3.6.0

Date: 2025-12-12
Tag: 3.6.0

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release introduces 8 improvements and resolves 18 bugs since 3.5.1.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means upgrade may be performed with zero
downtime for read requests and the order-of-network-lag downtime for write
requests.

Please follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Functionality added or changed

Lua

• Added a new Lua module - ulid.

• Now the interface parameter is available to be used with the
  connect URI. It allows to specify the interface to bind the net.box connection to
  (gh-11803).

• Updated the metrics submodule from 1.3.0 to 1.6.1.

  • Added a new schema metrics category with the schema_needs_upgrade metric, enabled by default
    (gh-524) (gh-529).

  • Added a new memory metric, enabled by default
    (gh-519).

  • Added a new memory_virt metric, enabled by default
    (gh-521).

  • Fixed possible fio.read errors
    (gh-527).

  • Added a new label_keys parameter for counter() and gauge() metrics
    (gh-508).

Core

• Space and transactional triggers during recovery are now deprecated
  (gh-11756).
• Introduced the box.schema.needs_upgrade function checking if an
  upgrade to a newer Tarantool schema version is required (gh-11877).
• Sped up snapshot recovery by up to 70% by offloading MsgPack decoding to
  a separate thread (gh-11888).
• The interface parameter can now be used in box.cfg.replication URIs.
  It allows specifying the network interface to bind to for URI connections
  (gh-11803).
• Introduced new grant and metagrant privileges. They're only grantable on
  the universe. The grant privilege allows a user to grant any privilege,
  excepting grant and metagrant, on an object, object class or universe.
  The metagrant allows to grant grant and metagrant privileges. Both only
  allow granting to other users, no granting to oneself is allowed by them (gh-11528).

Bugs fixed

Replication

• Fixed two related bugs when concurrent box.ctl.promote invocations with
  box.cfg.election_mode = 'manual' would crash during (gh-11703) or after
  (gh-11708) server configuration via box.cfg.

LuaJIT

Backported patches from the vanilla LuaJIT trunk (gh-11691). The following
issues were fixed as part of this activity:

• Fixed incorrect emitting for IR_TBAR on aarch64.
• Fixed stack overflow handling for the trace exit.
• Fixed dangling CType references.
• Fixed closing VM state after early OOM.
• Fixed emitting for IR_MUL on x86/x64.
• Fixed incorrect stp/ldp instructions fusion on aarch64.
• Fixed SCEV entry invalidation when returning to a lower frame.
• Fixed macOS 15 / Clang 16 build.
• Fixed emitting for IR_HREFK on aarch64.

Core

• Users and roles defined in credentials.* are now synchronized with the
  config on reload and instance restart: users and roles removed from config
  are dropped automatically, while manually created users and roles remain
  untouched (gh-11827).
  Manual action required: you have to run the following script
  to ensure that all the users and roles are managed solely by the YAML
  configuration. It allows to identify users/roles that are kept forever,
  because created from Lua (or from configuration on Tarantool version less than
  3.6.0), and decide whether to transfer the ownership to the YAML configuration
  or finally delete them.
• Added character filtering for syslog output according to RFC 3164: only SP
  (%d32) and VCHAR (%d33-126) are allowed. Any character < 32 or > 126 is now
  escaped (gh-12006).
• Fixed a bug when a sequence name could be inaccessible to a user if he had an
  access granted on the sequence by another user (gh-12088).
• Fixed an invisibility of entries in the _vuser space view if a user had a
  privilege on the user entity granted (gh-12089).
• Fixed a bug when object privileges could remain granted on revoke if they were
  the last ones in the _priv entry (gh-11528).
• Fixed a bug when function IDs grew monotonously, resulting in an overflow
  after some amount of function modifications, even if the total number of
  functions was constant (gh-11849, gh-11851).
• Fixed performance degradation when updating space format or dropping a
  space due to inefficient tuple dictionary cleanup (gh-12115).

Config

• Template variables now expand inside app.cfg.* and roles_cfg.*
  (any type fields) (gh-10595).

3.5.1

Date: 2025-11-21
Tag: 3.5.1

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release resolves 25 bugs since 3.5.0.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means upgrade may be performed with zero
downtime for read requests and the order-of-network-lag downtime for write
requests.

Please follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Bugs fixed

Core

• Transaction savepoint functions are now properly exported in the C API
  (gh-11731).
• Fixed a bug where box.schema.downgrade to versions 2.11.5+ would erroneously
  set schema version to 2.11.1 instead of 2.11.5 (gh-11204).
• Fixed a bug when the instance hung during transition to RW
  state after promotion with a quorum greater than the
  number of registered instances in the replicaset. Now the
  transition can be continued by reducing the
  replication_synchro_quorum value (gh-11574).
• Fixed a crash when a tuple field or key part of a fixed decimal type is
  MP_NIL (gh-ee-1454).
• Fixed an issue when tostring() is applied to an error raised inside
  box.atomic() (gh-11823).
• Fixed an issue where the predefined replication role was not treated
  as a system role and therefore could be dropped or modified. Now it is
  properly protected like other system roles (guest, admin, public,
  super) (gh-11848).
• Fixed a crash on reconnecting to syslog server (gh-11840).
• Fixed a crash when pagination was used on a sysview space (gh-11953).

