Stay Informed

This week, read about:

• openSUSE: Slowroll.
• PostgreSQL 16 Released!
• CERN Swaps Out Databases To Feed Its Petabyte-a-Day Habit.
• OpenTF Forks Terraform, Insists HashiCorp Is The Splinter Group.
• Proactive Software Lifecycle Management for OSS.

Key Security, Maintenance, and Features Releases

Security Based Updates

Keycloack 22.0.3

• Security vulnerability when registering or updating user through templates
• A security vulnerability was introduced in Keycloak 22.0.2. We highly recommend not upgrading to 22.0.2, and for anyone that has deployed 22.0.2 in production to upgrade to 22.0.3 immediately.
• For users that has self-registered after Keycloak was upgraded to 22.0.2 their password is not stored securely, and can be exposed to administrators of Keycloak. This only affects users that has registered after the upgrade was rolled-out, and does not affect any previously registered users.
• Any realm using the preview declarative user profile is not affected by this issue, and only realms using the default user profile provider is affected.

Non-Security Based Updates

Artemis 2.31.0             
Bug:             
[ARTEMIS-4174] - JMX RMI connector-ports limited to localhost listen for remote connections             
[ARTEMIS-4370] - Publishing message with existing topic alias and different topic causes message to be sent to incorrect topic             
[ARTEMIS-4382] - CLI import / export may take a huge amount of time in large datasets.             
[ARTEMIS-4387] - Empty consumer filter string leak             
[ARTEMIS-4389] - The word "mesage" should be corrected to "message"             
[ARTEMIS-4390] - Windows build fails smoke tests on upgrade-linux             
[ARTEMIS-4394] - management console war file contains some duplicate jars             
[ARTEMIS-4397] - Problem with bootstrap.xml after artemis upgrade             
[ARTEMIS-4399] - Authentication cache set to size 0 (i.e. disabled) is not threadsafe             
[ARTEMIS-4400] - artemis-cdi-client: artemis-unit-test-support should be in test scope             
[ARTEMIS-4405] - Incorrect username logging in AMQ601264 events             
[ARTEMIS-4406] - connection router LocalCache persisted entry tracking is not thread safe            
[ARTEMIS-4410] - Openwire prefetched messages can be out of order after failover to an exclusive queue             
[ARTEMIS-4415] - org.apache.activemq.artemis.tests.integration.server.LVQTest#testMultipleMessages fails intermittently             
[ARTEMIS-4417] - AbstractJournalStorageManager storeKeyValuePair + deleteKeyValuePair are not thread safe             
[ARTEMIS-4418] - openwire lastDeliveredSequenceId depends on message order, it should not             
[ARTEMIS-4421] - Page Counters are not working before rebuild is done             
[ARTEMIS-4424] - "AMQ212025: did not connect the cluster" when bootstrapping a static cluster             
[ARTEMIS-4427] - MDB reusing Thread is using wrong transactionTimeout             
[ARTEMIS-4431] - AMQP federated address consumer not applying hops annotation correctly

New Feature:             
[ARTEMIS-3057] - Provide alternative to max-disk-usage to measure by remaining disk free             
[ARTEMIS-4159] - Support duplicate cache size configuration per address             
[ARTEMIS-4372] - Move CLI framework to picocli and implement auto-complete             
[ARTEMIS-4375] - JLine3 integration             
[ARTEMIS-4384] - CLI method to verify topology on all the nodes (cluster verify)             
[ARTEMIS-4385] - Expand queue stat to other members of the topology             
[ARTEMIS-4419] - Add broker federation support to the AMQP broker connection feature-set

Improvement:             
[ARTEMIS-966] - MQTT Session States do not survive a reboot             
[ARTEMIS-4349] - Replace Guava cache with Caffeine             
[ARTEMIS-4368] - ensure predictable order of subjects for accurate logging             
[ARTEMIS-4378] - Federation, ignore address policy when using pull consumer connection             
[ARTEMIS-4391] - tests: rework AssertionLoggerHandler             
[ARTEMIS-4396] - Make address/queue "internal" property durable             
[ARTEMIS-4398] - Support configuring Database with Broker Properties             
[ARTEMIS-4401] - Improving Paging & JDBC Performance             
[ARTEMIS-4404] - Update the artemis-docker readme.md with minor clarification on building local distribution             
[ARTEMIS-4408] - Update docker-run.sh for overriding etc folder after instance creation             
[ARTEMIS-4411] - Change log level from ActiveMQRALogger.instantiatingDestination to DEBUG             
[ARTEMIS-4428] - Expand default loggers configuration  

Apache Spark 3.5.0           
 Features and Enhancements:           
    SSE: DSNode to update result with names to make each value identifiable by labels (only Graphite and TestData.

