[docs] RN for 2024.2.6.0-b94 (#28907)

* first draft

* minor edits

* updated till build 94

* added cve

Author: aishwarya24

docs/content/preview/releases/yba-releases/v2024.2.md

@@ -19,6 +19,73 @@ For an RSS feed of all release series, point your feed reader to the [RSS feed f
 
 Before upgrading, be sure to review the information in [Prepare to upgrade YugabyteDB Anywhere](/v2024.2/yugabyte-platform/upgrade/prepare-to-upgrade/).
 
+## v2024.2.6.0 - October 31, 2025 {#v2024.2.6.0}
+
+**Build:** `2024.2.6.0-b94`
+
+**Third-party licenses:** [YugabyteDB](https://downloads.yugabyte.com/releases/2024.2.6.0/yugabytedb-2024.2.6.0-b94-third-party-licenses.html), [YugabyteDB Anywhere](https://downloads.yugabyte.com/releases/2024.2.6.0/yugabytedb-anywhere-2024.2.6.0-b94-third-party-licenses.html)
+
+### Download
+
+<ul class="nav yb-pills">
+ <li>
+   <a href="https://downloads.yugabyte.com/releases/2024.2.6.0/yba_installer_full-2024.2.6.0-b94-linux-x86_64.tar.gz">
+     <i class="fa-brands fa-linux"></i>
+     <span>Linux x86</span>
+   </a>
+ </li>
+</ul>
+
+### Improvements
+
+* Adds option to disable table-level metrics collection in YugabyteDB. PLAT-18210
+* Adds OutlierDB support to metrics view and removes outdated code. PLAT-18272
+* Displays WAL status in CDC metrics for clearer stream expiry information. PLAT-18496
+
+### Bug fixes
+
+* Secures LDAP passwords in logs by redacting sensitive flags during operations. PLAT-12639
+* Ensures Route53 DNS addresses update correctly when editing a universe to include new TServers. PLAT-15647,PLAT-15648
+* Updates Java dependencies to address multiple CVEs. PLAT-17981
+* Upgrades `braces` to version 3.0.3 to prevent memory exhaustion. PLAT-18011
+* Removes outdated `Path` sections and updates logging to use journal in systemd files. PLAT-18249
+* Ensures support bundles correctly collect flag overrides in Kubernetes environments. PLAT-18255
+* Enables customization of `tserver` liveness probes in the Helm chart. PLAT-18285
+* Adds retries to `systemctl` commands for better stability during service management. PLAT-18321
+* Reduces lock scope in `XClusterScheduler` to prevent UI unresponsiveness during node failures. PLAT-18398
+* Corrects DR configuration issue for proper snapshot and retention settings. PLAT-18473
+* Reduces logical replication lag reporting issues by using `cdcsdk_flush_lag` metric. PLAT-18479
+* Ensures YBA HA GET APIs authenticate users without enforcing authorization checks. PLAT-18503
+* Disables misleading systemd precheck alerts for cron-based universes. PLAT-18515
+* Upgrades PostgreSQL to 14.19+ in YugabyteDB Anywhere to address critical CVEs. PLAT-18517
+* Fixes the issue of excess masters by updating preflight checks and improving health monitoring. PLAT-18573
+* Locks certifi version to support Python 3.6, preventing AWS create universe failures. PLAT-17917
+* Upgrades setuptools to 78.1.1 to address high-severity CVEs. PLAT-17982
+* Enhances security by updating Go libraries to address multiple CVEs. PLAT-17983
+* Reduces buffer size to 1MB and switches to heap memory for easier management. PLAT-18164
+* Upgrades YBA Prometheus in Helm charts to 3.5.0, addressing over 10 vulnerabilities. PLAT-18201
+* Upgrades node_exporter to version 1.9.1, enhancing security. PLAT-18315
+* Upgrades Protobuf to address {{<cve "CVE-2025-4565">}}. PLAT-18428
+* Upgrades Go version to 1.24.6 and updates dependencies to enhance security. PLAT-18447,PLAT-18446
+* Addresses {{<cve "CVE-2025-58367">}} with a Deep Diff update. PLAT-18557
+* Adds metrics to track and alert on node agent installation failures. PLAT-17274
+* Hides LDAP passwords in the YBA flags configuration UI to enhance security. PLAT-18069
+* Ensures correct kubeconfig is used when adding a new AZ in Kubernetes setups. PLAT-18154
+* Upgrades OAuth2 in Go services to fix a CVE. PLAT-18193
+* Enables Azure backups to operate correctly with subdirectory specifications. PLAT-18207
+* Hides LDAP passwords in flags within support bundles. PLAT-18363
+* Fixes symlink issues to prevent rolling restart failures in OpenShift. PLAT-18433
+* Displays a warning message for non-rolling upgrade attempts. PLAT-18692
+* Enables creating and using custom Kubernetes regions. PLAT-18243
+* Fixes cert-manager certificate names and SAN entries for MCS. <!-- GH-163,PLAT-17142 -->
+* Reverts erroneous method changes to fix Azure Private DNS in universe creation/deletion. PLAT-17152
+* Automatically includes inherited values in runtime configuration fetches. PLAT-18267
+* Adds an API to set preferred zones by priority, ensuring optimal data placement. PLAT-18158,PLAT-18410
+* Prevents YBA backups from overwriting each other using timestamped temp directories. PLAT-18514
+* Enables validation of NFS return codes in YBC for better error handling. PLAT-18671
+* Displays a warning message for non-rolling upgrade attempts. PLAT-18692
+* Resolves incompatibility by using 2.2.0.1-b1 YBC branch to generate the build. PLAT-18803
+
 ## v2024.2.5.1 - September 11, 2025 {#v2024.2.5.1}
 
