Skip to main content

72.0.0

· 13 min read

Changed

  • all services: Update the enable-service-instances-aws-instance-profiles.yml Ops file to extend the list of vm_extensions instead of overwriting it.
  • all services: a9s Backup Agent: Improve backup connection handling with automatic retries for temporary backup storage errors.
  • a9s-pg: Update the enable-service-instances-aws-instance-profiles.yml Ops file to extend the list of vm_extensions instead of overwriting it.
  • a9s Backup Services: Update the enable-backup-services-aws-instance-profiles Ops file to extend the list of vm_extensions for the a9s Backup Manager and a9s Backup Monit instead of overwriting it.
  • a9s Backup Services: a9s Backup Manager: Improve backup connection handling with automatic retries for temporary backup storage errors.
  • a9s MongoDB: a9s MongoDB SPI: Consolidate logging into one file.
  • a9s Service Broker: Instance deletion Rake task now handles potential state inconsistency when communicating with a9s Deployer.
  • docs: all services: Extend admonitions within the a9s Backup Manager documentation, to explicitly state the limitations of automatic/periodic backups when a Service Instance has been stopped. For more information, see a9s Backup Manager - Properties.
  • docs: all services: Extend the documentation of the Stop/Start feature, to better explain the current limitations, expected behavior, and extend the cross-referencing within the pages. For more information, see Stop/Start.
  • docs: Application Developer: a9s Public API: Restructure the API V1 Endpoints page into a new section, divided into subpages by topic. For more information, see API V1 Endpoints.
  • docs: Platform Operator: a9s Backup Services: Update the examples to use AWS IAM Instance Profiles via Ops file to extend the list of vm_extensions instead of overwriting it. For more information, see Using AWS Instance Profiles.
  • BOSH stemcell: all services: Update Jammy stemcell to version 1.1183 for internal tests of all supported services.

Updated Dependencies

  • all services:
    • a9s Bee:
      • Update dependencies to resolve GO CVEs.
    • a9s Public API:
      • a9s-beehive to v1.2.6.
      • krakend-custom-plugins to v2.13.4.
      • krakend to v2.13.4.
      • nginx to v1.30.0.
      • Update internal dependencies.
    • bpm to v1.4.29.
    • logstash to v8.19.14.
    • nginx:
      • nginx to v1.30.0.
    • routing to v0.379.0.
    • a9s Backup Agent: Update internal dependencies.
    • a9s BOSH Deployer: Update internal dependencies.
    • a9s Service Broker: Update internal dependencies.
    • a9s Smoke Tests:
      • Update internal dependencies.
    • a9s SPIs: Update internal dependencies.
  • a9s-pg: Update internal dependencies.
  • a9s Backup Services:
    • a9s Backup Manager: Update internal dependencies.
    • a9s Backup Monit: Update internal dependencies.
  • a9s Billing: Update internal dependencies.
  • a9s CF Service Guard: Update internal dependencies.
  • a9s MariaDB:
    • a9s MariaDB 10.6:
      • Update internal dependencies.
    • a9s MariaDB 10.11:
      • Update internal dependencies.
  • a9s Messaging:
    • a9s Messaging 3.8:
      • Update internal dependencies.
    • a9s Messaging 3.10:
      • Update internal dependencies.
    • a9s Messaging 3.12:
      • Update internal dependencies.
    • a9s Messaging 3.13:
      • Update internal dependencies.
    • a9s Messaging 4:
      • erlang to v27.3.4.11.
      • rabbitmq to v4.2.6
      • Update internal dependencies.
  • a9s MongoDB:
    • a9s MongoDB 8:
      • mongosh to v2.8.2.
    • a9s MongoDB 7:
      • mongosh to v2.8.2.
  • a9s MySQL:
    • a9s MariaDB 10.4:
      • Update internal dependencies.
  • a9s PostgreSQL:
    • a9s PostgreSQL 17:
      • postgresql-info-webservice to v3.8.4
      • Update internal dependencies.
    • a9s PostgreSQL 15:
      • postgresql-info-webservice to v3.8.4
      • Update internal dependencies.
    • a9s PostgreSQL 13:
      • postgresql-info-webservice to v3.8.4
      • cmake3 to v3.31.12
      • Update internal dependencies.
  • a9s Prometheus:
    • prometheus2:
      • alertmanager to v0.32.0
      • memcached_exporter to v0.16.0
      • influxdb_exporter to v0.12.1
      • Update internal dependencies.
    • prometheus-legacy:
      • alertmanager to v0.32.0
      • memcached_exporter to v0.16.0
      • influxdb_exporter to v0.12.1
      • Update internal dependencies.
    • promgraf2:
      • alertmanager to v0.32.0
      • memcached_exporter to v0.16.0
      • influxdb_exporter to v0.12.1
      • Update internal dependencies.