Memtx

• Fixed a crash on OOM on insertion in tree index of memtx engine (gh-11788).
• Fixed an MVCC bug when a transaction performing insert-after-delete
  with the same primary key (for example, delete{4} followed by
  insert{4, 3}) could create secondary key duplicates (gh-11686).
• Fixed an MVCC bug when a transaction performing get-after-replace could
  dirty-read nothing (gh-11687).
• Fixed an MVCC bug that could lead to duplicates in secondary indexes
  after a rollback (gh-11660).
• Fixed an MVCC bug that could lead to dirty gap read in secondary indexes
  after a rollback (gh-11802).
• Fixed a crash when using the maximum allowed number of indexes with MVCC
  enabled (gh-11929).
• Fixed a crash when trying to use pagination along with the key
  in RTREE indexes (gh-11963).

Vinyl

• Fixed a bug when a WAL write error could lead to the violation of a unique
  constraint in a space with the enabled defer_deletes option (gh-11969).

Replication

• Fixed a bug where box.begin{txn_isolation = 'linearizable'} could crash when
  the max size of the synchronous transactions queue was reached (the setting
  box.cfg.replication_synchro_queue_max_size) (gh-11807).
• Fixed a false-positive assertion failure that could occur when calling
  box.ctl.make_bootstrap_leader() during recovery (gh-11704).
• Fixed the election state corruption after an anonymous replica
  becomes non-anonymous (gh-11938).
• Fixed a bug where a node configured with election_mode = 'off' would prevent
  nodes with election_mode = 'candidate' from starting new elections after the
  leader death (gh-12018).
• Fixed a bug where the replication downstream could get stuck when the replica
  had box.cfg.replication_synchro_queue_max_size set to a smaller value than
  the master (gh-11836).
• Fixed a bug that a snapshot file could contain an outdated synchronous
  replication's confirmation LSN or a term. That was only possible when the
  synchronous replication was used (gh-11754).

Lua

• Fixed a bug when a lot of "Connection refused" messages were
  printed in the log file when a net.box connection fails with
  the reconnect_after option (gh-10506).
• Fixed a bug that caused incorrect display of string uri
  parameters in returned uri of uri.format (gh-11820).

Config

• IPROTO SSL options can now be properly configured by specifying the
  iproto.ssl section.

3.4.2

Date: 2025-11-21
Tag: 3.4.2

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release resolves 29 bugs since 3.4.1.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means upgrade may be performed with zero
downtime for read requests and the order-of-network-lag downtime for write
requests.

Please follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Bugs fixed

Core

• Fixed the creation of broken snapshots, which could contain outdated entries
  also applied in the following xlog files. This could happen if the
  transactions would pile up and fill the whole WAL queue
  (box.cfg.wal_queue_max_size was reached), and a snapshot was created at this
  moment (gh-11180).
• Transaction savepoint functions are now properly exported in the C API
  (gh-11731).
• Fixed a bug where box.schema.downgrade to versions 2.11.5+ would erroneously
  set schema version to 2.11.1 instead of 2.11.5 (gh-11204).
• Fixed key corruption when pagination by tuple was used (gh-11221).
• Fixed a bug of missed setting box error name in some cases (gh-10708).
• Fixed an issue when tostring() is applied to an error raised inside
  box.atomic() (gh-11823).
• Fixed an issue where the predefined replication role was not treated
  as a system role and therefore could be dropped or modified. Now it is
  properly protected like other system roles (guest, admin, public,
  super) (gh-11848).
• Fixed a crash on reconnecting to syslog server (gh-11840).
• Fixed a crash when pagination was used on a sysview space (gh-11953).
• Fixed a crash when trying to use pagination along with the key
  in RTREE indexes (gh-11963).

Memtx

• Fixed a crash on OOM on insertion in tree index of memtx engine (gh-11788).
• Fixed an MVCC bug when a transaction performing insert-after-delete
  with the same primary key (for example, delete{4} followed by
  insert{4, 3}) could create secondary key duplicates (gh-11686).
• Fixed an MVCC bug when a transaction performing get-after-replace could
  dirty-read nothing (gh-11687).
• Fixed an MVCC bug that could lead to duplicates in secondary indexes
  after a rollback (gh-11660).
• Fixed an MVCC bug that could lead to dirty gap read in secondary indexes
  after a rollback (gh-11802).
• Fixed a crash when using the maximum allowed number of indexes with Memtx-MVCC
  enabled (gh-11929).

Vinyl

• Fixed a bug when a WAL write error could lead to the violation of a unique
  constraint in a space with the enabled defer_deletes option (gh-11969).

