Releases: apache/storm
Releases · apache/storm
Pre-release v2.8.7 - Apache Storm 2.8.7
What's Changed
- Bump org.apache.activemq:activemq-mqtt from 6.2.3 to 6.2.4 by @dependabot[bot] in #8505
- Bump org.apache.activemq:activemq-all from 6.2.3 to 6.2.4 by @dependabot[bot] in #8506
- Bump org.apache.activemq:activemq-broker from 6.2.3 to 6.2.4 by @dependabot[bot] in #8507
- Bump org.apache.activemq:activemq-client from 6.2.3 to 6.2.4 by @dependabot[bot] in #8508
- [Automated] Update license files after dependency changes by @github-actions[bot] in #8509
- Bump axios from 1.13.6 to 1.15.0 in /storm-webapp by @dependabot[bot] in #8511
- Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @dependabot[bot] in #8513
- Bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in #8514
- Bump follow-redirects from 1.15.11 to 1.16.0 in /storm-webapp by @dependabot[bot] in #8519
- Bump actions/cache from 5.0.4 to 5.0.5 by @dependabot[bot] in #8517
- Bump org.apache.hbase:hbase-client from 2.6.4-hadoop3 to 2.6.5-hadoop3 by @dependabot[bot] in #8520
- Bump org.rocksdb:rocksdbjni from 10.10.1 to 10.10.1.1 by @dependabot[bot] in #8523
- Bump bouncycastle.version from 1.83 to 1.84 by @dependabot[bot] in #8524
- Bump org.apache.commons:commons-configuration2 from 2.13.0 to 2.14.0 by @dependabot[bot] in #8525
- Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre by @dependabot[bot] in #8526
- [Automated] Update license files after dependency changes by @github-actions[bot] in #8527
- Bump org.jgrapht:jgrapht-core from 0.9.0 to 1.5.3 by @dependabot[bot] in #8522
- [Automated] Update license files after dependency changes by @github-actions[bot] in #8528
- docs: fix 'recieved' -> 'received' typo in IAutoCredentials Javadoc by @SAY-5 in #8529
- flux: fix 'recieveed' -> 'received' in LogInfoBolt Javadoc by @SAY-5 in #8533
- storm-client: fix 'accross' -> 'across' in Stream.java Javadoc by @SAY-5 in #8532
- docs: fix 'occured' -> 'occurred' in LocallyCachedBlob Javadoc by @SAY-5 in #8530
- storm-core: fix 'seperate' -> 'separate' in configuration.h comment by @SAY-5 in #8531
New Contributors
Full Changelog: v2.8.6...v2.8.7
Contributors
dependabot and SAY-5
Assets 2
Apache Storm 2.8.6
Apache Storm 2.8.6
This release includes two security fixes, enhancements, bug fixes, and a large number of dependency upgrades. Users of previous versions are strongly encouraged to upgrade.
⚠️ Security Fixes
CVE-2026-35337 — Deserialization of Untrusted Data in Apache Storm
Versions affected: < 2.8.6
When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering or validation. An authenticated user with topology submission rights could supply a crafted serialized object in the "TGT" credential field, leading to remote code execution in both the Nimbus and Worker JVMs.
Fix: Upgrade to 2.8.6. If you cannot upgrade immediately, monkey-patch an ObjectInputFilter allow-list to ClientAuthUtils.deserializeKerberosTicket() restricting deserialized classes to javax.security.auth.kerberos.KerberosTicket and its known dependencies. See the full mitigation instructions in the release notes.
Credit: Discovered by K.
CVE-2026-35565 — Stored XSS via Unsanitized Topology Metadata in Storm UI
Versions affected: < 2.8.6
The Storm UI visualization component interpolates topology metadata (component IDs, stream names, grouping values) directly into HTML via innerHTML in parseNode() and parseEdge() without sanitization. An authenticated user with topology submission rights could craft a topology with malicious HTML/JavaScript in component identifiers, resulting in stored cross-site scripting. In multi-tenant deployments this enables privilege escalation through script execution in an admin's browser session.
Fix: Upgrade to 2.8.6. If you cannot upgrade immediately, patch storm-webapp/src/main/webapp/js/visualization.js to escape output in parseNode() and parseEdge(). See the full mitigation instructions in the release notes.
Credit: Discovered while investigating another report by K.
