Skip to content

Bump github.com/nats-io/nats-server/v2 from 2.12.6 to 2.12.7#4196

Merged
reinkrul merged 1 commit intomasterfrom
dependabot/go_modules/github.com/nats-io/nats-server/v2-2.12.7
Apr 16, 2026
Merged

Bump github.com/nats-io/nats-server/v2 from 2.12.6 to 2.12.7#4196
reinkrul merged 1 commit intomasterfrom
dependabot/go_modules/github.com/nats-io/nats-server/v2-2.12.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 15, 2026
edited
Loading

Bumps github.com/nats-io/nats-server/v2 from 2.12.6 to 2.12.7.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.12.7

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

Dependencies

  • github.com/nats-io/nats.go v1.50.0 (#8000)

CVEs

  • TBD

Improved

JetStream

  • Purging subjects from a stream now only loads filestore blocks within the range of where those subjects appear (#8004)
  • Multi-filtered load next or previous message code paths now correctly identify single subject filters or full wildcards and switch to optimized paths (#8012, 8013)
  • The max_mem_store and max_file_store configuration options can now be increased (but not decreased) via config reload (#8014)

Fixed

General

  • no_auth_user is now restricted to client connections only
  • Overlapping wildcard patterns in ACL deny patterns are now enforced correctly
  • Queue subscriptions can no longer incorrectly bypass non-queue ACL deny patterns

Leafnodes

  • Pre-CONNECT guard improvements for leafnode connections, fixing a potential panic
  • ACL permissions are now correctly enforced for inbound leaf messages in all cases
  • Duplicate INFO permissions updates are now only accepted for solicited leaf connections
  • The max_payload limit is now correctly enforced for leafnode connections
  • A panic on leafnode connect when failing to resolve an account has been fixed (#7991)

JetStream

  • Consumer max_ack_pending should no longer become stuck due to deleted messages being left in the consumer pending state (#7984)
  • When scaling up a stream and adding subjects at the same time, the new subject filters are now correctly subscribed (#8003)
  • Filestore caches are no longer expired and evicted from memory too eagerly after a recent write (#8009)
  • Stream leaders can catch up from a snapshot if required (#8021)

MQTT

... (truncated)

Commits
  • b4ce0f9 Release v2.12.7
  • 195b07a Fix fast-path no_auth_user for WebSockets where WS-specific account configured
  • 213391e [FIXED] Stream leader can catchup from snapshot if required
  • e0b0bda Release v2.12.7-RC.3
  • d2c6139 Cherry-picks for 2.12.7-RC.3 (#79)
  • 97a3f84 Update to Go 1.25.9
  • a824f30 [IMPROVED] Allow reloading increased max memory and store
  • 56548be LoadNextMsgMulti and LoadPrevMsgMulti use fast path for single filter
  • b1776c6 Add MatchesSingleFilter to generic sublist
  • 807d653 Complete filtered LoadPrevMsg implementation
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 15, 2026
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 15, 2026
@qltysh
Copy link
Copy Markdown

qltysh bot commented Apr 15, 2026
edited
Loading

Qlty


Coverage Impact

⬇️ Merging this pull request will decrease total coverage on master by 0.03%.

🚦 See full report on Qlty Cloud »

🛟 Help

  • Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

  • Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

  • File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

    • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.

@reinkrul
Copy link
Copy Markdown
Member

reinkrul commented Apr 16, 2026

@dependabot rebase

@dependabot
Bump github.com/nats-io/nats-server/v2 from 2.12.6 to 2.12.7
270b177 
Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.12.6 to 2.12.7.
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.12.6...v2.12.7)

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.12.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/nats-io/nats-server/v2-2.12.7 branch from d02d1a8 to 270b177 Compare April 16, 2026 13:04
@reinkrul reinkrul merged commit eefe256 into master Apr 16, 2026
9 checks passed
@reinkrul reinkrul deleted the dependabot/go_modules/github.com/nats-io/nats-server/v2-2.12.7 branch April 16, 2026 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reinkrul reinkrul reinkrul approved these changes

@woutslakhorst woutslakhorst Awaiting requested review from woutslakhorst woutslakhorst is a code owner

@gerardsn gerardsn Awaiting requested review from gerardsn gerardsn is a code owner

@stevenvegt stevenvegt Awaiting requested review from stevenvegt stevenvegt is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reinkrul