sec] Override commons-beanutils and commons-configuration2 to remediate CVEs (#24936)
• [fix][sec] Override kafka-clients in kinesis-kpl-shaded to remediate CVE-2024-31141 and CVE-2025-27817 (#24935)
• [fix][sec] Override nimbus-jose-jwt to remediate CVE-2023-52428 and CVE-2025-53864 (#24937)
• [fix][sec] Update Hbase version to 2.6.3-hadoop3 and exclude Avro from hbase-client to remediate CVEs (#24953)
• [fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to remediate CVE-2025-8916 (#24923)
• [fix][sec] Upgrade hadoop3 version from 3.4.0 to 3.4.1 (#24950)
• [fix][sec] Upgrade Jetty to 9.4.58.v20250814 to address CVE-2025-5115 (#24897)
• [fix][sec] Upgrade Spring to 6.2.12 to remediate CVE-2025-22233 and CVE-2025-41249 (#24903)
• [improve][ci] Upgrade GitHub Actions workflows to use ubuntu-24.04 (#24841)

Broker

• [fix][broker] Allow intermittent error from topic policies service when loading topics (#24829)
• [fix][broker] AvgShedder comparison error (#24954)
• [fix][broker] Avoid recursive update in ConcurrentHashMap during policy cache cleanup (#24939)
• [fix][broker] BacklogMessageAge is not reset when cursor mdPosition is on an open ledger (#24915)
• [fix][broker] Ensure LoadSheddingTask is scheduled after metadata service is available again (#24838)
• [fix][broker] ExtensibleLoadManager: handle SessionReestablished and Reconnected events to re-register broker metadata (#24932)
• [fix][broker] Fix bug in PersistentMessageExpiryMonitor which blocked further expirations (#24941)
• [fix][broker] fix getMaxReadPosition in TransactionBufferDisable should return latest (#24898)
• [fix][broker] Fix incorrect topic loading latency metric and timeout might not be respected (#24785)
• [fix][broker] Fix stack overflow caused by race condition when closing a connection (#24934)
• [fix][broker] Fix totalAvailablePermits not reduced when removing consumer from non-persistent dispatcher (#24885)
• [fix][broker] Fix wrong behaviour when using namespace.allowed_clusters, such as namespace deletion and namespace policies updating (#24860)
• [fix][broker] Flaky-test: ExtensibleLoadManagerImplTest.testDisableBroker (#24770)
• [fix][broker] Flaky-test: TopicTransactionBufferTest.testMessagePublishInOrder (#24826)
• [fix][broker] Run ResourceGroup tasks only when tenants/namespaces registered (#24859)
• [fix][broker] Stop to retry to read entries if the replicator has terminated (#24880)
• [fix][broker] Trigger topic creation event only once for non-existent topic (#24802)
• [fix][broker] Use poll instead remove to avoid NoSuchElementException (#24933)
• [fix][broker]Leaving orphan schemas and topic-level policies after partitioned topic is deleted by GC (#24971)
• [fix][broker]Transactional messages can never be sent successfully if concurrently taking transaction buffer snapshot (#24945)
• [fix][admin] Set local policies overwrites "number of bundles" passed during namespace creation (#24762)
• [fix][ml] Fix getNumberOfEntries may point to deleted ledger (#24852)
• [fix][ml] Fix ledger trimming race causing cursor to point to deleted ledgers (#24855)
• [fix]Fixed getChildren('/') on Oxia based provider (#24863)
• [improve][broker] Add tests for using absolute FQDN for advertisedAddress and remove extra dot from brokerId (#24787)
• [improve][broker] Don't log an error when updatePartitionedTopic is called on a non-partitioned topic (#24943)
• [improve][broker] Optimize lookup result warn log (#24942)
• [improve][broker] Part-1 of PIP-434: Expose Netty channel configuration WRITE_BUFFER_WATER_MARK to pulsar conf and pause receive requests when channel is unwritable (#24423)
• [improve][broker] Part-2 of PIP-434: Use ServerCnxThrottleTracker, instead of modifying channel.readable directly (#24799)
• [improve][broker] PIP-434: add configurations to broker.conf (#24800)
• [improve][broker] Reduce the broker close time to avoid useless wait for event loop shutdown (#24895)
• [improve][broker] Replace isServiceUnitActiveAsync with checkTopicNsOwnership (#24780)
• [improve][broker]Call scheduleAtFixedRateNonConcurrently for scheduled tasks, instead of scheduleAtFixedRate (#24596)
• [improve][broker]Improve NamespaceService log that is printed when cluster was removed (#24801)
• [improve][broker]Skip to mark delete if the target position of expira… (#24881)
• [fix][txn] fix concurrent error cause txn stuck in TransactionBufferHandlerImpl#endTxn (#23551)
• [cleanup][broker] Remove unused configuration maxMessageSizeCheckIntervalInSeconds (#24958)
• [fix][broker][branch-4.0] Fix failed testFinishTakeSnapshotWhenTopicLoading due to topic future cache conflicts (#24947)
• [improve][broker] Separate offload read and write thread pool (#24025)
• [fix][monitor] Fix the incorrect metrics name (#21981)