🚀 Enhancements
- #8483 — Migrate to Java 24+ compatible security APIs and add Java 25 to CI
- #8452 — Pass Conf object to KryoDecorator
- #8305 — Improve
dev-tools/release_notes.pyto handle multiple tags per issue
🐛 Bug Fixes
- #8456 / #8457 — Fix scientific notation display for large numbers in Storm UI table
- #8442 — Fix NPE in
getSupervisorPageInfofor unknown hostnames - #8441 — Fix NPE in
mkAssignmentswhen assignment is deleted during scheduling - #8440 — Fix corrupted record counter in
SequenceFileReader.Offset.increment()
📦 Dependency Upgrades
| Dependency | From | To |
|---|---|---|
| io.netty:netty-bom | 4.2.10.Final | 4.2.12.Final |
| hadoop.version | 3.4.3 | 3.5.0 |
| org.rocksdb:rocksdbjni | 10.2.1 | 10.10.1 |
| activemq.version | 6.2.1 | 6.2.3 |
| spring.version | 7.0.5 | 7.0.6 |
| jetty.version | 12.1.6 | 12.1.8 |
| com.fasterxml.jackson:jackson-bom | 2.21.1 | 2.21.2 |
| com.fasterxml.jackson.core:jackson-databind | 2.21.1 | 2.21.2 |
| storm.kafka.client.version | 4.1.1 | 4.2.0 |
| redis.clients:jedis | 7.3.0 | 7.4.1 |
| byte-buddy.version | 1.18.5 | 1.18.8 |
| org.apache.logging.log4j:log4j-bom | 2.25.3 | 2.25.4 |
| prometheus.client.version | 1.5.0 | 1.5.1 |
| org.checkerframework:checker-qual | 3.53.1 | 3.54.0 |
| com.google.errorprone:error_prone_annotations | 2.48.0 | 2.49.0 |
| netty-tcnative.version | 2.0.74.Final | 2.0.75.Final |
| commons-logging:commons-logging | 1.3.5 | 1.3.6 |
| joda-time:joda-time | 2.14.0 | 2.14.1 |
| org.apache.maven:maven-resolver-provider | 3.9.12 | 3.9.14 |
| org.apache.maven.plugins:maven-shade-plugin | 3.6.1 | 3.6.2 |
| com.github.eirslett:frontend-maven-plugin | 1.15.1 | 2.0.0 |
| cytoscape (storm-webapp) | 3.33.1 | 3.33.2 |
| lodash (storm-webapp) | 4.17.23 | 4.18.1 |
| webpack-cli (storm-webapp) | 7.0.0 | 7.0.2 |
| cypress (storm-webapp) | 15.12.0 | 15.13.0 |
| mini-css-extract-plugin (storm-webapp) | 2.10.1 | 2.10.2 |
| start-server-and-test (storm-webapp) | 2.1.5 | 3.0.0 |
| serialize-javascript (storm-webapp) | 7.0.4 | 7.0.5 |
| picomatch (storm-webapp) | 4.0.3 | 4.0.4 |
| actions/upload-artifact | 4.6.2 | 7.0.0 |
| actions/setup-node | 4.4.0 | 6.3.0 |
| actions/download-artifact | 4.3.0 | 8.0.1 |
| ruby/setup-ruby | 1.295.0 | 1.298.0 |
Apache Storm 2.8.5
What's Changed
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0 by @dependabot[bot] in #8410
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0 by @dependabot[bot] in #8408
- Bump org.junit:junit-bom from 6.0.2 to 6.0.3 by @dependabot[bot] in #8402
- Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.4 to 3.5.5 by @dependabot[bot] in #8394
- Bump byte-buddy.version from 1.18.4 to 1.18.5 by @dependabot[bot] in #8395
- Bump org.checkerframework:checker-qual from 3.53.0 to 3.53.1 by @dependabot[bot] in #8406
- [storm-client] Replace e.printStackTrace() with SLF4J logging in ConfigurableTopology by @Ironankit525 in #8413
- [storm-client] Add missing logging to TridentBoltExecutor on tuple count mismatch failures by @Ironankit525 in #8414
- Bump surefire.version from 3.5.4 to 3.5.5 by @dependabot[bot] in #8404
- Fix silent exception swallow in LocalFsBlobStore.prepare() leaving stormClusterState null by @jnioche in #8416
- Bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in #8417
- Bump ruby/setup-ruby from 1.288.0 to 1.289.0 by @dependabot[bot] in #8418
- fix(HeartbeatCache): Falsely timing out alive executors when heartbeat TIME_SECS does not advance by @DiogoP98 in #8420
- Bump com.google.errorprone:error_prone_annotations from 2.46.0 to 2.48.0 by @dependabot[bot] in #8412
- Bump maven-resolver.version from 1.9.25 to 1.9.27 by @dependabot[bot] in #8411
- Bump org.jctools:jctools-core from 4.0.5 to 4.0.6 by @dependabot[bot] in #8409
- Bump spring.version from 7.0.3 to 7.0.5 by @dependabot[bot] in #8393
- Bump activemq.version from 6.2.0 to 6.2.1 by @dependabot[bot] in #8396
- Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 by @dependabot[bot] in #8398
- Bump hadoop.version from 3.4.2 to 3.4.3 by @dependabot[bot] in #8397
- Bump prometheus.client.version from 1.4.3 to 1.5.0 by @dependabot[bot] in #8405
- Bump netty-tcnative.version from 2.0.74.Final to 2.0.75.Final by @dependabot[bot] in #8399
- Bump redis.clients:jedis from 7.2.1 to 7.3.0 by @dependabot[bot] in #8401
- Bump com.fasterxml.jackson:jackson-bom from 2.21.0 to 2.21.1 by @dependabot[bot] in #8400
- Bump io.netty:netty-bom from 4.2.9.Final to 4.2.10.Final by @dependabot[bot] in #8407
- Bump com.fasterxml.jackson.core:jackson-databind from 2.20.1 to 2.21.1 by @dependabot[bot] in #8403
- Implement size-based file rotation for FileBasedEventLogger by @Ironankit525 in #8415
- Bump ruby/setup-ruby from 1.289.0 to 1.290.0 by @dependabot[bot] in #8421
- Bump ruby/setup-ruby from 1.290.0 to 1.292.0 by @dependabot[bot] in #8423
