NATS updates

[AlexL]

Documentation currently states:
Local or remote installation of the NATS server 2.10.18, 2.10.22, 2.10.28, 2.12.5.

but for PostgreSQL it states version x.y or later, within the same major version.

Question: the latest released NATS version 2.12.8, would that also be supported perhaps? It feels somewhat silly when upgrading from 2.10.28 to 2.12.x, to knowingly install an older version while seeing a long list of resolved bugs for the 2.12.6, 2.12.7 and 2.12.8.

Clarification on this topic would be appreciated.

[t7MevELx0]

+1 on this question.

I would also appreciate clarification from Veeam on this.

VB365 8.4 currently lists NATS 2.12.5 as supported, but newer NATS security fixes appear to land in 2.12.6 and later. If 2.12.5 is supported, can Veeam confirm whether 2.12.6 or a later 2.12.x build is also supported with VB365 8.4?

I understand not every upstream NATS issue may impact VB365 depending on how NATS is used, but from a security and compliance standpoint it is difficult to justify intentionally installing or remaining on a build with known upstream fixes available.

If Veeam does not currently support anything newer than 2.12.5, what is the recommended mitigation or upgrade path for customers who want to stay within Veeam support while also addressing the NATS CVE fixes?

[Polina]

Hi All,

Based on our experience, NATS may have significant differences even between its minor versions, which is why we are not using the '2.12.x' approach with it.
2.12.6 and 2.12.7 are in testing atm and we cannot yet confirm their support. If you still upgrade to any of those and see issues, open a support to troubleshoot and resolve it.

[AlexL]

ok, clear, I guess I won't be adventurous then and strickly stick to the supported versions
A suggestion though, perhaps add single line to the documention stating exactly this, that newer minor versions within the same 2.10 or 2.12 branches are explicitly not recommended.