Replication

• Fixed a bug where box.begin{txn_isolation = 'linearizable'} could crash when
  the max size of the synchronous transactions queue was reached (the setting
  box.cfg.replication_synchro_queue_max_size) (gh-11807).
• Fixed a false-positive assertion failure that could occur when calling
  box.ctl.make_bootstrap_leader() during recovery (gh-11704).
• Fixed the election state corruption after an anonymous replica
  becomes non-anonymous (gh-11938).
• Fixed a bug where a node configured with election_mode = 'off' would prevent
  nodes with election_mode = 'candidate' from starting new elections after the
  leader death (gh-12018).
• Fixed a bug where the replication downstream could get stuck when the replica
  had box.cfg.replication_synchro_queue_max_size set to a smaller value than
  the master (gh-11836).
• Fixed a bug when the instance hung during transition to RW state after
  promotion with a quorum greater than the number of registered instances in the
  replicaset. Now the transition can be continued by reducing the
  replication_synchro_quorum value (gh-11574).
• Fixed inconsistent data which could happen when the synchro queue was full
  (box.cfg.replication_synchro_queue_max_size was reached) and the
  transactions blocked on that queue were woken up or cancelled spuriously (for
  example, manually via fiber:wakeup() or fiber:cancel()). Specifically,
  transactions could get committed in a wrong order or newly joined replicas
  could have data not present on the master (gh-11180).
• Fixed a bug that a snapshot file could contain an outdated synchronous
  replication's confirmation LSN or a term. That was only possible when the
  synchronous replication was used (gh-11754).

Lua

• Fixed a bug when a lot of "Connection refused" messages were
  printed in the log file when a net.box connection fails with
  the reconnect_after option (gh-10506).
• Fixed a bug that caused incorrect display of string uri
  parameters in returned uri of uri.format (gh-11820).

Config

• Evaluate configurations for other cluster members lazily to speed up startup
  and reload of large configurations (500 instances or more).
• IPROTO SSL options can now be properly configured by specifying the
  iproto.ssl section.

3.3.4

Date: 2025-11-21
Tag: 3.3.4

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release resolves 29 bugs since 3.3.3.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means upgrade may be performed with zero
downtime for read requests and the order-of-network-lag downtime for write
requests.

Please follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Bugs fixed

Core

• Fixed the creation of broken snapshots, which could contain outdated entries
  also applied in the following xlog files. This could happen if the
  transactions would pile up and fill the whole WAL queue
  (box.cfg.wal_queue_max_size was reached), and a snapshot was created at this
  moment (gh-11180).
• Transaction savepoint functions are now properly exported in the C API
  (gh-11731).
• Fixed a bug where box.schema.downgrade to versions 2.11.5+ would erroneously
  set schema version to 2.11.1 instead of 2.11.5 (gh-11204).
• Fixed a bug when the instance hung during transition to RW state after
  promotion with a quorum greater than the number of registered instances in the
  replicaset. Now the transition can be continued by reducing the
  replication_synchro_quorum value (gh-11574).
• Fixed key corruption when pagination by tuple was used (gh-11221).
• Fixed a bug of missed setting box error name in some cases (gh-10708).
• Fixed an issue when tostring() is applied to an error raised inside
  box.atomic() (gh-11823).
• Fixed an issue where the predefined replication role was not treated
  as a system role and therefore could be dropped or modified. Now it is
  properly protected like other system roles (guest, admin, public,
  super) (gh-11848).
• Fixed a crash on reconnecting to syslog server (gh-11840).
• Fixed a crash when pagination was used on a sysview space (gh-11953).
• Fixed a crash when trying to use pagination along with the key
  in RTREE indexes (gh-11963).

Memtx

• Fixed a crash on OOM on insertion in tree index of memtx engine (gh-11788).
• Fixed an MVCC bug when a transaction performing insert-after-delete
  with the same primary key (for example, delete{4} followed by
  insert{4, 3}) could create secondary key duplicates (gh-11686).
• Fixed an MVCC bug when a transaction performing get-after-replace could
  dirty-read nothing (gh-11687).
• Fixed an MVCC bug that could lead to duplicates in secondary indexes
  after a rollback (gh-11660).
• Fixed an MVCC bug that could lead to dirty gap read in secondary indexes
  after a rollback (gh-11802).
• Fixed a crash when using the maximum allowed number of indexes with MVCC
  enabled (gh-11929).

Vinyl

• Fixed a bug when a WAL write error could lead to the violation of a unique
  constraint in a space with the enabled defer_deletes option (gh-11969).

Replication

• Fixed a bug where box.begin{txn_isolation = 'linearizable'} could crash when
  the max size of the synchronous transactions queue was reached (the setting
  box.cfg.replication_synchro_queue_max_size) (gh-11807).
• Fixed a false-positive assertion failure that could occur when calling
  box.ctl.make_bootstrap_leader() during recovery (gh-11704).
• Fixed the election state corruption after an anonymous replica
  becomes non-anonymous (gh-11938).
• Fixed a bug where a node configured with election_mode = 'off' would prevent
  nodes with election_mode = 'candidate' from starting new elections after the
  leader death (gh-12018).
• Fixed a bug where the replication downstream could get stuck when the replica
  had box.cfg.replication_synchro_queue_max_size set to a smaller value than
  the master (gh-11836).
• Fixed inconsistent data which could happen when the synchro queue was full
  (box.cfg.replication_synchro_queue_max_size was reached) and the
  transactions blocked on that queue were woken up or cancelled spuriously (for
  example, manually via fiber:wakeup() or fiber:cancel()). Specifically,
  transactions could get committed in a wrong order or newly joined replicas
  could have data not present on the master (gh-11180).
• Fixed a bug that a snapshot file could contain an outdated synchronous
  replication's confirmation LSN or a term. That was only possible when the
  synchronous replication was used (gh-11754).