- Bump org.apache.zookeeper:zookeeper from 3.9.4 to 3.9.5 by @dependabot[bot] in #8422
- Migrate project from commons-lang to commons-lang3 by @reiabreu in #8424
- Bump ruby/setup-ruby from 1.292.0 to 1.293.0 by @dependabot[bot] in #8426
- Bump ruby/setup-ruby from 1.293.0 to 1.295.0 by @dependabot[bot] in #8431
- Use package manager for 3rd party JS in Storm-UI by @rzo1 in #8427
- Upgrade Bootstrap to 5.3.8, add dark mode toggle by @rzo1 in #8434
- Bump actions/cache from 5.0.3 to 5.0.4 by @dependabot[bot] in #8433
- STORM-4079: Add SSL setup documentation by @MNkulkarni06 in #8428
New Contributors
- @Ironankit525 made their first contribution in #8413
Full Changelog: v2.8.4...v2.8.5
Contributors
jnioche, reiabreu, and 5 other contributors
Assets 2
Apache Storm 2.8.4
What's Changed
- Bump ruby/setup-ruby from 1.265.0 to 1.267.0 by @dependabot[bot] in #8296
- Bump org.apache.xbean:xbean-spring from 4.27 to 4.28 by @dependabot[bot] in #8294
- Bump com.google.errorprone:error_prone_annotations from 2.42.0 to 2.43.0 by @dependabot[bot] in #8292
- Bump activemq.version from 6.1.7 to 6.1.8 by @dependabot[bot] in #8291
- Bump org.junit:junit-bom from 6.0.0 to 6.0.1 by @dependabot[bot] in #8301
- Bump prometheus.client.version from 1.4.1 to 1.4.2 by @dependabot[bot] in #8297
- Bump org.checkerframework:checker-qual from 3.51.1 to 3.52.0 by @dependabot[bot] in #8304
- Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 by @dependabot[bot] in #8303
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.2 to 3.2.3 by @dependabot[bot] in #8298
- Bump com.fasterxml.jackson.core:jackson-databind and com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 by @dependabot[bot] in #8300
- Bump actions/checkout from 5.0.0 to 5.0.1 by @dependabot[bot] in #8307
- Bump ruby/setup-ruby from 1.267.0 to 1.268.0 by @dependabot[bot] in #8306
- Bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in #8308
- Bump actions/setup-python from 6.0.0 to 6.1.0 by @dependabot[bot] in #8309
- Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #8326
- Bump actions/setup-node from 6.0.0 to 6.1.0 by @dependabot[bot] in #8325
- Bump org.codehaus.mojo:taglist-maven-plugin from 3.2.1 to 3.2.2 by @dependabot[bot] in #8322
- Bump byte-buddy.version from 1.17.8 to 1.18.2 by @dependabot[bot] in #8310
- Bump storm.kafka.client.version from 4.1.0 to 4.1.1 by @dependabot[bot] in #8312
- Bump org.apache.hbase:hbase-client from 2.6.3-hadoop3 to 2.6.4-hadoop3 by @dependabot[bot] in #8313
- Bump prometheus.client.version from 1.4.2 to 1.4.3 by @dependabot[bot] in #8314
- Bump jetty.version from 12.1.1 to 12.1.4 by @dependabot[bot] in #8315
- Bump commons-cli:commons-cli from 1.10.0 to 1.11.0 by @dependabot[bot] in #8316
- Bump org.apache.commons:commons-configuration2 from 2.12.0 to 2.13.0 by @dependabot[bot] in #8317
- Bump activemq.version from 6.1.8 to 6.2.0 by @dependabot[bot] in #8318
- Bump bouncycastle.version from 1.82 to 1.83 by @dependabot[bot] in #8319
- Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 by @dependabot[bot] in #8320
- Bump commons-io:commons-io from 2.20.0 to 2.21.0 by @dependabot[bot] in #8321
- Bump com.google.errorprone:error_prone_annotations from 2.43.0 to 2.45.0 by @dependabot[bot] in #8323
- Bump redis.clients:jedis from 7.0.0 to 7.1.0 by @dependabot[bot] in #8324
- Bump actions/setup-java from 5.0.0 to 5.1.0 by @dependabot[bot] in #8327
- Bump ruby/setup-ruby from 1.268.0 to 1.269.0 by @dependabot[bot] in #8329
- Bump burnett01/rsync-deployments from 5.2 to 8 by @dependabot[bot] in #8328
- Bump actions/cache from 4.3.0 to 5.0.0 by @dependabot[bot] in #8330
- Bump ruby/setup-ruby from 1.269.0 to 1.270.0 by @dependabot[bot] in #8332
- Bump actions/cache from 5.0.0 to 5.0.1 by @dependabot[bot] in #8331
- Bump ruby/setup-ruby from 1.270.0 to 1.271.0 by @dependabot[bot] in #8333
- Bump ruby/setup-ruby from 1.271.0 to 1.274.0 by @dependabot[bot] in #8334
- Bump ruby/setup-ruby from 1.274.0 to 1.275.0 by @dependabot[bot] in #8335
- Bump burnett01/rsync-deployments from 5.2 to 8 by @dependabot[bot] in #8336
- Bump ruby/setup-ruby from 1.275.0 to 1.276.0 by @dependabot[bot] in #8338
- Bump org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in #8349
- Bump org.checkerframework:checker-qual from 3.52.0 to 3.52.1 by @dependabot[bot] in #8346
- Bump byte-buddy.version from 1.18.2 to 1.18.3 by @dependabot[bot] in #8344
- Bump ruby/setup-ruby from 1.276.0 to 1.278.0 by @dependabot[bot] in #8357
- Bump testcontainers.version from 1.21.3 to 1.21.4 by @dependabot[bot] in #8352
- Bump spring.version from 6.2.12 to 7.0.2 by @dependabot[bot] in #8350
- Bump org.apache.commons:commons-text from 1.14.0 to 1.15.0 by @dependabot[bot] in #8356
- Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 by @dependabot[bot] in #8355