Client

• [fix][client] Fix deduplication for getPartitionedTopicMetadata to include method parameters (#24965)
• [fix][client] Fix getPendingQueueSize for PartitionedTopicProducerStatsRecorderImpl: avoid NPE and implement aggregation (#24830)
• [fix][client] Fix thread leak in reloadLookUp method which is used by ServiceUrlProvider (#24794)
• [fix][client] Make auto partitions update work for old brokers without PIP-344 (#24822)
• [improve][client] Deduplicate getTopicsUnderNamespace in BinaryProtoLookupService (#24962)
• [improve][client]Add null check for Pulsar client clock configuration (#24848)
• [fix] Fix mixed lookup/partition metadata requests causing reliability issues and incorrect responses (#24832)

Pulsar IO and Pulsar Functions

• [improve][fn] Use PulsarByteBufAllocator.DEFAULT instead of ByteBufAllocator.DEFAULT (#24952)

Tests & CI

• [fix][build] Fix maven deploy with maven-source-plugin 3.3.1 (#24811)
• [fix][build] Remove invalid profile in settings.xml that caused gpg signing to fail (#24812)
• [fix][test] Add Delta Tolerance in Double-Precision Assertions to Fix Rounding Flakiness (#24972)
• [fix][test] BacklogQuotaManagerTest.backlogsAgeMetricsNoPreciseWithoutBacklogQuota handle empty /metrics scrape (#24887)
• [fix][test] Fix flaky KeySharedSubscriptionBrokerCacheTest.testReplayQueueReadsGettingCached (#24955)
• [fix][test] Fix flaky LookupPropertiesTest.testConcurrentLookupProperties (#24854)
• [fix][test] Fix flaky NonPersistentTopicTest.testProducerRateLimit ([#24951](#2...

v3.0.15

2025-11-17

Library updates

• [improve][misc] Upgrade Netty to 4.1.128.Final (#24911)
• [fix][sec] Bump io.vertx:vertx-web from 4.5.10 to 4.5.22 (#24889)
• [fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to remediate CVE-2025-8916 (#24923)
• [fix][sec] Upgrade Jetty to 9.4.58.v20250814 to address CVE-2025-5115 (#24897)
• [fix][sec] Upgrade Spring to 6.2.12 to remediate CVE-2025-22233 and CVE-2025-41249 (#24903)
• [improve][ci] Upgrade GitHub Actions workflows to use ubuntu-24.04 (#24841)

Broker

• [fix][broker] Avoid recursive update in ConcurrentHashMap during policy cache cleanup (#24939)
• [fix][broker] BacklogMessageAge is not reset when cursor mdPosition is on an open ledger (#24915)
• [fix][broker] fix getMaxReadPosition in TransactionBufferDisable should return latest (#24898)
• [fix][broker] Fix stack overflow caused by race condition when closing a connection (#24934)
• [fix][broker] Fix totalAvailablePermits not reduced when removing consumer from non-persistent dispatcher (#24885)
• [fix][broker] Flaky-test: ExtensibleLoadManagerImplTest.testDisableBroker (#24770)
• [fix][broker] Run ResourceGroup tasks only when tenants/namespaces registered (#24859)
• [fix][broker] Stop to retry to read entries if the replicator has terminated (#24880)
• [fix][broker] Trigger topic creation event only once for non-existent topic (#24802)
• [fix][admin] Set local policies overwrites "number of bundles" passed during namespace creation (#24762)
• [fix][ml] Fix getNumberOfEntries may point to deleted ledger (#24852)
• [fix][txn] fix concurrent error cause txn stuck in TransactionBufferHandlerImpl#endTxn (#23551)
• [cleanup][broker][branch-3.0] Remove no-op configurations caused by cherry-picking (#24960)

Client

• [fix][client] Fix deduplication for getPartitionedTopicMetadata to include method parameters (#24965)
• [fix][client] Fix getPendingQueueSize for PartitionedTopicProducerStatsRecorderImpl: avoid NPE and implement aggregation (#24830)
• [fix][client] Fix thread leak in reloadLookUp method which is used by ServiceUrlProvider (#24794)
• [fix][client] Make auto partitions update work for old brokers without PIP-344 (#24822)
• [improve][client]Add null check for Pulsar client clock configuration (#24848)
• [fix] Fix mixed lookup/partition metadata requests causing reliability issues and incorrect responses (#24832)

Tests & CI

• [fix][build] Remove invalid profile in settings.xml that caused gpg signing to fail (#24812)
• [fix][test] Fix flaky KeySharedSubscriptionBrokerCacheTest.testReplayQueueReadsGettingCached (#24955)
• [fix][test] Fix flaky NonPersistentTopicTest.testProducerRateLimit (#24951)
• [fix][test] Fix flaky ReplicatorTest.testResumptionAfterBacklogRelaxed (#24904)
• [fix][test] Fix flaky SubscriptionSeekTest.testSeekWillNotEncounteredFencedError by counting subscription is fenced only after seek (#24865)
• [fix][test] Fix invalid test NonPersistentTopicTest.testProducerRateLimit (#24957)
• [fix][test] Stabilize SequenceIdWithErrorTest by fencing after first publish to avoid empty-ledger deletion and send timeout (#24861)
• [fix][test] Stabilize testMsgDropStat by reliably triggering non-persistent publisher drop (#24929)
• [improve][ci] Move replication tests to new group Broker Group 5 in Pulsar CI (#24917)
• [fix][ci][branch-3.0] Drop UBUNTU_MIRROR/UBUNTU_SECURITY_MIRROR support in Dockerfile since it's broken
• [fix][test][branch-3.0] Backport test case so that it compiles in branch-3.0

For the complete list, check the full changelog.