Security release updates bundled dependencies and runtime patches.
Backend updates in 2026-w19
Client generation handles workspace output paths more consistently.
Add experimental node:ffi module for loading native libraries (requires --experimental-ffi flag and appropriate permission; API is unsafe).
Patch release includes planner fixes and replication reliability updates.
Updated docs call out persistence settings that can surprise small teams.
Temporal API is now enabled by default, providing a modern date‑time API;
Patched several remote‑code‑execution vulnerabilities (CVE‑2026‑23479, ‑25243, ‑23631, ‑25588, ‑25589) affecting unblock client flow, RESTORE, Lua, and Time‑Series modules.
Patched multiple critical Use‑After‑Free and invalid memory access vulnerabilities (CVE‑2026‑23479,‑25243,‑23631,‑25588‑25589) that could lead to remote code execution.
Patched multiple remote code execution vulnerabilities (CVE‑2026‑23479, 25243, 23631, 25588, 25589) affecting client flow, Lua, and RESTORE across modules.
Security patches address multiple RCE vulnerabilities (CVE‑2026‑23479, CVE‑2026‑25243, CVE‑2026‑23631) related to use‑after‑free and invalid memory access.
Fixed multiple remote code execution vulnerabilities (CVE‑2026‑23479, CVE‑2026‑25243, CVE‑2026‑23631) related to use‑after‑free and memory errors.
Fixed CVE‑2026‑25243: corrected invalid memory access in RESTORE to prevent remote code execution.