- Bump org.clojure:tools.logging from 1.3.0 to 1.3.1 by @dependabot[bot] in #8340
- Bump asm.version from 9.9 to 9.9.1 by @dependabot[bot] in #8341
- Bump redis.clients:jedis from 7.1.0 to 7.2.0 by @dependabot[bot] in #8342
- Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0 by @dependabot[bot] in #8347
- Bump org.clojure:clojure from 1.12.3 to 1.12.4 by @dependabot[bot] in #8353
- Bump org.apache.xbean:xbean-spring from 4.28 to 4.29 by @dependabot[bot] in #8351
- Bump jetty.version from 12.1.4 to 12.1.5 by @dependabot[bot] in #8343
- Bump org.apache.logging.log4j:log4j-bom from 2.25.2 to 2.25.3 by @dependabot[bot] in #8345
- Bump maven-resolver.version from 1.9.24 to 1.9.25 by @dependabot[bot] in #8354
- Bump io.netty:netty-bom from 4.2.7.Final to 4.2.9.Final by @dependabot[bot] in #8348
- Bump ruby/setup-ruby from 1.278.0 to 1.279.0 by @dependabot[bot] in #8358
- Bump ruby/setup-ruby from 1.279.0 to 1.280.0 by @dependabot[bot] in #8359
- Bump ruby/setup-ruby from 1.280.0 to 1.281.0 by @dependabot[bot] in #8360
- Bump ruby/setup-ruby from 1.281.0 to 1.282.0 by @dependabot[bot] in #8361
- Bump actions/setup-node from 6.1.0 to 6.2.0 by @dependabot[bot] in #8363
- Bump ruby/setup-ruby from 1.282.0 to 1.283.0 by @dependabot[bot] in #8362
- Bump actions/cache from 5.0.1 to 5.0.2 by @dependabot[bot] in #8364
- Bump ruby/setup-ruby from 1.283.0 to 1.284.0 by @dependabot[bot] in #8365
- Bump ruby/setup-ruby from 1.284.0 to 1.285.0 by @dependabot[bot] in #8366
- Bump actions/setup-python from 6.1.0 to 6.2.0 by @dependabot[bot] in #8369
- Bump ruby/setup-ruby from 1.285.0 to 1.286.0 by @dependabot[bot] in #8368
- Bump actions/setup-java from 5.1.0 to 5.2.0 by @dependabot[bot] in #8367
- Bump actions/cache from 5.0.2 to 5.0.3 by @dependabot[bot] in #8371
- Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #8370
- Bump org.codehaus.mojo:license-maven-plugin from 2.7.0 to 2.7.1 by @dependabot[bot] in #8378
- Bump org.junit:junit-bom from 6.0.1 to 6.0.2 by @dependabot[bot] in #8380
- Bump org.checkerframework:checker-qual from 3.52.1 to 3.53.0 by @dependabot[bot] in #8381
- Bump byte-buddy.version from 1.18.3 to 1.18.4 by @dependabot[bot] in #8384
- Bump org.testng:testng from 7.11.0 to 7.12.0 by @dependabot[bot] in #8388
- Bump org.objenesis:objenesis from 3.4 to 3.5 by @dependabot[bot] in #8389
- Bump jetty.version from 12.1.5 to 12.1.6 by @dependabot[bot] in #8372
- Bump redis.clients:jedis from 7.2.0 to 7.2.1 by @dependabot[bot] in #8374
- Bump spring.version from 7.0.2 to 7.0.3 by @dependabot[bot] in #8382
- Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0 by @dependabot[bot] in #8383
- Bump com.google.errorprone:error_prone_annotations from 2.45.0 to 2.46.0 by @dependabot[bot] in #8385
- Bump org.apache.xbean:xbean-spring from 4.29 to 4.30 ...
Contributors
dependabot and haosenwang1018
Assets 2
Apache Storm 2.8.3
What's Changed
- Bump curator.version from 5.8.0 to 5.9.0 by @dependabot[bot] in #8202
- Drop storm-sql-* modules by @rzo1 in #8174
- Update Java dependencies to latest versions by @rzo1 in #8215
- Bump commons-codec:commons-codec from 1.18.0 to 1.19.0 by @dependabot[bot] in #8199
- Bump com.google.errorprone:error_prone_annotations from 2.40.0 to 2.41.0 by @dependabot[bot] in #8200
- Bump org.apache.commons:commons-text from 1.13.1 to 1.14.0 by @dependabot[bot] in #8201
- Bump dropwizard.version from 4.0.14 to 4.0.15 by @dependabot[bot] in #8203
- Bump net.minidev:json-smart from 2.5.2 to 2.6.0 by @dependabot[bot] in #8207
- Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 by @dependabot[bot] in #8208
- Bump commons-cli:commons-cli from 1.9.0 to 1.10.0 by @dependabot[bot] in #8209
- Bump com.zaxxer:HikariCP from 6.3.1 to 7.0.1 by @dependabot[bot] in #8212
- Bump org.glassfish.jersey:jersey-bom from 3.1.10 to 3.1.11 by @dependabot[bot] in #8213
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.14.0 by @dependabot[bot] in #8137
- Bump ruby/setup-ruby from 1.254.0 to 1.255.0 by @dependabot[bot] in #8216
- Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #8217
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3 by @dependabot[bot] in #8223
- Bump byte-buddy.version from 1.17.6 to 1.17.7 by @dependabot[bot] in #8220
- Update Jetty (11.0.26), Netty (4.2.4.Final), Spring (6.2.10) by @rzo1 in #8224
- Bump jetty.version from 11.0.25 to 11.0.26 by @dependabot[bot] in #8219
- Bump io.netty:netty-bom from 4.2.3.Final to 4.2.4.Final by @dependabot[bot] in #8221
- Bump spring.version from 6.2.9 to 6.2.10 by @dependabot[bot] in #8222
- Bump ruby/setup-ruby from 1.255.0 to 1.256.0 by @dependabot[bot] in #8226
- Bump actions/setup-java from 4.7.1 to 5.0.0 by @dependabot[bot] in #8225
- Bump com.zaxxer:HikariCP from 7.0.1 to 7.0.2 by @dependabot[bot] in #8230
- Bump prometheus.client.version from 1.3.10 to 1.4.1 by @dependabot[bot] in #8229