Lua

• Fixed a bug when a lot of "Connection refused" messages were
  printed in the log file when a net.box connection fails with
  the reconnect_after option (gh-10506).
• Fixed a bug that caused incorrect display of string uri
  parameters in returned uri of uri.format (gh-11820).

Config

• Evaluate configurations for other cluster members lazily to speed up startup
  and reload of large configurations (500 instances or more).
• IPROTO SSL options can now be properly configured by specifying the
  iproto.ssl section.

3.2.3

Date: 2025-11-21
Tag: 3.2.3

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release resolves 25 bugs since 3.2.2.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means upgrade may be performed with zero
downtime for read requests and the order-of-network-lag downtime for write
requests.

Please follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Bugs fixed

Core

• Fixed the creation of broken snapshots, which could contain outdated entries
  also applied in the following xlog files. This could happen if the
  transactions would pile up and fill the whole WAL queue
  (box.cfg.wal_queue_max_size was reached), and a snapshot was created at this
  moment (gh-11180).
• Transaction savepoint functions are now properly exported in the C API
  (gh-11731).
• Fixed a bug where box.schema.downgrade to versions 2.11.5+ would erroneously
  set schema version to 2.11.1 instead of 2.11.5 (gh-11204).
• Fixed a bug when the instance hung during transition to RW state after
  promotion with a quorum greater than the number of registered instances in the
  replicaset. Now the transition can be continued by reducing the
  replication_synchro_quorum value (gh-11574).
• Fixed a bug of missed setting box error name in some cases (gh-10708).
• Fixed the crash caused by asynchronously committing an asynchronous
  transaction following a synchronous timed out transaction (gh-10853).
• Fixed an issue when tostring() is applied to an error raised inside
  box.atomic() (gh-11823).
• Fixed an issue where the predefined replication role was not treated
  as a system role and therefore could be dropped or modified. Now it is
  properly protected like other system roles (guest, admin, public,
  super) (gh-11848).
• Fixed a crash on reconnecting to syslog server (gh-11840).
• Fixed a crash when pagination was used on a sysview space (gh-11953).
• Fixed a crash when trying to use pagination along with the key
  in RTREE indexes (gh-11963).

Memtx

• Fixed an MVCC bug when a transaction performing insert-after-delete
  with the same primary key (for example, delete{4} followed by
  insert{4, 3}) could create secondary key duplicates (gh-11686).
• Fixed an MVCC bug when a transaction performing get-after-replace could
  dirty-read nothing (gh-11687).
• Fixed an MVCC bug that could lead to duplicates in secondary indexes
  after a rollback (gh-11660).
• Fixed an MVCC bug that could lead to dirty gap read in secondary indexes
  after a rollback (gh-11802).
• Fixed a crash when using the maximum allowed number of indexes with MVCC
  enabled (gh-11929).

Vinyl

• Fixed a bug when a WAL write error could lead to the violation of a unique
  constraint in a space with the enabled defer_deletes option (gh-11969).

Replication

• Fixed a false-positive assertion failure that could occur when calling
  box.ctl.make_bootstrap_leader() during recovery (gh-11704).
• Fixed the election state corruption after an anonymous replica
  becomes non-anonymous (gh-11938).
• Fixed a bug where a node configured with election_mode = 'off' would prevent
  nodes with election_mode = 'candidate' from starting new elections after the
  leader death (gh-12018).
• Fixed a bug that a snapshot file could contain an outdated synchronous
  replication's confirmation LSN or a term. That was only possible when the
  synchronous replication was used (gh-11754).

Lua

• Fixed a bug when a lot of "Connection refused" messages were
  printed in the log file when a net.box connection fails with
  the reconnect_after option (gh-10506).
• Fixed a bug that caused incorrect display of string uri
  parameters in returned uri of uri.format (gh-11820).

Config

• Evaluate configurations for other cluster members lazily to speed up startup
  and reload of large configurations (500 instances or more).
• IPROTO SSL options can now be properly configured by specifying the
  iproto.ssl section.

2.11.8

Date: 2025-10-17
Tag: 2.11.8

Overview

2.x is the old stable release series. Users are encouraged to update to the
latest 3.x release.

This is a bugfix release. It resolves 15 issues since the previous version.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means upgrade may be performed with zero
downtime for read requests and the order-of-network-lag downtime for write
requests.

Please follow the upgrade procedure to plan your update actions.

Bugs fixed

Core

• Now the server binds all URIs matching the listen parameter in the box
  configuration. Previously it bound only a single URI per entry. Now providing
  a single port number makes all interfaces be listened on that port. It is
  also possible now to bind multiple interfaces with a single port number
  (gh-7152).
• Fixed a crash, undefined behavior, and inconsistent data across replicas that
  could all occur when the WAL queue was full (box.cfg.wal_queue_max_size was
  reached) and transactions blocked on that queue were woken up or cancelled
  spuriously (for example, manually via fiber:wakeup() or fiber:cancel()).
  (gh-11180).
• Fixed the creation of broken snapshots, which could contain outdated entries
  also applied in the following xlog files. This could happen if the
  transactions would pile up and fill the whole WAL queue
  (box.cfg.wal_queue_max_size was reached), and a snapshot was created at this
  moment (gh-11180).

Replication

• Fixed the election state corruption after an anonymous replica
  becomes non-anonymous (gh-11938).