 **Build:** `2024.2.5.1-b1`

docs/content/preview/releases/ybdb-releases/v2024.2.md

@@ -17,6 +17,131 @@ What follows are the release notes for the YugabyteDB 2024.2 release series. Con
 
 For an RSS feed of all release series, point your feed reader to the [RSS feed for releases](../index.xml).
 
+## v2024.2.6.0 - October 31, 2025 {#v2024.2.6.0}
+
+**Build:** `2024.2.6.0-b94`
+
+**Third-party licenses:** [YugabyteDB](https://downloads.yugabyte.com/releases/2024.2.6.0/yugabytedb-2024.2.6.0-b94-third-party-licenses.html), [YugabyteDB Anywhere](https://downloads.yugabyte.com/releases/2024.2.6.0/yugabytedb-anywhere-2024.2.6.0-b94-third-party-licenses.html)
+
+### Downloads
+
+<ul class="nav yb-pills">
+  <li>
+    <a href="https://software.yugabyte.com/releases/2024.2.6.0/yugabyte-2024.2.6.0-b94-darwin-x86_64.tar.gz">
+      <i class="fa-brands fa-apple"></i>
+      <span>macOS x86</span>
+    </a>
+  </li>
+    <li>
+    <a href="https://software.yugabyte.com/releases/2024.2.6.0/yugabyte-2024.2.6.0-b94-darwin-arm64.tar.gz">
+      <i class="fa-brands fa-apple"></i>
+      <span>macOS ARM</span>
+    </a>
+  </li>
+  <li>
+    <a href="https://software.yugabyte.com/releases/2024.2.6.0/yugabyte-2024.2.6.0-b94-linux-x86_64.tar.gz">
+      <i class="fa-brands fa-linux"></i>
+      <span>Linux x86</span>
+    </a>
+  </li>
+  <li>
+    <a href="https://software.yugabyte.com/releases/2024.2.6.0/yugabyte-2024.2.6.0-b94-el8-aarch64.tar.gz">
+      <i class="fa-brands fa-linux"></i>
+      <span>Linux ARM</span>
+    </a>
+  </li>
+</ul>
+
+**Docker:**
+
+```sh
+docker pull yugabytedb/yugabyte:2024.2.6.0-b94
+```
+
+### Improvements
+
+#### YSQL
+
+* Ensures YSQL index backfill operations resume seamlessly after a master leader failover. {{<issue 6218>}}
+* Removes the beta warning for the `ANALYZE` command starting in version 2024.2. {{<issue 25552>}}
+* Adds support for deferred mode in `yb_read_after_commit_visibility` for writes. {{<issue 24940>}}
+* Displays transaction type in EXPLAIN (ANALYZE, DEBUG) output. {{<issue 14804>}}
+* Enhances row boundary settings for hash-partitioned tables using encoded DocKeys. {{<issue 28219>}}
+* Introduces the `yb_fk_references_cache_limit` parameter to cap FK references cache entries at 65535. {{<issue 27739>}}
+* Reduces master load by allowing auth backends to utilize the TServer cache during authorization checks. {{<issue 28144>}}
+* Enables bounded staleness for PostgreSQL authentication backend cache using `pg_cache_response_trust_auth_lifetime_limit_ms`. {{<issue 28261>}}
+* Sets stricter copyright enforcement for C++ files on master but reduces rule severity on backport branches. {{<issue 28602>}}
+* Reduces master RPCs for PG auth backends by using TServer cache. {{<issue 28144>}}
+* Avoids unnecessary memory spikes and ensures freshest catalog data for relationship cache initialization. {{<issue 28144>}}
+* Streamlines request pagination in scans for consistent behavior across all directions. {{<issue 27738>}}
+* Adds new YSQL configuration parameter `yb_enable_cbo=legacy_ignore_stats_bnl_mode`. {{<issue 28703>}}
+* Adds a flag `ysql_enable_scram_channel_binding` to enable SCRAM with channel binding. {{<issue 28108>}}
+* Enables viewing tcmalloc memory statistics for the connection manager. {{<issue 28371>}}
+* Enhances CM decision-making by always using a custom ParameterStatus packet. {{<issue 28012>}}
+* Allows setting YSQL configuration parameters to whitespace empty values without causing errors. {{<issue 27106>}}
+
+#### DocDB
+
+* Limits TServer crashes by capping log reader memory usage in xCluster replication. {{<issue 28124>}},{{<issue 22992>}}
+* Enhances on-disk size metrics to include snapshots, improving cluster balancer accuracy. {{<issue 28010>}}
+* Adds new wait events for ASH instrumentation to identify bottlenecks during bootstrap. {{<issue 23198>}}
+* Limits TServer crashes by capping log reader memory usage in xCluster replication. {{<issue 28124>}}
+* Fixes a vulnerability allowing incorrect database row access or modification. {{<issue 25330>}}
+* Ensures AuthOK messages are sent immediately to clients, simplifying future changes. {{<issue 27825>}}
+* Allows users to specify SSL ciphers and minimum TLS version on webserver ports. {{<issue 27375>}}