- Bump metrics.version from 4.2.33 to 4.2.34 by @dependabot[bot] in #8228
- Bump ruby/setup-ruby from 1.256.0 to 1.257.0 by @dependabot[bot] in #8240
- Bump zookeeper.version from 3.9.3 to 3.9.4 by @dependabot[bot] in #8232
- Bump org.checkerframework:checker-qual from 3.49.5 to 3.50.0 by @dependabot[bot] in #8231
- Bump dropwizard.version from 4.0.15 to 4.0.16 by @dependabot[bot] in #8239
- Bump com.fasterxml.jackson:jackson-bom from 2.19.2 to 2.20.0 by @dependabot[bot] in #8233
- Bump org.clojure:clojure from 1.12.1 to 1.12.2 by @dependabot[bot] in #8234
- Bump metrics.version from 4.2.34 to 4.2.36 by @dependabot[bot] in #8235
- Bump hadoop.version from 3.4.1 to 3.4.2 by @dependabot[bot] in #8236
- Bump netty-tcnative.version from 2.0.72.Final to 2.0.73.Final by @dependabot[bot] in #8238
- Bump actions/setup-python from 5.6.0 to 6.0.0 by @dependabot[bot] in #8242
- Bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in #8241
- Bump io.netty:netty-bom from 4.2.4.Final to 4.2.5.Final by @dependabot[bot] in #8244
- Bump storm.kafka.client.version from 3.9.0 to 4.1.0 by @dependabot[bot] in #8243
- Bump surefire.version from 3.5.3 to 3.5.4 by @dependabot[bot] in #8245
- Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.3 to 3.5.4 by @dependabot[bot] in #8251
- Bump ruby/setup-ruby from 1.257.0 to 1.258.0 by @dependabot[bot] in #8253
- Bump org.springframework:spring-core from 6.2.10 to 6.2.11 in /examples/storm-jms-examples by @dependabot[bot] in #8252
- Bump spring.version from 6.2.10 to 6.2.11 by @dependabot[bot] in #8246
- Bump org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1 by @dependabot[bot] in #8247
- Bump org.checkerframework:checker-qual from 3.50.0 to 3.51.0 by @dependabot[bot] in #8248
- Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 by @dependabot[bot] in #8249
- Bump io.netty:netty-bom from 4.2.5.Final to 4.2.6.Final by @dependabot[bot] in #8250
- Bump ruby/setup-ruby from 1.258.0 to 1.259.0 by @dependabot[bot] in #8254
- Update Dependencies (Jetty 12.1.1) by @rzo1 in #8264
- Bump metrics.version from 4.2.36 to 4.2.37 by @dependabot[bot] in #8255
- Bump bouncycastle.version from 1.81 to 1.82 by @dependabot[bot] in #8256
- Bump dropwizard.version from 4.0.16 to 5.0.0 by @dependabot[bot] in #8257
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1 by @dependabot[bot] in #8258
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 by @dependabot[bot] in #8259
- Bump jakarta.xml.bind:jakarta.xml.bind-api from 2.3.2 to 4.0.4 by @dependabot[bot] in #8260
- Bump com.google.errorprone:error_prone_annotations from 2.41.0 to 2.42.0 by @dependabot[bot] in #8261
- Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre by @dependabot[bot] in #8262
- Bump ruby/setup-ruby from 1.259.0 to 1.262.0 by @dependabot[bot] in #8263
- Bump ruby/setup-ruby from 1.262.0 to 1.263.0 by @dependabot[bot] in #8266
- Bump actions/cache from 4.2.4 to 4.3.0 by @dependabot[bot] in #8267
- Bump org.codehaus.mojo:license-maven-plugin from 2.6.0 to 2.7.0 by @dependabot[bot] in #8269
- Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 by @dependabot[bot] in #8272
- Bump org.clojure:clojure from 1.12.2 to 1.12.3 by @dependabot[bot] in #8270
- Bump org.apache.logging.log4j:log4j-bom from 2.25.1 to 2.25.2 by @dependabot[bot] in #8268
- Bump org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.1 by @dependabot[bot] in #8278
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 by @dependabot[bot] in #8277
- Bump org.junit:junit-bom from 5.13.4 to 6.0.0 by @dependabot[bot] in #8276
- Bump org.checkerframework:checker-qual from 3.51.0 to 3.51.1 by @dependabot[bot] in #8275
- Bump asm.version from 9.8 to 9.9 by @dependabot[bot] in #8274
- KeyAlreadyExistsException now does not cause downloadMissingBlob to return false by @reiabreu in #8273
- Bump ruby/setup-ruby from 1.263.0 to 1.264.0 by @dependabot[bot] in #8279
- Bump org.apache.maven.plugins:maven-pmd-plugin from 3.27.0 to 3.28.0 by @dependabot[bot] in #8284
- Bump ruby/setup-ruby from 1.264.0 to 1.265.0 by @dependabot[bot] in #8285
- Bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in #8286
- Bump byte-buddy.version from 1.17.7 to 1.17.8 by @dependabot[bot] in #8281
- Bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 by @dependabot[bot] in #8283
- Bump org.codehaus.mojo:exec-maven-plugin from 3.6.1 to 3.6.2 by @dependabot[bot] in #8290
- Bump redis.clients:jedis from 5.2.0 to 7.0.0 by @dependabot[bot] in #8282
- Bump org.apache.avro:avro from 1.12.0 to 1.12.1 by @dependabot[bot] in #8288
- Bump spring.version from 6.2.11 to 6.2.12 by @dependabot[bot] in #8287
- Bump io.netty:netty-bom from 4.2.6.Final to 4.2.7.Final and netty-tcnative.version from 2.0.73.Final to 2.0.74.Final by @dependabot[bot] in #8289
Full Changelog: https://github.com/apache/storm/comp...