LuaJIT

Backported patches from the vanilla LuaJIT trunk (gh-11278). The following
issues were fixed as part of this activity:

• Fixed JIT slot overflow during recording of trace with up-recursion.
• Fixed stack overflow handling.
• Fixed potential file descriptor leaks in loadfile().
• Fixed error generation in loadfile().
• Fixed incorrect snapshot restore due to stack overflow.
• Fixed assembling of IR SLOAD for the aarch64 architecture.
• Fixed assembling of IR HREFK for the aarch64 architecture.
• Fixed incorrect stp/ldp instructions fusion on aarch64.

Lua

Uri

• Fixed a bug that caused an incorrect display of string URI
  parameters in the URI returned by uri.format (gh-11820).

Tools

• Fixed a sysprof crash (gh-11185, gh-11429) when a sample was collected outside
  the LuaJIT VM.
• It is now possible to call LuaJIT's platform profile function
  misc.sysprof.report() during the profiling as well (gh-11229).

3.5.0

Date: 2025-08-27
Tag: 3.5.0

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release introduces 17 improvements and resolves 6 bugs since 3.4.1.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means upgrade may be performed
with zero downtime for read requests and the order-of-network-lag downtime for
write requests.

Please follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Functionality added or changed

Core

• Added support for fixed point decimal types decimal32, decimal64,
  decimal128 and decimal256.
• Populated box.tuple.format objects with a new method validate (gh-9979).
• Populated space objects with a new field format_object (gh-9979).
• A new box_status function is now available in the C API. It is accessible
  in the TX thread without box.info.status Lua calls.
• Introduced a new C API function, box_tuple_data(), for inspecting
  the MsgPack tuple data without making copies (gh-11478).

App

• Decimal support is changed to fit new fixed point decimal types.
  Limit on exponent is removed, precision is increased to 76 decimal digits
  and printing is done in scientific notation.
• Increased verbosity of logging system errors (gh-10116).
• Added conversion functions between box_decimal_t and scaled integers
  to C box API.
• Changed Lua error.tostring() to print error stack from effect to cause.
  The Caused by: prefix for cause frames is added when the compat option
  box_error_serialize_verbose is set to new.
• Added a new method, is_closed(), to popen handle to check if the handle
  has been closed (gh-11492).

Memtx

• Now it is possible to sort secondary keys with a new O(n) sorting
  algorithm that uses additional data written into the snapshot. The
  feature can be enabled with a new memtx_use_sort_data option in
  box.cfg (gh-10847).

Config

• Introduced a fail_if tag for roles and scripts (gh-10987).
• SIGUSR2 now can be used to trigger YAML configuration reload (gh-11585).
• Introduced a new include field for configuration files (gh-11510).

Connpool

• experimental.connpool now automatically closes unused connections opened by
  connpool.call() and connpool.filter() upon the timeout configured using
  the connpool.set_idle_timeout() method or the connpool.idle_timeout
  configuration option.
• The experimental.connpool methods now try to reconnect to recently accessed
  instances when they become unavailable. Reconnect attempts happen after a
  constant interval and are stopped if the instance is no longer needed.
• experimental.connpool methods call() and filter() became faster. They do
  not wait for unavailable instances if it is known they have been inaccessible
  recently.

Bugs fixed

Core

• Fixed the creation of broken snapshots, which could contain outdated entries
  also applied in the following xlog files. This could happen if the
  transactions would pile up and fill the whole WAL queue
  (box.cfg.wal_queue_max_size was reached), and a snapshot was created at this
  moment (gh-11180).
• Fixed key corruption when pagination by tuple was used (gh-11221).
• Fixed a bug of missed setting box error name in some cases (gh-10708).

Replication

• Disabled informational log messages that were printed while sending WAL logs
  to subscribed replicas (gh-11752).
• Fixed inconsistent data which could appear when the synchro queue was full
  (box.cfg.replication_synchro_queue_max_size was reached) and the
  transactions blocked on that queue were woken up or cancelled spuriously (for
  example, manually via fiber:wakeup() or fiber:cancel()). Specifically,
  transactions could get committed in a wrong order or newly joined replicas
  could have data not present on the master (gh-11180).

Config

• Evaluate configurations for other cluster members lazily to speed up startup
  and reload of large configurations (500 instances or more).

3.2.2

Date: 2025-08-22
Tag: 3.2.2

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release resolves 106 bugs since 3.2.1.

Announcement: double field type problems

Users who ever used the double field type in vinyl indexes might have their
indexes broken. Regardless of this release. Preferably prior to the upgrade the
users must get rid of the double indexed field type in vinyl. It must be
drop-in replaceable by the number field type.

The reason is that the sorting of double fields would always compare the field
values as C-language doubles, even when actual integers are stored. This works
fine for small numbers, but starting from 2^53 the double-style comparison
loses precision. For example, 18446744073709551615 and 18446744073709551614
would be considered the same values.

Besides, point-lookups in such index are going to be broken by design too -
looking up by 18446744073709551615 can return 18446744073709551614 and many
other integers around this point.

Unfortunately, even if the user doesn't have the double type in any vinyl
indexes, but ever had it before, it is still unsafe. A double index
altered to number or scalar would remain broken. It is very important that
users rebuild all the vinyl indexes that have or ever had the double field
type in them. What is worse, just an alter double -> number won't
work. The old index must be dropped and a new one must be created. In any
order.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means that the updating may be performed
with zero downtime for read requests and the order-of-network-lag downtime for
write requests.