Bug Fixes:           
    LDAP: Fix user disabling.

Apache Spark 3.5.0          
Highlights

• Scala and Go client support in Spark Connect SPARK-42554 SPARK-43351
• PyTorch-based distributed ML Support for Spark Connect SPARK-42471
• Structured Streaming support for Spark Connect in Python and Scala SPARK-42938
• Pandas API support for the Python Spark Connect Client SPARK-42497
• Introduce Arrow Python UDFs SPARK-40307
• Support Python user-defined table functions SPARK-43798
• Migrate PySpark errors onto error classes SPARK-42986
• PySpark Test Framework SPARK-44042
• Add support for Datasketches HllSketch SPARK-16484
• Built-in SQL Function Improvement SPARK-41231
• IDENTIFIER clause SPARK-43205
• Add SQL functions into Scala, Python and R API SPARK-43907
• Add named argument support for SQL functions SPARK-43922
• Avoid unnecessary task rerun on decommissioned executor lost if shuffle data migrated SPARK-41469
• Distributed ML <> spark connect SPARK-42471
• DeepSpeed Distributor SPARK-44264
• Implement changelog checkpointing for RocksDB state store SPARK-43421
• Introduce watermark propagation among operators SPARK-42376
• Introduce dropDuplicatesWithinWatermark SPARK-42931
• RocksDB state store provider memory management enhancements SPARK-43311

Spark Connect

• Refactoring of the sql module into sql and sql-api to produce a minimum set of dependencies that can be shared between the Scala Spark Connect client and Spark and avoids pulling all of the Spark transitive dependencies. SPARK-44273
• Introducing the Scala client for Spark Connect SPARK-42554
• Pandas API support for the Python Spark Connect Client SPARK-42497
• PyTorch-based distributed ML Support for Spark Connect SPARK-42471
• Structured Streaming support for Spark Connect in Python and Scala SPARK-42938
• Initial version of the Go client SPARK-43351
• Lot’s of compatibility improvements between Spark native and the Spark Connect clients across Python and Scala
• Improved debugability and request handling for client applications (asynchronous processing, retries, long-lived queries)

Spark SQL          
Features

• Add metadata column file block start and length SPARK-42423
• Support positional parameters in Scala/Java sql() SPARK-44066
• Add named parameter support in parser for function calls SPARK-43922
• Support SELECT DEFAULT with ORDER BY, LIMIT, OFFSET for INSERT source relation SPARK-43071
• Add SQL grammar for PARTITION BY and ORDER BY clause after TABLE arguments for TVF calls SPARK-44503
• Include column default values in DESCRIBE and SHOW CREATE TABLE output SPARK-42123
• Add optional pattern for Catalog.listCatalogs SPARK-43792
• Add optional pattern for Catalog.listDatabases SPARK-43881
• Callback when ready for execution SPARK-44145
• Support Insert By Name statement SPARK-42750
• Add call_function for Scala API SPARK-44131
• Stable derived column aliases SPARK-40822
• Support general constant expressions as CREATE/REPLACE TABLE OPTIONS values SPARK-43529
• Support subqueries with correlation through INTERSECT/EXCEPT SPARK-36124
• IDENTIFIER clause SPARK-43205
• ANSI MODE: Conv should return an error if the internal conversion overflows SPARK-42427

Functions

• Add support for Datasketches HllSketch SPARK-16484
• Support the CBC mode by aes_encrypt()/aes_decrypt() SPARK-43038
• Support TABLE argument parser rule for TableValuedFunction SPARK-44200
• Implement bitmap functions SPARK-44154
• Add the try_aes_decrypt() function SPARK-42701
• array_insert should fail with 0 index SPARK-43011
• Add to_varchar alias for to_char SPARK-43815
• High-order function: array_compact implementation SPARK-41235
• Add analyzer support of named arguments for built-in functions SPARK-44059
• Add NULLs for INSERTs with user-specified lists of fewer columns than the target table SPARK-42521
• Adds support for aes_encrypt IVs and AAD SPARK-43290
• DECODE function returns wrong results when passed NULL SPARK-41668
• Support udf ‘luhn_check’ SPARK-42191
• Support implicit lateral column alias resolution on Aggregate SPARK-41631
• Support implicit lateral column alias in queries with Window SPARK-42217
• Add 3-args function aliases DATE_ADD and DATE_DIFF SPARK-43492