Contributors
reiabreu, rzo1, and dependabot
Assets 2
Apache Storm 2.8.2
What's Changed
- Bump org.codehaus.mojo:exec-maven-plugin from 3.5.0 to 3.5.1 by @dependabot[bot] in #8094
- Bump testcontainers.version from 1.21.0 to 1.21.1 by @dependabot[bot] in #8093
- Bump org.junit:junit-bom from 5.12.2 to 5.13.0 by @dependabot[bot] in #8092
- Bump org.apache.maven.plugins:maven-clean-plugin from 3.4.1 to 3.5.0 by @dependabot[bot] in #8090
- Bump com.fasterxml.woodstox:woodstox-core from 7.1.0 to 7.1.1 by @dependabot[bot] in #8091
- Bump org.apache.commons:commons-exec from 1.4.0 to 1.5.0 by @dependabot[bot] in #8087
- Bump dropwizard.version from 4.0.13 to 4.0.14 by @dependabot[bot] in #8086
- Bump prometheus.client.version from 1.3.7 to 1.3.8 by @dependabot[bot] in #8088
- Bump metrics.version from 4.2.30 to 4.2.32 by @dependabot[bot] in #8085
- Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 by @dependabot[bot] in #8105
- Bump org.junit:junit-bom from 5.13.0 to 5.13.1 by @dependabot[bot] in #8107
- Bump org.checkerframework:checker-qual from 3.49.3 to 3.49.4 by @dependabot[bot] in #8113
- Bump bouncycastle.version from 1.80 to 1.81 by @dependabot[bot] in #8111
- Bump org.clojure:clojure from 1.12.0 to 1.12.1 by @dependabot[bot] in #8112
- Bump org.apache.maven:maven-resolver-provider from 3.9.9 to 3.9.10 by @dependabot[bot] in #8110
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.0 to 3.2.1 by @dependabot[bot] in #8109
- Bump commons-fileupload:commons-fileupload from 1.5 to 1.6.0 by @dependabot[bot] in #8108
- Bump io.netty:netty-bom from 4.2.1.Final to 4.2.2.Final by @dependabot[bot] in #8106
- [STORM-8019] Fixing kafka topic level metrics computation by @reiabreu in #8047
- Bump spring.version from 6.2.7 to 6.2.8 by @dependabot[bot] in #8123
- Bump com.fasterxml.jackson.core:jackson-databind from 2.19.0 to 2.19.1 by @dependabot[bot] in #8125
- Bump com.fasterxml.jackson:jackson-bom from 2.19.0 to 2.19.1 by @dependabot[bot] in #8124
- Bump org.apache:apache from 30 to 35 by @dependabot[bot] in #8126
- Bump testcontainers.version from 1.21.1 to 1.21.2 by @dependabot[bot] in #8134
- Bump byte-buddy.version from 1.17.5 to 1.17.6 by @dependabot[bot] in #8136
- Bump org.codehaus.mojo:license-maven-plugin from 2.5.0 to 2.6.0 by @dependabot[bot] in #8135
- Bump org.apache.logging.log4j:log4j-bom from 2.24.3 to 2.25.0 by @dependabot[bot] in #8138
- Bump activemq.version from 6.1.6 to 6.1.7 by @dependabot[bot] in #8133
- Bump metrics.version from 4.2.32 to 4.2.33 by @dependabot[bot] in #8132
- Bump org.junit:junit-bom from 5.13.1 to 5.13.3 by @dependabot[bot] in #8155
- Bump testcontainers.version from 1.21.2 to 1.21.3 by @dependabot[bot] in #8149
- Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0 by @dependabot[bot] in #8148
- Bump com.google.errorprone:error_prone_annotations from 2.38.0 to 2.39.0 by @dependabot[bot] in #8146
- Bump maven-resolver.version from 1.9.23 to 1.9.24 by @dependabot[bot] in #8154
- Bump prometheus.client.version from 1.3.8 to 1.3.9 by @dependabot[bot] in #8153
- Bump org.checkerframework:checker-qual from 3.49.4 to 3.49.5 by @dependabot[bot] in #8152
- Bump org.apache.thrift:libthrift from 0.19.0 to 0.22.0 by @dependabot[bot] in #8147
- Summarized Dependency Updates (Prometheus, Lang3, Caffeine) by @rzo1 in #8169
- Updates Dependencies (Jackson 2.19.2, Spring 6.2.9, Resolver 2.19.11, Commons IO 2.20.0, Netty 4.2.3.Final, Hbase 2.6.3, Hikari 6.3.1) by @rzo1 in #8184
- Drop User & URL from VersionInfo by @rzo1 in #8189
- Bump org.junit:junit-bom from 5.13.3 to 5.13.4 by @dependabot[bot] in #8186
Full Changelog: v2.8.1...v2.8.2
Contributors
reiabreu, rzo1, and dependabot
Assets 2
Apache Storm 2.8.1
What's Changed
- Update Release Note Generation and Docs by @rzo1 in #7936
- Bump byte-buddy.version from 1.15.11 to 1.16.1 by @dependabot in #3842
- Dependency updates by @rzo1 in #7946
- #7951 - Bump commons-codec:commons-codec from 1.17.2 to 1.18.0 by @dependabot in #7948
- #7953 - Bump byte-buddy.version from 1.16.1 to 1.17.0 by @dependabot in #7949
- Fix ShellBolt log level by @mstrucken in #7955
- Bump org.testng:testng from 7.10.2 to 7.11.0 by @dependabot in #7965
- IWorkerHook: remove erroneous recursive call by @reiabreu in #7958