+* Temporarily disables TryConsume feature in LogReader to prevent incorrect blocking of user operations due to a memory bug. {{<issue 29095>}}
+
+#### CDC
+
+* Displays replica identity map in `list_change_data_streams` output. {{<issue 28646>}}
+* Enhances error propagation from `GetChanges` to clients for more transparency. {{<issue 28033>}}
+* Handles error propagation from CDC to client for missing footer in segments. {{<issue 28592>}},{{<issue 22992>}}
+* Prevents LogReader memory limit from being wrongly applied to CDC, avoiding crashes during WAL resume. {{<issue 29066>}},{{<issue 28898>}}
+
+### Bug fixes
+
+#### YSQL
+
+* Ensures `TimeZone` is not lowercased in connection manager for correct pgJDBC interpretation. {{<issue 28537>}}
+* Avoids segmentation faults in ASH queries by initializing wait states to `kIdle` instead of `kUnused`. {{<issue 28303>}}
+* Enables accurate tablespace dependency tracking for tables moved via `ALTER TABLE SET TABLESPACE`. {{<issue 26995>}}
+* Disables writes to role profile tables during YSQL upgrades to prevent errors. {{<issue 28016>}}
+* Ensures the correct renew strategy for `IsRenewRequired` works as expected. {{<issue 28226>}}
+* Ensures `yb_enable_cbo` correctly activates when legacy YSQL configuration parameters are ON. {{<issue 28156>}}
+* Adds options to enable pre-2024.1 BNL cost behavior in non-CBO mode. {{<issue 28222>}}
+* Reduces unnecessary catalog version increments for renames on temporary relations. {{<issue 28477>}}
+* Fixes crashes when locking rows in temporary tables by setting the correct transaction state. {{<issue 27149>}}
+* Fixes a regression bug that caused an `OBJECT_NOT_FOUND` error during an index alteration, ensuring smoother table modifications. {{<issue 28849>}}
+* Fixes a memory leak by using condition variables for signal handling in the connection manager. {{<issue 28191>}}
+* Prevents indefinite stalls in multi-route pooling by ensuring signals are broadcast across all routes. {{<issue 28283>}}
+* Enables defining the maximum percentage of total YSQL connections for the connection manager. {{<issue 27701>}}
+
+#### DocDB
+
+* Ensures tablet server limits in the UI exclude dead or blacklisted nodes, providing accurate data metrics. {{<issue 27512>}}
+* Prevents potential deadlocks in Raft operations by managing flusher state effectively. {{<issue 27531>}}
+* Allows SST files with specific row or column TTLs to remain candidates for compaction. {{<issue 26014>}}
+* Ensures tablet split handling on the consumer side does not cause incorrect mappings due to race conditions. {{<issue 28750>}}
+* Eliminates redundant `rocksdb_block_cache_bytes_read` metrics to reduce noise and overhead. {{<issue 27017>}}
+* Restores deletion of table info objects to prevent memory overload. {{<issue 23721>}}
+* Enhances metrics to better estimate cluster balancing times and validate the accuracy of the balancing algorithm. {{<issue 23908>}}
+* Enforces TLS v1.2 for secure webserver connections. {{<issue 28417>}}
+* Preserves cluster balancer metrics correctly across all placements including read replicas. {{<issue 28366>}}
+* Fixes issues with aborted transactions during promotions preventing stuck operations. {{<issue 27853>}}
+* Increases data metric's capacity to handle over 4 GB for balancing. {{<issue 28500>}}
+* Adds a memory tracker to monitor temporary memory used when reading WALs, preventing TServer crashes. {{<issue 28623>}}
+* Adds CRC checksum to RPC calls to detect data corruption. {{<issue 18675>}}
+* Reduces segmentation faults by isolating cascading timeout handling to auth processes. {{<issue 28206>}},{{<issue 28218>}},{{<issue 28231>}},{{<issue 28242>}}
+* Eliminates stale hashmap entries on parse errors, enhancing protocol-level prepared statement handling. {{<issue 28576>}}
+* Renames conflicting random number functions to prevent data race issues. {{<issue 28248>}}
+* Avoids crashes and data races during shutdown by safely managing thread resources and memory clean-up. {{<issue 28415>}}
+
+#### CDC
+
+* Ensures unique sorting of batched shard records using `write_id` to prevent data loss. {{<issue 28166>}}
+* Ensures only tables in a publication are checked for `CHANGE` replica identity. {{<issue 28629>}}
+* Handles error propagation from CDC to client for missing footer in segments. {{<issue 28592>}}
+
 ## v2024.2.5.1 - September 11, 2025 {#v2024.2.5.1}
 
