This release includes 2 breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
Affected surfaces
ReleasePort's take
Moderate signalThe sticky_sessions configuration now accepts Option<isize> instead of a bool, and the JWT auth config no longer includes the data property. A new counter and rate limiter have been added for handling 4xx requests.
Why it matters: Breaking changes require updating configuration code; severity scored 70. Feature addition provides observability triggers for 4xx request spikes.
Summary
AI summaryRemoved the JWT authorization data property, breaking existing configurations.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Breaking | High |
Removes data property from JWT authorization config Removes data property from JWT authorization config Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Breaking | High |
Changes sticky_sessions type from bool to Option<isize> Changes sticky_sessions type from bool to Option<isize> Source: llm_adapter@2026-05-28 Confidence: low |
— |
| Feature | Medium |
Adds counter and rate limiter for 4xx requests Adds counter and rate limiter for 4xx requests Source: llm_adapter@2026-05-28 Confidence: high |
— |
Full changelog
- Changed sticky session value from
booltoOption<isize>, corresponding to Max-Age= of cookie - Added counter and rate limiter for 4xx requests
- Changed config for JWT authorization. The data property is removed.
Contains Braking changes Values for sticky_sessions changed from bool to Option<isize>
Breaking Changes
- Removed the `data` property from JWT authorization config
- Changed `sticky_sessions` type from `bool` to `Option`
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About sadoyan/aralez
All releases →Related context
Related tools
Featured in
Beta — feedback welcome: [email protected]