- Bump byte-buddy.version from 1.17.0 to 1.17.1 by @dependabot in #7962
- Bump joda-time:joda-time from 2.12.7 to 2.13.1 by @dependabot in #7957
- #7967 - Bump prometheus.client.version from 1.3.5 to 1.3.6 by @dependabot in #7961
- #7968 - Bump org.checkerframework:checker-qual from 3.48.4 to 3.49.0 by @dependabot in #7956
- #7969 - Bump net.minidev:json-smart from 2.5.1 to 2.5.2 by @dependabot in #7960
- #7970 -Bump io.netty:netty-bom from 4.1.117.Final to 4.1.118.Final by @dependabot in #7964
- Bump testcontainers.version from 1.20.4 to 1.20.5 by @dependabot in #7973
- Bump org.awaitility:awaitility from 4.2.2 to 4.3.0 by @dependabot in #7977
- Bump org.junit:junit-bom from 5.11.4 to 5.12.0 by @dependabot in #7975
- Bump org.apache.maven.plugins:maven-clean-plugin from 3.4.0 to 3.4.1 by @dependabot in #7976
- #7935 - Use reflection to handle Java SecurityManager deprecation by @rzo1 in #7971
- Bump byte-buddy.version from 1.17.1 to 1.17.2 by @dependabot in #7984
- Bump testcontainers.version from 1.20.5 to 1.20.6 by @dependabot in #7983
- Bump org.junit:junit-bom from 5.12.0 to 5.12.1 by @dependabot in #7991
- Bump curator.version from 5.7.1 to 5.8.0 by @dependabot in #7985
- Bump io.netty:netty-bom from 4.1.118.Final to 4.1.119.Final by @dependabot in #7982
- Bump org.apache.hbase:hbase-client from 2.6.1-hadoop3 to 2.6.2-hadoop3 by @dependabot in #7972
- Bump byte-buddy.version from 1.17.2 to 1.17.4 by @dependabot in #7995
- Summarizes Dependency Updates by @rzo1 in #8002
- Dependency Updates April by @rzo1 in #8029
- Bump surefire.version from 3.5.2 to 3.5.3 by @dependabot in #8014
- #8036 - Bump org.apache.commons:commons-text from 1.13.0 to 1.13.1 by @dependabot in #8035
- Bump org.junit:junit-bom from 5.12.1 to 5.12.2 by @dependabot in #8039
- Upgrade to Spring 6 and JMS 3.1 (Jakarta) by @dependabot in #8041
- Bump testcontainers.version from 1.20.6 to 1.21.0 by @dependabot in #8049
- Dependency Updates May 25 by @rzo1 in #8061
- STORM-4079: SSL Setup Doc by @purushah in #8072
- Dependency Updates #8079 #8080 #8081 #8082 by @rzo1 in #8084
New Contributors
- @mstrucken made their first contribution in #7955
Full Changelog: v2.8.0...v2.8.1
Contributors
reiabreu, rzo1, and 3 other contributors
Assets 2
Apache Storm 2.8.0
What's Changed
- Bump org.codehaus.mojo:license-maven-plugin from 2.4.0 to 2.5.0 by @dependabot in #3804
- Bump testcontainers.version from 1.20.3 to 1.20.4 by @dependabot in #3796
- STORM-4131: Update log4j2 to a non-borked version by @tballison in #3807
- STORM-4133 - Raise Minimum JRE Level to 17 by @rzo1 in #3817
- STORM-4132 - Remove "storm-hive" by @rzo1 in #3816
- STORM-4134 - Bump org.apache.logging.log4j:log4j-bom from 2.24.2 to 2.24.3 by @dependabot in #3813
- Several Dependency Updates by @rzo1 in #3818
- Bump org.junit:junit-bom from 5.11.3 to 5.11.4 by @dependabot in #3822
- Bump org.freemarker:freemarker from 2.3.33 to 2.3.34 by @dependabot in #3820
- STORM-4142 Log when falling back to java serialization by @MaheshAravindV in #3824
- STORM-4144 - Bump slf4j.version from 1.7.36 to 2.0.16 by @dependabot in #3680
- Bump io.netty:netty-bom from 4.1.115.Final to 4.1.116.Final by @dependabot in #3819
- Bump com.google.guava:guava from 33.3.1-jre to 33.4.0-jre by @dependabot in #3821
- Bump org.checkerframework:checker-qual from 3.48.3 to 3.48.4 by @dependabot in #3826
- fix: Decode ComponentId to avoid UI throwing errors by @paxadax in #3827
- Importing changes from STORM-3693 (TimeOut ticks) by @reiabreu in #3828
- Bump commons-codec:commons-codec from 1.17.1 to 1.17.2 by @dependabot in #3832
- Bump org.glassfish.jersey:jersey-bom from 3.1.9 to 3.1.10 by @dependabot in #3829
- Bump org.apache.commons:commons-csv from 1.12.0 to 1.13.0 by @dependabot in #3831
- Bump org.rocksdb:rocksdbjni from 9.7.3 to 9.8.4 by @dependabot in #3830
- STORM-4154 - fix: Nimbus downtime during topology deployment by @DiogoP98 in #3833
- StormExecutor: adding an unit test to changes introduced in STORM-3693 by @reiabreu in #3834
New Contributors
- @tballison made their first contribution in #3807
- @MaheshAravindV made their first contribution in #3824
- @DiogoP98 made their first contribution in #3833
Full Changelog: v2.7.1...v2.8.0
Contributors
reiabreu, tballison, and 5 other contributors
Assets 2
