- [fix][sec] Upgrade to Netty 4.1.118 to address CVE-2025-24970 (#23965)
- [feat][client] Support forward proxy for the ZTS server in pulsar-client-auth-athenz (#23947)
- [fix] Avoid NPE when closing an uninitialized SameAuthParamsLookupAutoClusterFailover (#23911)
- [fix] Initialize UrlServiceProvider before trying to use transaction coordinator (#23914)
- [fix][client] Fix LoadManagerReport not found (#23886)
- [fix][client] Fix memory leak in ClientCnx.newLookup when there's TooManyRequestsException (#23971)
- [fix][client] Fix memory leak when message size exceeds max message size and batching is enabled (#23967)
- [fix][client] Orphan producer when concurrently calling producer closing and reconnection (#23853)
- [fix][client] call redeliver 1 msg but did 2 msgs (#23943)
- [fix][client] fix retry topic with exclusive mode. (#23859)
- [improve][client] Avoid logging errors for retriable errors when creating producer #23935