Please follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Bugs fixed

Core

• Fixed a bug that prevented update() operations on the fields with a
  fixed-size floating-point type (gh-9929).
• The bootstrap_leader configuration option is now dynamic (gh-10604).
• Fixed a bug when a server could crash if a client sent an IPROTO replication
  request without waiting for pending requests to complete (gh-10155).
• Fixed a bug when IPROTO_INDEX_NAME was mapped into a wrong index identifier (gh-9923).
• Fixed a bug when the sequence:reset() call result was not recovered
  after the server restart (gh-9871).
• Fixed log message being truncated to 1024 bytes with JSON logger (gh-10918).
• Fixed several bugs in the numbers comparison and hashing in tuple keys. It
  allowed to insert the same key multiple times into a unique index, and
  sometimes wouldn't allow to find an existing key in an index. Could happen
  when numbers were encoded in MessagePack suboptimally and when the double
  field type was used (gh-9965).
• Fixed a bug where passwords are leaked into logs
  when using listen and bootstrap_leader options.
• Now the server binds all URIs matching the listen parameter in the box
  configuration. Previously, it bound only a single URI per entry. Now, providing
  a single port number makes all interfaces be listened on that port. It is
  also possible now to bind multiple interfaces with a single port number
  (gh-7152).
• Fixed the master node crash at processing anonymous
  requests with a nil instance uuid (gh-11531).
• Improved the calculation of waste_size in tuple:info() and space:stat()
  (gh-10217).
• Fixed a bug when box.ctl.promote could hang if a candidate server got
  a message from a follower that the leader was already seen (gh-10836).
• Fixed a bug when box.ctl.promote could crash if a candidate
  server lost and regained quorum during promotion (gh-10836).
• Fixed a misleading error thrown on an attempt to revoke privileges from the
  'admin' user and 'super' role (gh-11526).
• Fixed reading after MsgPack end of an invalid interval MsgPack on decoding.
  Fixed checking bounds on decoding of year, month, week, and nanosecond, and
  adjusted the fields of the interval MsgPack (gh-10360).
• Fixed a crash, undefined behaviour, and inconsistent data across replicas that
  could all occur when the WAL queue was full (box.cfg.wal_queue_max_size was
  reached) and transactions blocked on that queue were woken up or cancelled
  spuriously (for example, manually via fiber:wakeup() or fiber:cancel()).
  (gh-11180).
• Fixed a bug when the drop_while method of index iterators (index:pairs(),
  space:pairs()) dropped an extra element (gh-6403).
• Fixed the issue with hanging write operations forever triggered by heavy
  write load and WAL writing failures on cascade rollback (gh-11081).
• Fixed a bug when cancelling a fiber waiting in WAL queue corrupted the
  the WAL (gh-11078).
• Fixed a bug when the timestamps of snapshots created before the server restart
  were not taken into account with checkpoint_interval enabled (gh-9820).
• Fixed a bug when the sizes of *.xlog files created before the server restart
  were not taken into account during the checkpoint_wal_threshold exceedance
  checks (gh-9811).
• Fixed a bug when transactions in the WAL queue were not rolled back on WAL
  error (gh-11179).
• Fixed bug when WAL queue is no flushed properly. In particular
  when building index of vinyl space. In the latter case it may lead
  the new index missing data from transactions in the queue (gh-11118, gh-11119).
• Fixed bug when box.commit({wait = 'none'}) could yield (gh-11224).
• Fixed a bug where tuples with JSON paths in a sequential
  field order could not be found in a hash index.
• Fixed a bug when the box.schema.user.info() function could fail if a current
  user was granted with a non-public role (gh-10057).
• Fixed a crash on an attempt to decode a malformed MsgPack extension
  with zero payload (gh-10361).

Memtx

• Fixed a crash when a transaction that was processed concurrently with
  background index build was rolled back due to WAL failure (gh-10620).
• Fixed a crash when memtx MVCC tried to abort an already committed
  non-memtx transaction if it used a system space view or tried to
  perform a DDL operation (gh-10715).
• Fixed a bug when Tarantool with memtx MVCC enabled was aborted on
  workload with many index:get() operations reading nothing (gh-11022).
• Tarantool allowed to create multikey and functional indexes with
  memtx MVCC enabled, but they were not supported. This led to a crash
  or a panic. Now Tarantool raises an error when one tries to create
  an index of the kind with memtx MVCC enabled (gh-6385, gh-11099).
• Fixed a bug that caused the memtx MVCC to miss conflicts over key definitions
  that used the number type or collations (gh-10159, gh-11292).
• Disallowed alteration of the primary index in a space with
  non-unique or nullable secondary indexes because such alters
  would crash Tarantool (gh-10951).
• Fixed a bug when altering a multikey index and creating a new one over
  the same field could lead to a crash or undefined behavior (gh-11291).
• Now DDL operations abort only transactions related to the space that
  they are modifying (gh-10377).