Data Sources

• Char/Varchar Support for JDBC Catalog SPARK-42904
• Support Get SQL Keywords Dynamically Thru JDBC API and TVF SPARK-43119
• DataSource V2: Handle MERGE commands for delta-based sources SPARK-43885
• DataSource V2: Handle MERGE commands for group-based sources SPARK-43963
• DataSource V2: Handle UPDATE commands for group-based sources SPARK-43975
• DataSource V2: Allow representing updates as deletes and inserts SPARK-43775
• Allow jdbc dialects to override the query used to create a table SPARK-41516
• SPJ: Support partially clustered distribution SPARK-42038
• DSv2 allows CTAS/RTAS to reserve schema nullability SPARK-43390
• Add spark.sql.files.maxPartitionNum SPARK-44021
• Handle UPDATE commands for delta-based sources SPARK-43324
• Allow V2 writes to indicate advisory shuffle partition size SPARK-42779
• Support lz4raw compression codec for Parquet SPARK-43273
• Avro: writing complex unions SPARK-25050
• Speed up Timestamp type inference with user-provided format in JSON/CSV data source SPARK-39280
• Avro to Support custom decimal type backed by Long SPARK-43901
• Avoid shuffle in Storage-Partitioned Join when partition keys mismatch, but join expressions are compatible SPARK-41413
• Change binary to unsupported dataType in CSV format SPARK-42237
• Allow Avro to convert union type to SQL with field name stable with type SPARK-43333
• Speed up Timestamp type inference with legacy format in JSON/CSV data source SPARK-39281

Query Optimization

• Subexpression elimination support shortcut expression SPARK-42815
• Improve join stats estimation if one side can keep uniqueness SPARK-39851
• Introduce the group limit of Window for rank-based filter to optimize top-k computation SPARK-37099
• Fix behavior of null IN (empty list) in optimization rules SPARK-44431
• Infer and push down window limit through window if partitionSpec is empty SPARK-41171
• Remove the outer join if they are all distinct aggregate functions SPARK-42583
• Collapse two adjacent windows with the same partition/order in subquery SPARK-42525
• Push down limit through Python UDFs SPARK-42115
• Optimize the order of filtering predicates SPARK-40045

Code Generation and Query Execution

• Runtime filter should supports multi level shuffle join side as filter creation side SPARK-41674
• Codegen Support for HiveSimpleUDF SPARK-42052
• Codegen Support for HiveGenericUDF SPARK-42051
• Codegen Support for build side outer shuffled hash join SPARK-44060
• Implement code generation for to_csv function (StructsToCsv) SPARK-42169
• Make AQE support InMemoryTableScanExec SPARK-42101
• Support left outer join build left or right outer join build right in shuffled hash join SPARK-36612
• Respect RequiresDistributionAndOrdering in CTAS/RTAS SPARK-43088
• Coalesce buckets in join applied on broadcast join stream side SPARK-43107
• Set nullable correctly on coalesced join key in full outer USING join SPARK-44251
• Fix IN subquery ListQuery nullability SPARK-43413

Other Notable Changes

• Set nullable correctly for keys in USING joins SPARK-43718
• Fix COUNT(*) is null bug in correlated scalar subquery SPARK-43156
• Dataframe.joinWith outer-join should return a null value for unmatched row SPARK-37829
• Automatically rename conflicting metadata columns SPARK-42683
• Document the Spark SQL error classes in user-facing documentation SPARK-42706

PySpark          
Features

• Support positional parameters in Python sql() SPARK-44140
• Support parameterized SQL by sql() SPARK-41666
• Support Python user-defined table functions SPARK-43797
• Support to set Python executable for UDF and pandas function APIs in workers during runtime SPARK-43574
• Add DataFrame.offset to PySpark SPARK-43213
• Implement dir() in pyspark.sql.dataframe.DataFrame to include columns SPARK-43270
• Add option to use large variable width vectors for arrow UDF operations SPARK-39979
• Make mapInPandas / mapInArrow support barrier mode execution SPARK-42896
• Add JobTag APIs to PySpark SparkContext SPARK-44194
• Support for Python UDTF to analyze in Python SPARK-44380
• Expose TimestampNTZType in pyspark.sql.types SPARK-43759
• Support nested timestamp type SPARK-43545
• Support UserDefinedType in createDataFrame from pandas DataFrame and toPandas [SPARK-43817]SPARK-43702
• Add descriptor binary option to Pyspark Protobuf API SPARK-43799
• Accept generics tuple as typing hints of Pandas UDF SPARK-43886
• Add array_prepend function SPARK-41233
• Add assertDataFrameEqual util function SPARK-44061
• Support arrow-optimized Python UDTFs SPARK-43964
• Allow custom precision for fp approx equality SPARK-44217
• Make assertSchemaEqual API public SPARK-44216
• Support fill_value for ps.Series SPARK-42094
• Support struct type in createDataFrame from pandas DataFrame SPARK-43473