Deprecated

  • breaking change all services: Deprecation: Deprecate the a9s Environment Info service.

    The whole a9s Environment Info service will be discontinued and no new versions will be released for it. Please ensure that any internal usage of this component is appropriately removed.

    This direct deprecation phase will be followed by immediate removal, planned for the release v73.0.0 (expected end of May 2026). Therefore, we strongly recommend that any and all adjustments are made, if necessary, soon as possible and to complete them before upgrading to v73.0.0.

    To inquire about extended support for a deprecated component, please get in contact with our sales department at sales@anynines.com.

Fixed

  • a9s MongoDB: a9s MongoDB SPI: Introduce a timeout for the Mongo client. This was done to prevent the client from infinitely calling any unreachable MongoDB Service Instance, which would exhaust the SPI VM resources.
  • docs: Platform Operator: Fix incorrect statements regarding the blocking of Maintenance Updates. Previously, the admonition provided misleading information about the types of updates the feature is concerned with. For more information, see Block Maintenance Updates

Security

  • all services:
    • a9s Backup Agent:
      • Fix CVE-2026-34827.
      • Fix CVE-2026-34829.
  • all services:
    • a9s BOSH Deployer:
      • Fix CVE-2026-34827.
      • Fix CVE-2026-34829.
  • all services:
    • a9s Logstash: Fix CVE-2026-33466.
  • all services:
    • a9s Public API:
      • Fix CVE-2026-34827.
      • Fix CVE-2026-34829.
      • Fix CVE-2026-35611.
  • all services:
    • a9s Service Broker:
      • Fix CVE-2026-34827.
      • Fix CVE-2026-34829.
      • Fix CVE-2026-35611.
  • all services:
    • a9s Service Dashboard:
      • Fix CVE-2026-33937.
      • Fix CVE-2026-33941.
      • Fix CVE-2026-33940.
      • Fix CVE-2026-33939.
      • Fix CVE-2026-33938.
      • Fix CVE-2026-33891.
      • Fix CVE-2026-33895.
      • Fix CVE-2026-33894.
      • Fix CVE-2026-33896.
      • Fix CVE-2026-4800.
  • all services:
    • a9s Smoke Tests:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
  • all services:
    • a9s Bee:
      • Fix CVE-2026-27140.
      • Fix CVE-2026-27143.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • a9s SPIs:
      • Fix CVE-2026-34827.
      • Fix CVE-2026-34829.
      • Fix CVE-2026-35611.
  • a9s-pg:
    • Fix CVE-2025-70873.
    • Fix CVE-2026-27143.
    • Fix CVE-2026-27140.
    • Fix CVE-2026-32280.
    • Fix CVE-2026-32281.
    • Fix CVE-2026-32283.
    • Fix CVE-2026-27144.
  • a9s Backup Services:
    • a9s Backup Manager:
      • Fix CVE-2026-34827.
      • Fix CVE-2026-34829.
    • a9s Backup Monit:
      • Fix CVE-2026-34827.
      • Fix CVE-2026-34829.
  • a9s Billing: Fix CVE-2026-22860.
  • a9s CF Service Guard:
    • Fix CVE-2026-34827.
    • Fix CVE-2026-34829.
  • a9s MariaDB:
    • a9s MariaDB 10.4:
      • Fix CVE-2025-4674.
      • Fix CVE-2025-58187.
      • Fix CVE-2025-58188.
      • Fix CVE-2025-61723.
      • Fix CVE-2026-25679.
      • Fix CVE-2026-27137.
      • Fix CVE-2026-27142.
    • a9s MariaDB 10.6:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • a9s MariaDB 10.11:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
  • a9s Messaging:
    • a9s Messaging 3.8:
      • Fix CVE-2025-4674.
      • Fix CVE-2025-58187.
      • Fix CVE-2025-58188.
      • Fix CVE-2025-61723.
      • Fix CVE-2026-25679.
      • Fix CVE-2026-27137.
      • Fix CVE-2026-27142.
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • a9s Messaging 3.10:
      • Fix CVE-2025-4674.
      • Fix CVE-2025-58187.
      • Fix CVE-2025-58188.
      • Fix CVE-2025-61723.
      • Fix CVE-2026-25679.
      • Fix CVE-2026-27137.
      • Fix CVE-2026-27142.
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • a9s Messaging 3.12:
      • Fix CVE-2025-4674.
      • Fix CVE-2025-58187.
      • Fix CVE-2025-58188.
      • Fix CVE-2025-61723.
      • Fix CVE-2026-25679.
      • Fix CVE-2026-27137.
      • Fix CVE-2026-27142.
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • a9s Messaging 3.13:
      • Fix CVE-2025-4674.
      • Fix CVE-2025-58187.
      • Fix CVE-2025-58188.
      • Fix CVE-2025-61723.
      • Fix CVE-2026-25679.
      • Fix CVE-2026-27137.
      • Fix CVE-2026-27142.
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • a9s Messaging 4:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
  • a9s MongoDB:
    • a9s MongoDB SPI: Fix CVEs:
      • CVE-2026-34829.
      • CVE-2026-34827.
  • a9s MySQL:
    • a9s MariaDB 10.4:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
  • a9s PostgreSQL:
    • a9s PostgreSQL 17:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • a9s PostgreSQL 15:
      • Fix CVE-2025-70873.
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • a9s PostgreSQL 13:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
      • Fix CVE-2025-4674.
      • Fix CVE-2025-58187.
      • Fix CVE-2025-58188.
      • Fix CVE-2025-61723.
      • Fix CVE-2026-25679.
      • Fix CVE-2026-27137.
      • Fix CVE-2026-27142.
    • a9s PostgreSQL 11:
      • Fix CVE-2025-4674.
      • Fix CVE-2025-58187.
      • Fix CVE-2025-58188.
      • Fix CVE-2025-61723.
      • Fix CVE-2026-25679.
      • Fix CVE-2026-27137.
      • Fix CVE-2026-27142.
    • a9s PostgreSQL 10:
      • Fix CVE-2025-4674.
      • Fix CVE-2025-58187.
      • Fix CVE-2025-58188.
      • Fix CVE-2025-61723.
      • Fix CVE-2026-25679.
      • Fix CVE-2026-27137.
      • Fix CVE-2026-27142.
  • a9s Prometheus:
    • prometheus2:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • prometheus-legacy:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.
    • promgraf2:
      • Fix CVE-2026-27143.
      • Fix CVE-2026-27140.
      • Fix CVE-2026-32280.
      • Fix CVE-2026-32281.
      • Fix CVE-2026-32283.
      • Fix CVE-2026-27144.

Upcoming

  • a9s Messaging: Version Upgrade with Breaking Changes planned for v73.0.0 (End of May 2026):

    Within a9s Messaging 4, RabbitMQ 4.2 will be replaced with RabbitMQ 4.3. There are now Breaking Changes between Minor Versions of RabbitMQ 4, which usually only affect the client side, but require attention. Nevertheless, these RabbitMQ Minor Versions will be released as Minor Versions of a9s Messaging 4.

    Due to recent changes in the RabbitMQ release policy, Minor Versions of RabbitMQ 4 now have a maintenance overlap period of 3 months. Previous versions of RabbitMQ 4 did not have any maintenance overlap period.

    RabbitMQ 4.2 will be supported by the vendor until the 31st of July.