Apache Storm 2.7.1
What's Changed
- Updating release notes by @reiabreu in #3706
- Bump org.apache.maven.plugins:maven-pmd-plugin from 3.23.0 to 3.26.0 by @dependabot in #3708
- Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.0 to 3.5.2 by @dependabot in #3736
- Bump org.jacoco:jacoco-maven-plugin from 0.7.2.201409121644 to 0.8.12 by @dependabot in #3735
- Bump org.apache.maven.plugins:maven-jxr-plugin from 3.2.0 to 3.6.0 by @dependabot in #3737
- Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.0.0 to 3.6.0 by @dependabot in #3727
- Bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.5.0 by @dependabot in #3711
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 2.10.4 to 3.11.1 by @dependabot in #3726
- Bump org.codehaus.mojo:taglist-maven-plugin from 2.4 to 3.2.1 by @dependabot in #3728
- Bump org.apache.maven.plugins:maven-shade-plugin from 3.1.1 to 3.6.0 by @dependabot in #3733
- Bump org.testng:testng from 6.8.5 to 7.10.2 by @dependabot in #3751
- Bump org.awaitility:awaitility from 4.2.1 to 4.2.2 by @dependabot in #3742
- Bump byte-buddy.version from 1.14.18 to 1.15.10 by @dependabot in #3743
- Bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4 by @dependabot in #3745
- STORM-4104 Fix Pacemaker server stability issues by @Scomocouk in #3739
- STORM-4107 - Remove ElasticSearch Module by @rzo1 in #3760
- STORM-4108 - Remove Joda Time by @rzo1 in #3761
- STORM-4106 Fix Storm.ps1 stdout/stderr feedback in Powershell ISE by @Scomocouk in #3740
- Combined Dependency Updates (with Issues in Jira) by @rzo1 in #3762
- Bump org.jmock:jmock from 2.6.0 to 2.13.1 by @dependabot in #3781
- Bump org.apache.maven.plugins:maven-dependency-plugin from 2.8 to 3.8.1 by @dependabot in #3776
- Bump surefire.version from 3.0.0-M5 to 3.5.2 by @dependabot in #3765
- Bump com.googlecode.json-simple:json-simple from 1.1 to 1.1.1 by @dependabot in #3764
- Bump com.zaxxer:HikariCP from 5.1.0 to 6.1.0 by @dependabot in #3780
- Bump com.theoryinpractise:clojure-maven-plugin from 1.8.4 to 1.9.3 by @dependabot in #3779
- Bump com.esotericsoftware:kryo from 5.6.0 to 5.6.2 by @dependabot in #3770
- Bump io.netty:netty-bom from 4.1.112.Final to 4.1.115.Final by @dependabot in #3783
- Bump org.clojars.runa:conjure from 2.1.3 to 2.2.0 by @dependabot in #3786
- Bump org.hamcrest:hamcrest from 2.2 to 3.0 by @dependabot in #3792
- Bump org.freemarker:freemarker from 2.3.25-incubating to 2.3.33 by @dependabot in #3788
- Bump org.apache.maven:maven-resolver-provider from 3.6.0 to 3.9.9 by @dependabot in #3787
- Bump commons-cli:commons-cli from 1.4 to 1.9.0 by @dependabot in #3789
- Bump com.zaxxer:HikariCP from 6.1.0 to 6.2.0 by @dependabot in #3790
- Bump com.google.auto.service:auto-service from 1.0-rc4 to 1.1.1 by @dependabot in #3791
Full Changelog: v2.7.0...v2.7.1
Contributors
reiabreu, rzo1, and 2 other contributors
Assets 2
Apache Storm 2.7.0
What's Changed
- STORM-4055 Kafka Consumer ConcurrentModificationException fix by @anand-h-codes in #3691
- STORM-4076 KafkaTridentSpoutEmitters can poll all partitions at once instead of one at a time by @anand-h-codes in #3679
- STORM-4081 - Bump metrics.version from 4.2.26 to 4.2.27 by @dependabot in #3689
- STORM-4082 - Bump prometheus.client.version from 1.3.0 to 1.3.1 by @dependabot in #3687
- STORM-4083 - Bump jetty.version from 11.0.21 to 11.0.23 by @dependabot in #3688
- STORM-4084 - Bump org.apache.commons:commons-compress from 1.26.0 to 1.27.1 by @dependabot in #3686
- STORM-4075 Supprt mTLS between Storm and ZK by @purushah in #3692
- Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.4.0 to 3.5.0 by @dependabot in #3696
- Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.2 by @dependabot in #3694
- Bump org.easytesting:fest-assert-core from 2.0M8 to 2.0M10 by @dependabot in #3693
- Bump org.apache.commons:commons-collections4 from 4.1 to 4.4 by @dependabot in #3695
- Use SHA for BLOB update instead of modification time by @paxadax in #3697
- STORM-4085 - Ensure that DownloadOrUpdate exception is caught by @paxadax in #3704
New Contributors
- @anand-h-codes made their first contribution in #3691
- @paxadax made their first contribution in #3697
Full Changelog: v2.6.4...v2.7.0
Contributors
purushah, dependabot, and 2 other contributors