Other Notable Changes

• Add autocomplete support for df[     ] in pyspark.sql.dataframe.DataFrame [SPARK-43892]
• Deprecate & remove the APIs that will be removed in pandas 2.0 [SPARK-42593]
• Make Python the first tab for code examples - Spark SQL, DataFrames and Datasets Guide SPARK-42493
• Updating remaining Spark documentation code examples to show Python by default SPARK-42642
• Use deduplicated field names when creating Arrow RecordBatch [SPARK-41971]
• Support duplicated field names in createDataFrame with pandas DataFrame [SPARK-43528]
• Allow columns parameter when creating DataFrame with Series [SPARK-42194]

Core

• Schedule mergeFinalize when push merge shuffleMapStage retry but no running tasks SPARK-40082
• Introduce PartitionEvaluator for SQL operator execution SPARK-43061
• Allow ShuffleDriverComponent to declare if shuffle data is reliably stored SPARK-42689
• Add max attempts limitation for stages to avoid potential infinite retry SPARK-42577
• Support log level configuration with static Spark conf SPARK-43782
• Optimize PercentileHeap SPARK-42528
• Add reason argument to TaskScheduler.cancelTasks SPARK-42602
• Avoid unnecessary task rerun on decommissioned executor lost if shuffle data migrated SPARK-41469
• Fixing accumulator undercount in the case of the retry task with rdd cache SPARK-41497
• Use RocksDB for spark.history.store.hybridStore.diskBackend by default SPARK-42277
• Support spark.kubernetes.setSubmitTimeInDriver SPARK-43014
• NonFateSharingCache wrapper for Guava Cache SPARK-43300
• Improve the performance of MapOutputTracker.updateMapOutput SPARK-43043
• Allowing apps to control whether their metadata gets saved in the db by the External Shuffle Service SPARK-43179
• Port executor failure tracker from Spark on YARN to K8s SPARK-41210
• Parameterize the max number of attempts for driver props fetcher in KubernetesExecutorBackend SPARK-42764
• Add SPARK_DRIVER_POD_IP env variable to executor pods SPARK-42769
• Mounts the hadoop config map on the executor pod SPARK-43504

Structured Streaming

• Add support for tracking pinned blocks memory usage for RocksDB state store SPARK-43120
• Add RocksDB state store provider memory management enhancements SPARK-43311
• Introduce dropDuplicatesWithinWatermark SPARK-42931
• Introduce a new callback onQueryIdle() to StreamingQueryListener SPARK-43183
• Add option to skip commit coordinator as part of StreamingWrite API for DSv2 sources/sinks SPARK-42968
• Introduce a new callback “onQueryIdle” to StreamingQueryListener SPARK-43183
• Implement Changelog based Checkpointing for RocksDB State Store Provider SPARK-43421
• Add support for WRITE_FLUSH_BYTES for RocksDB used in streaming stateful operators SPARK-42792
• Add support for setting max_write_buffer_number and write_buffer_size for RocksDB used in streaming SPARK-42819
• RocksDB StateStore lock acquisition should happen after getting input iterator from inputRDD SPARK-42566
• Introduce watermark propagation among operators SPARK-42376
• Cleanup orphan sst and log files in RocksDB checkpoint directory SPARK-42353
• Expand QueryTerminatedEvent to contain error class if it exists in exception SPARK-43482

ML 

• Support Distributed Training of Functions Using Deepspeed SPARK-44264
• Base interfaces of sparkML for spark3.5: estimator/transformer/model/evaluator SPARK-43516
• Make MLv2 (ML on spark connect) supports pandas >= 2.0 SPARK-43783
• Update MLv2 Transformer interfaces SPARK-43516
• New pyspark ML logistic regression estimator implemented on top of distributor SPARK-43097
• Add Classifier.getNumClasses back SPARK-42526
• Write a Deepspeed Distributed Learning Class DeepspeedTorchDistributor SPARK-44264
• Basic saving / loading implementation for ML on spark connect SPARK-43981
• Improve logistic regression model saving SPARK-43097
• Implement pipeline estimator for ML on spark connect SPARK-43982
• Implement cross validator estimator SPARK-43983
• Implement classification evaluator SPARK-44250
• Make PyTorch Distributor compatible with Spark Connect SPARK-42993