    As a consequence of the Data Service vendor's decision to make the maintenance overlap periods for the open source version of RabbitMQ 4 unusually short, we have decided with the release of a9s Messaging 4 to treat each minor version of RabbitMQ 4 as a minor version of a9s Messaging 4 as well, although some breaking changes between these minor versions may occur.

    Therefore we do not follow our usual process for releasing, deprecating and unsupporting these versions as Major Versions: RabbitMQ 4.2 will not be deprecated and unsupported with our default processes, due to the aforementioned situation.

    The version upgrade from RabbitMQ 4.2 to 4.3 will be handled as fully automatic in-place upgrade of the a9s Messaging 4 Service Instances, as is currently the case for all minor version upgrades of our Data Services. Thus, RabbitMQ 4.2 will be unsupported, as soon as RabbitMQ 4.3 is available with a9s Data Services.

    a9s Data Service will only support one minor version of RabbitMQ 4 (offered as a9s Messaging 4) at any given time.

    Please take the necessary steps now to ensure compatibility with the new RabbitMQ Minor Version to be shipped with v73.0.0, which will be released at the end of May 2026.

    The following Breaking Changes must be considered and the Recommended Actions must be taken before upgrading to v73.0.0. We recommend to take care of these changes immediately to ensure a smooth transition.

    • Classic Queues v1 Storage (CQv1) is Removed

      Starting with RabbitMQ 4, all classic queues will be automatically converted to version 2 (CQv2), even if they are defined as version 1 (CQv1). If there are existing version 1 (CQv1) queues, they will be converted at RabbitMQ service start.

      RabbitMQ 4.3 removes the original classic queue storage implementation these days known as CQv1. This will lead to all attempts to fail that try to create classic queues with the following parameters:

      • x-queue-mode set to any value
      • x-queue-version set to 1

      All applications or automations that should be adapted to not set those parameters for the declaration of queues.

    • Consumer Timeout

      Starting with RabbitMQ 4.3, quorum queues will support configurable consumer timeouts. For more information, please see the RabbitMQ 4.3 documentation of the vendor.

      In addition to this change, consumer timeouts are removed for classic queues. Therefore, all applications should be evaluated if they depend on the consumer timeouts for classic queues and use quorum queues instead.

    • Quorum Queues support unlimited returns

      Up to RabbitMQ 4.2, every requeued message incremented its delivery-count by 1, regardless of the reason. Poison message handling would dead-letter the message once this count exceeded the queue's delivery-limit. Starting with RabbitMQ 4.3, quorum queues track two distinct counters: acquired-count and delivery-count.

      The delivery limit will based on delivery-count rather than the new header acquired-count. This can lead to unlimited explicit message returns (by nack or AMQP 1.0 modify with delivery_failed=false) without counting towards the delivery limit.

      The header x-acquired-count will track the number of times a messages was aquired by a consumer. And x-delivery-count will track the actual number of failed deliveries.

      All applications should be evaluated if quorum queues are used with poison message handling and, if required, adapt the application accordingly.

    • Khepri is Now The Only Metadata Store

      Starting with RabbitMQ 4.3, the Mnesia Storage Engine will be removed in favor of the new Khepri Storage Engine. The Khepri Storage Engine was introduced with RabbitMQ 4.0 and is the new default since RabbitMQ 4.2 for all newly created Service Instances.

      All a9s Messaging Service Instance that were updated from a9s Messaging 4.1 (or prior) to 4.2, are still using the Mnesia Storage Engine. If a9s Messaging Service Instances with Mnesia are upgraded to RabbitMQ 4.3, they will automatically migrate their data to the new Khepri Storage Engine on the first start. Even though this process should work without issues, we recommend to use the Strategy to safely evaluate RabbitMQ 4.X minor updates to safely update a9s Messaging Service Instances to RabbitMQ 4.3. Because if those Service Instances would break during the Storage Engine migration process, there could be issues to do a rollback.

      With the following command it can be identified if the Khepri Storage Engine is already being used:

      curl -k -s -u <user>:<pass> 'https://<node-hostname_or_alias>:15672/api/feature-flags' | grep khepri_db

      If there is a object with the name khepri_db, then the Khepri Storage Engine is used on the Service Instance.