 **Build:** `2024.2.5.1-b1`

docs/content/preview/secure/vulnerability-disclosure-policy.md

@@ -127,5 +127,5 @@ Note that this policy covers only vulnerabilities in the query layer of PostgreS
 | PostgreSQL (YSQL) | {{<cve "CVE-2023-5868">}} |  [v2.14.17.x](/preview/releases/ybdb-releases/end-of-life/v2.14/#v2.14.17.0), [v2.18.8.x](/preview/releases/ybdb-releases/end-of-life/v2.18/#v2.18.8.0), {{<release "2.20.6.x">}}, {{<release "2.23.0.0">}}, v2024.2 | Resolved |
 | PostgreSQL (YSQL) | {{<cve "CVE-2023-5869">}} | [v2.14.17.x](/preview/releases/ybdb-releases/end-of-life/v2.14/#v2.14.17.0), [v2.18.8.x](/preview/releases/ybdb-releases/end-of-life/v2.18/#v2.18.8.0), {{<release "2.20.6.x">}}, {{<release "2.23.0.0">}}, v2024.2 | Resolved |
 | PostgreSQL (YSQL) | {{<cve "CVE-2023-5870">}} | [v2.14.17.x](/preview/releases/ybdb-releases/end-of-life/v2.14/#v2.14.17.0), [v2.18.8.x](/preview/releases/ybdb-releases/end-of-life/v2.18/#v2.18.8.0), {{<release "2.20.6.x">}}, {{<release "2.23.0.0">}}, v2024.2 | Resolved |
+| PostgreSQL (YSQL) | {{<cve "CVE-2024-10978">}} | {{<release "2024.2.6.x">}} | Resolved |
 | PostgreSQL (YSQL) | {{<cve "CVE-2024-10979">}} |  | Not applicable: PL/Perl extension is not included in installation. |
-<!-- | PostgreSQL (YSQL) | {{<cve "CVE-2024-10978">}} | {{<release "2024.2.6.x">}} | Resolved | -->

docs/data/currentVersions.json

@@ -28,9 +28,9 @@
       {
       "series": "v2024.2",
       "display": "v2024.2 (LTS)",
-      "version": "2024.2.5.1",
-      "versionShort": "2024.2.5",
-      "appVersion": "2024.2.5.1-b1",
+      "version": "2024.2.6.0",
+      "versionShort": "2024.2.6",
+      "appVersion": "2024.2.6.0-b94",
       "isStable": true,
       "isLTS": true,
       "initialRelease": "2024-12-09",