UI

• Add a Spark UI page for Spark Connect SPARK-44394
• Support Heap Histogram column in Executors tab SPARK-44153
• Show error message on UI for each failed query SPARK-44367
• Display Add/Remove Time of Executors on Executors Tab SPARK-44309

Elasticsearch 8.10.1         
Bug Fixes         
Aggregations:     
Use long in Centroid count #99491 (issue: #80153)

Infra/Core:       
Fix deadlock between Cache.put and Cache.invalidateAll #99480 (issue: #99326)

Infra/Node Lifecycle:         
Fork computation in TransportGetShutdownStatusAction #99490 (issue: #99487)

Search:         
Fix PIT when resolving with deleted indices #99281

Grafana 10.1.0        
Flame graph improvements        
Generally available in all editions of Grafana        
We’ve added four new features to the Flame graph visualization:

• Sandwich view: You can now show a sandwich view of any symbol in the flame graph. Sandwich view shows all the callers on the top and all the callees of the symbol on the bottom. This is useful when you want to see the context of a symbol.
• Switching color scheme: You can now switch color scheme between a color gradient based on the relative value of a symbol or by the package name of a symbol.
• Switching symbol name alignment: Symbols with long names may be hard to differentiate if they have the same prefix. This new option allows you to align the text to the left or right so you can see the part of the symbol name that’s important.
• Improved navigation: You can highlight a symbol or enable sandwich view for a symbol from the table. Also, a new status bar on top of the flame graph displays which views are enabled.

Jenkins 2.423       
Move node monitoring option to app bar. (pull 8381)       
Symbols display in breadcrumbs now. (issue 71983)       
Developer: make branding an extension via SimplePageDecorator. (pull 8462)

Kibana 8.10.1      
Bug Fixes     
Dashboard:   
Fixes content editor flyout footer (#165907).

Elastic Security:      
For the Elastic Security 8.10.1 release information, refer to Elastic Security Solution Release Notes.

Fleet:      
Show snapshot version in agent upgrade modal and allow custom values (#165978).

Observability:      
Fix(slo): Use comma-separarted list of source index for transform (#166294).

Presentation:      
Fixes air-gapped enviroment hitting 400 error when loading fonts for layer (#165986).

Kubernetes 1.28.2     
API Change

• Fixed a bug where CEL expressions in CRD validation rules would incorrectly compute a high estimated cost for functions that return strings, lists or maps. The incorrect cost was evident when the result of a function was used in subsequent operations.
• Mark Job onPodConditions as optional in pod failure policy

Feature

• Kubernetes is now built with Go 1.20.8

Bug or Regression

• Fix OpenAPI v3 not being cleaned up after deleting APIServices
• Fix a 1.28 regression in scheduler: a pod with concurrent events could incorrectly get moved to the unschedulable queue where it could got stuck until the next periodic purging after 5 minutes if there was no other event for it.
• Fix a concurrent map access in TopologyCache's HasPopulatedHints method.
• Fixed a 1.26 regression scheduling bug by ensuring that preemption is skipped when a PreFilter plugin returns UnschedulableAndUnresolvable
• Fixed a 1.27 scheduling regression that PostFilter plugin may not function if previous PreFilter plugins return Skip
• Fixed a 1.28 regression around restarting init containers in the right order relative to normal containers
• Fixed a regression in default 1.27 configurations in kube-apiserver: fixed the AggregatedDiscoveryEndpoint feature (beta in 1.27+) to successfully fetch discovery information from aggregated API servers that do not check Acceptheaders when serving the /apis endpoint
• Fixes a 1.28 regression handling negative index json patches
• Fixes a bug where images pinned by the container runtime can be garbage collected by kubelet.
• Ignore context canceled from validate and mutate webhook
• Kubeadm: fix nil pointer when etcd member is already removed

Logstash 8.10.1    
No user-facing changes in Logstash core and plugins.