Vinyl

• Fixed a bug when index.stat() and index.len() could report a wrong number
  of in-memory statements for a non-unique multi-key index of a space with
  the defer_deletes option enabled (gh-10751).
• Fixed a bug when a deleted tuple wasn't purged from a secondary index data
  stored on disk in case it was updated more than once in the same transaction.
  The bug couldn't result in inconsistent query results, but it could lead to
  performance degradation and increased disk usage (gh-10820, gh-10822).
• Fixed a bug when joining a new replica to a master instance that experiences
  a heavy write load severely degrades the master instance performance.
  The fix should also speed up long-running scan requests (gh-10846).
• Fixed a bug when a tuple could disappear from a multikey index in case it
  replaced a tuple with duplicate multikey array entries created in the same
  transaction. With the enabled defer_deletes space option, the bug could
  also trigger a crash (gh-10869, gh-10870).
• Fixed a bug when the tuple cache was not properly invalidated in case
  a WAL write error occurred while committing a space.delete() operation.
  The bug could lead to a crash or an invalid read query result (gh-10879).
• Fixed a bug when a deleted secondary index key wasn't purged on compaction
  of a space with the defer_deletes option enabled (gh-10895).
• Fixed a use-after-free bug in the transaction manager that could be triggered
  by a race between DDL and DML operations affecting the same space (gh-10707).
• Fixed a bug when aborting a transaction by timeout while it was executing
  a statement could trigger a crash (gh-11088).
• Fixed a bug in the tuple cache when a transaction operating in a read view
  could skip a tuple deleted after the read view creation (gh-11079, gh-11294).
• Fixed a bug in the tuple cache when a tuple could become inaccessible via
  a secondary index after a transaction rollback caused by a WAL write error
  (gh-11140).
• Fixed a bug when the garbage collector purged run files left after a dropped
  space without waiting for compaction completion. The bug could result in
  a compaction failure with a "No such file or di...

3.4.1

Date: 2025-08-12
Tag: 3.4.1

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release resolves 31 bugs since 3.4.0.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means that the updating may be performed
with zero downtime for read requests and the order-of-network-lag downtime for
write requests.

Please, follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Bugs fixed

Core

• Fixed a bug where passwords are leaked into logs
  when using listen and bootstrap_leader options.
• Now the server binds all URIs matching the listen parameter in the box
  configuration. Previously, it bound only a single URI per entry. Now,
  providing a single port number makes all interfaces be listened on that port.
  It is also possible now to bind multiple interfaces with a single port number
  (gh-7152).
• Fixed the master node crash at processing anonymous
  requests with a nil instance uuid (gh-11531).
• Fixed a crash, undefined behaviour, and inconsistent data across replicas that
  could all occur when the WAL queue was full (box.cfg.wal_queue_max_size was
  reached) and transactions blocked on that queue were woken up or cancelled
  spuriously (for example, manually via fiber:wakeup() or fiber:cancel()).
  (gh-11180).
• Improved the calculation of waste_size in tuple:info() and space:stat()
  (gh-10217).
• Fixed a bug when box.ctl.promote could hang if a candidate server got
  a message from a follower that the leader was already seen (gh-10836).
• Fixed a bug when box.ctl.promote could crash if a candidate
  server lost and regained quorum during promotion (gh-10836).
• Fixed a misleading error thrown on an attempt to revoke privileges from the
  'admin' user and 'super' role (gh-11526).
• Fixed reading after MsgPack end of an invalid interval MsgPack on decoding.
  Fixed checking bounds on decoding of year, month, week, and nanosecond, and
  adjusted the fields of the interval MsgPack (gh-10360).
• Fixed a bug where tuples with JSON paths in a sequential
  field order could not be found in a hash index.
• Fixed a bug when the box.schema.user.info() function could fail if a current
  user was granted with a non-public role (gh-10057).
• Fixed a crash on an attempt to decode a malformed MsgPack extension
  with zero payload (gh-10361).

Memtx

• Fixed crash/panic due to OOM conditions (gh-11171).
• Fixed a bug when it was possible to commit the transaction even if the node
  became read-only (gh-9937).
• Fixed a bug that caused the memtx MVCC to miss conflicts over key definitions
  that used the number type or collations (gh-10159, gh-11292).
• Disallowed alteration of the primary index in a space with
  non-unique or nullable secondary indexes because such alters
  would crash Tarantool (gh-10951).
• Fixed a bug when altering a multikey index and creating a new one over
  the same field could lead to a crash or undefined behavior (gh-11291).
• Fixed a bug when the initial index size wasn't recorded in the MVCC,
  so no transaction conflict occurred if the index size changed during
  the transaction (gh-10149).

Replication

• Fixed a bug when the node configured as
  box.cfg.bootstrap_mode = 'config'/'supervised'' didn't switch to
  the 'orphan' status even if it failed to synchronize with each of the
  connected nodes (gh-11156).
• Fixed replication hanging in the relay thread when transmitting large tuples
  (more than several megabytes) (gh-11604).

LuaJIT

Backported patches from the vanilla LuaJIT trunk (gh-11278). The following
issues were fixed as part of this activity:

• Fixed JIT slot overflow during recording of trace with up-recursion.
• Fixed stack overflow handling.
• Fixed potential file descriptor leaks in loadfile().
• Fixed error generation in loadfile().
• Fixed incorrect snapshot restore due to stack overflow.
• Fixed assembling of IR SLOAD for the aarch64 architecture.
• Fixed assembling of IR HREFK for the aarch64 architecture.
• Fixed incorrect stp/ldp instructions fusion on aarch64.