Nodejs 20.7.0   
Notable Changes:   
- src: support multiple --env-file declarations   
- crypto: update root certificates to NSS 3.93   
- deps: upgrade npm to 10.1.0   
- (SEMVER-MINOR) deps: upgrade npm to 10.0.0   
- doc: move and rename loaders section   
- doc: add release key for Ulises Gascon   
- (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled   
- src,permission: add multiple allow-fs-* flags   
- (SEMVER-MINOR) test_runner: expose location of tests

PostgreSQL 16  
Performance Improvements

• PostgreSQL 16 improves the performance of existing PostgreSQL functionality through new query planner optimizations. In this latest release, the query planner can parallelize FULL and RIGHT joins, generate better optimized plans for queries that use aggregate functions with a DISTINCT or ORDER BY clause, utilize incremental sorts for SELECT DISTINCT queries, and optimize window functions so they execute more efficiently. It also improves RIGHT and OUTER "anti-joins", which enables users to identify rows not present in a joined table.
• This release includes improvements for bulk loading using COPY in both single and concurrent operations, with tests showing up to a 300% performance improvement in some cases. PostgreSQL 16 adds support for load balancing in clients that use libpq, and improvements to vacuum strategy that reduce the necessity of full-table freezes. Additionally, PostgreSQL 16 introduces CPU acceleration using SIMD in both x86 and ARM architectures, resulting in performance gains when processing ASCII and JSON strings, and performing array and subtransaction searches.

Logical Replication

• Logical replication lets users stream data to other PostgreSQL instances or subscribers that can interpret the PostgreSQL logical replication protocol. In PostgreSQL 16, users can perform logical replication from a standby instance, meaning a standby can publish logical changes to other servers. This provides developers with new workload distribution options, for example, using a standby rather than the busier primary to logically replicate changes to downstream systems.
• Additionally, there are several performance improvements in PostgreSQL 16 to logical replication. Subscribers can now apply large transactions using parallel workers. For tables that do not have a primary key, subscribers can use B-tree indexes instead of sequential scans to find rows. Under certain conditions, users can also speed up initial table synchronization using the binary format.
• There are several access control improvements to logical replication in PostgreSQL 16, including the new predefined role pg_create_subscription, which grants users the ability to create new logical subscriptions. Finally, this release begins adding support for bidirectional logical replication, introducing functionality to replicate data between two tables from different publishers.

Developer Experience

• PostgreSQL 16 adds more syntax from the SQL/JSON standard, including constructors and predicates such as JSON_ARRAY(), JSON_ARRAYAGG(), and IS JSON. This release also introduces the ability to use underscores for thousands separators (e.g. 5_432_000) and non-decimal integer literals, such as 0x1538, 0o12470, and 0b1010100111000.
• Developers using PostgreSQL 16 also benefit from new commands in psql. This includes \bind, which allows users to prepare parameterized queries and use \bind to substitute the variables (e.g SELECT $1::int + $2::int \bind 1 2 \g).
• PostgreSQL 16 improves general support for text collations, which provide rules for how text is sorted. PostgreSQL 16 builds with ICU support by default, determines the default ICU locale from the environment, and allows users to define custom ICU collation rules.

Monitoring

• A key aspect of tuning the performance of database workloads is understanding the impact of your I/O operations on your system. PostgreSQL 16 introduces pg_stat_io, a new source of key I/O metrics for granular analysis of I/O access patterns.
• Additionally, this release adds a new field to the pg_stat_all_tables view that records a timestamp representing when a table or index was last scanned. PostgreSQL 16 also makes auto_explain more readable by logging values passed into parameterized statements, and improves the accuracy of the query tracking algorithm used by pg_stat_statements and pg_stat_activity.

Access Control & Security

• PostgreSQL 16 provides finer-grained options for access control and enhances other security features. The release improves management of pg_hba.conf and pg_ident.conf files, including allowing regular expression matching for user and database names and include directives for external configuration files.
• This release adds several security-oriented client connection parameters, including require_auth, which allows clients to specify which authentication parameters they are willing to accept from a server, and sslrootcert="system", which indicates that PostgreSQL should use the trusted certificate authority (CA) store provided by the client's operating system. Additionally, the release adds support for Kerberos credential delegation, allowing extensions such as postgres_fdw and dblink to use authenticated credentials to connect to trusted services.

RabbitMQ 3.11.23 
Core Server Bug Fixes

• High consumer churn with reused consumer tag on quorum queues could result in some messages not being delivered 
  after a period of time.

This did not affect environments where consumer churn does not exist or where it does but consumer tags vary.

• Three environment variables, LOG_BASE, MNESIA_BASE, CONFIG_FILE, were not picked up when set in 
  rabbitmq-env-conf.bat on Windows.
• Avoids a potential exception when autoheal partition handling process was initiated.