Recovery

• Fixed a bug where a master node that crashed and lost its xlog files for
  some reason might never get some of its own rows from upstreams after
  reconnecting. A new ro-reason "waiting_for_own_rows" was introduced for this.
  Now, until the instance has received all its rows, it is in this mode and
  remains read-only (gh-10592).

Tools

• Fixed the sysprof crash (gh-11185, gh-11429) when a sample was collected
  outside the LuaJIT VM.
• It is now possible to call LuaJIT's platform profile function
  misc.sysprof.report() during the profiling as well (gh-11229).

3.3.3

Date: 2025-08-12
Tag: 3.3.3

Overview

Tarantool 3.x is the recommended release series. Users of Tarantool 2.11 are
encouraged to update to the latest 3.x release.

This release resolves 30 bugs since 3.3.2.

Please consider the full list of user-visible changes below.

Compatibility

Tarantool 2.x and 3.x are compatible in the binary data layout, client-server
protocol, and replication protocol. It means that the updating may be performed
with zero downtime for read requests and the order-of-network-lag downtime for
write requests.

Please, follow the upgrade procedure to plan your update actions.

Users of Tarantool 2.x may be interested in the compat options that
allow to imitate some 2.x behavior. This allows to perform application code
update step-by-step, not all-at-once.

Bugs fixed

Core

• Fixed a bug where passwords are leaked into logs
  when using listen and bootstrap_leader options.
• Now the server binds all URIs matching the listen parameter in the box
  configuration. Previously, it bound only a single URI per entry. Now, providing
  a single port number makes all interfaces be listened on that port. It is
  also possible now to bind multiple interfaces with a single port number
  (gh-7152).
• Fixed the master node crash at processing anonymous
  requests with a nil instance uuid (gh-11531).
• Fixed a crash, undefined behaviour, and inconsistent data across replicas that
  could all occur when the WAL queue was full (box.cfg.wal_queue_max_size was
  reached) and transactions blocked on that queue were woken up or cancelled
  spuriously (for example, manually via fiber:wakeup() or fiber:cancel()).
  (gh-11180).
• Improved the calculation of waste_size in tuple:info() and space:stat()
  (gh-10217).
• Fixed a bug when box.ctl.promote could hang if a candidate server got
  a message from a follower that the leader was already seen (gh-10836).
• Fixed a bug when box.ctl.promote could crash if a candidate
  server lost and regained quorum during promotion (gh-10836).
• Fixed a misleading error thrown on an attempt to revoke privileges from the
  'admin' user and 'super' role (gh-11526).
• Fixed reading after MsgPack end of an invalid interval MsgPack on decoding.
  Fixed checking bounds on decoding of year, month, week, and nanosecond, and
  adjusted the fields of the interval MsgPack (gh-10360).
• Fixed a bug where tuples with JSON paths in a sequential
  field order could not be found in a hash index.
• Fixed a bug when the box.schema.user.info() function could fail if a current
  user was granted with a non-public role (gh-10057).
• Fixed a crash on an attempt to decode a malformed MsgPack extension
  with zero payload (gh-10361).

Memtx

• Fixed crash/panic due to OOM conditions (gh-11171).
• Fixed a bug that caused the memtx MVCC to miss conflicts over key definitions
  that used the number type or collations (gh-10159, gh-11292).
• Disallowed alteration of the primary index in a space with
  non-unique or nullable secondary indexes because such alters
  would crash Tarantool (gh-10951).
• Fixed a bug when altering a multikey index and creating a new one over
  the same field could lead to a crash or undefined behavior (gh-11291).
• Fixed a bug when the initial index size wasn't recorded in the MVCC,
  so no transaction conflict occurred if the index size changed during
  the transaction (gh-10149).

Replication

• Fixed a bug when the node configured as
  box.cfg.bootstrap_mode = 'config'/'supervised'' didn't switch to
  the 'orphan' status even if it failed to synchronize with each of the
  connected nodes (gh-11156).
• Fixed replication hanging in the relay thread when transmitting large tuples
  (more than several megabytes) (gh-11604).

LuaJIT

Backported patches from the vanilla LuaJIT trunk (gh-11278). The following
issues were fixed as part of this activity:

• Fixed JIT slot overflow during recording of trace with up-recursion.
• Fixed stack overflow handling.
• Fixed potential file descriptor leaks in loadfile().
• Fixed error generation in loadfile().
• Fixed incorrect snapshot restore due to stack overflow.
• Fixed assembling of IR SLOAD for the aarch64 architecture.
• Fixed assembling of IR HREFK for the aarch64 architecture.
• Fixed incorrect stp/ldp instructions fusion on aarch64.

Recovery

• Fixed a bug where a master node that crashed and lost its xlog files for
  some reason might never get some of its own rows from upstreams after
  reconnecting. A new ro-reason "waiting_for_own_rows" was introduced for this.
  Now, until the instance has received all its rows, it is in this mode and
  remains read-only (gh-10592).

Tools

• Fixed the sysprof crash (gh-11185, gh-11429) when a sample was collected outside
  the LuaJIT VM.
• It is now possible to call LuaJIT's platform profile function
  misc.sysprof.report() during the profiling as well (gh-11229).