Releases: getsentry/self-hosted
26.5.1
This release is a hotfix for the self-hosted cache backend. Django's PyMemcacheCache client is not thread-safe when shared across context-propagating worker threads, which could wedge ingest-occurrences and ingest-monitors. We've switched to ReconnectingMemcache to match the bundled Sentry image config.
install.sh migrates stock configs automatically; custom OPTIONS dictionaries keep their values and get a reconnect_age=300 fallback. No manual configuration changes needed.
Bug Fixes 🐛
- (config) Migrate PyMemcacheCache to ReconnectingMemcache by @sentry-junior in #4338
Other
- Clean up statsd monitoring configuration comments by @bobvandevijver in #4334
- Bump postgres 14.23-bookworm by @aminvakil in #4330
Contributors
Assets 2
26.5.0
Important
install.sh
A feature flag update is needed in sentry/sentry.conf.py — make sure to apply it manually before running the install script. Your docker-compose.yml will be updated automatically, so no manual edits needed there.
Application Metrics is Now GA 🎉
Long-time self-hosters will remember the original metrics product that was quietly retired during beta. That wasn't ideal, and we knew it. The good news: we're back with something properly baked — Application Metrics has graduated to General Availability.
Mobile Size Analysis and Build Distribution are Live
Two new features shipping for mobile teams that is powered by Launchpad, and yes, one new Docker container:
Size Analysis monitors your app's binary size across builds, giving you bundle-level visibility so you can catch size regressions before they hit production — and actually understand why a build got heavier.
Build Distribution handles secure distribution of app builds to internal teams and beta testers straight from CI, with access control and installation analytics included.
p.s., there's another feature called Snapshots (docs preview here) that we'd love to bring to self-hosted, but it depends on objectstore, which isn't ready for self-hosted deployment yet. We'll get there.
Security note: LAUNCHPAD_RPC_SHARED_SECRET ships with a hardcoded default in .env that's on the weaker side. If you want stronger internal communication security between taskbroker and launchpad, override it in your .env.custom with a value of your own.
Notable Changes
- Quieter logs: Suppressed noisy output from sentry-options across most services.
snubais still working through it (#4306) - nginx bump: We've updated nginx. We're not directly affected by CVE-2026-42945, but staying current is the right call regardless.
Questions or running into anything unexpected? Come find us on Discord — happy to help and always up for talking through your setup.
New Features ✨
- Enable Metrics by @aldy505 in #4312
- Add launchpad taskworker container by @NicoHinderling in #4267
Bug Fixes 🐛
- (workflows) Prevent shell injection in fast-revert workflow by @fix-it-felix-sentry in #4309
Internal Changes 🔧
- (deps) Bump astral-sh/setup-uv from 8.0.0 to 8.1.0 by @dependabot in #4290
Other
- Bump nginx 1.31.0-alpine by @aminvakil in #4329
Contributors
Assets 2
26.4.2
This release is a hotfix for relay#5913 where Relay versions 26.4.0 and 26.4.1 fail to authenticate with Sentry upstream, encountering HTTP/2 stream errors. The relay continuously retries but gets: http2 error, stream error received: unspecific protocol error detected. This completely blocks event forwarding. What happened is Relay was unconditionally setting the Host header in HTTP/2 requests, violating protocol specs; the fix makes it conditional, only set if explicitly configured, so HTTP/2 can manage it automatically.
No configuration changes needed.
On the next release (26.5.0), we will be shipping Launchpad that powers Mobile Build Distribution & Size Analysis.
Questions or want to talk through your setup? Find us on Sentry's Discord — always happy to chat.
New Features ✨
Bug Fixes 🐛
- Force disable HTTP(S) proxy for seaweedfs services by @DragoonAethis in #4311
Internal Changes 🔧
Deps
- Bump j178/prek-action from 2.0.1 to 2.0.2 by @dependabot in #4289
- Bump actions/setup-node from 6.3.0 to 6.4.0 by @dependabot in #4291
- Bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @dependabot in #4280
- Bump pygments from 2.19.2 to 2.20.0 by @dependabot in #4256
Deps Dev
- Bump pytest from 9.0.1 to 9.0.3 by @dependabot in #4284
- Bump cryptography from 46.0.5 to 46.0.7 by @dependabot in #4275
Other
- (relay) Remove healthcheck from docker compose by @Dav1dde in #4304
- (template) Remove task for updating relocation release tests by @kenzoengineer in #4297
Contributors
Assets 2
26.4.1
TL;DR: Patch release fixing a migration regression from 26.4.0 and a critical SAML SSO security vulnerability. Upgrade promptly.
Warning
No configuration changes required.
SeaweedFS Now Actually Running Its Cleanup Workers
Turns out the SeaweedFS all-in-one binary doesn't spawn its worker and admin modules automatically, which meant cleanup processes were never running. This had been reported a few times, but issue #4106 finally made the picture clear enough to act on.
We've added two dedicated containers to handle this properly. Don't fret about the footprint — they're written in Go, so resource overhead is minimal. Cleanup will now actually happen as intended.
Thanks to everyone who reported this and helped validate the patch.
Taskworker Memory Leak Under High Ingestion
If you're running high ingestion throughput, you may have hit the taskworker memory leak reported in issue #4265. We've addressed it by adding --max-child-task-count to the default taskworker container configuration.
One heads-up: if you've set up workload isolation for taskworker via docker-compose.override.yml, you'll need to add that flag manually to your overrides — it won't carry over automatically.
Other Notable Fixes
- OpenTelemetry projects no longer crash Insights → Backend page. Full OTel project support was causing a crash there; that's resolved. (#4262)
- Reduced ClickHouse CPU usage by suppressing additional redundant data points. (#4266)
- PostgreSQL bumped to 14.22 (patch version). Worth noting: migration to PostgreSQL 17 is coming — it's currently in testing on SaaS, so self-hosted support won't be far behind.
Questions or want to talk through your setup? Find us on Sentry's Discord — always happy to chat.
26.4.0
Caution
This release has issues with InconsistentMigrationHistory if you're upgrading from previous version (see issue #4286). Please wait for the next patch release.
This release is fine if you're doing a fresh install.
We apologize for the inconvenience.
New Features ✨
- (ci) Cancel in-progress PR workflows on new commit push by @joshuarli in #4283
- Add max-child-task-count to taskworker container by @markstory in #4279
- Run SeaweedFS admin and worker instance by @aldy505 in #4259
- Support custom CA certificates for all containers by @aldy505 in #4216
- Remove 'vroom-cleanup' container by @aldy505 in #4217
Bug Fixes 🐛
- (install) Gracefully handle missing containers in minimize-downtime by @shameemkpofficial-git in #4246
- Disable a few more new clickhouse tables by @alkanna in #4269
- Explicit post release command for craft by @aldy505 in #4273
- Use default buildx builder to resolve local images during build by @maiqigh in #4250
Internal Changes 🔧
Deps
- Bump brace-expansion from 5.0.3 to 5.0.5 in /_integration-test/nodejs by @dependabot in #4247
- Bump j178/prek-action from 2.0.0 to 2.0.1 by @dependabot in #4264
- Bump BYK/docker-volume-cache-action from be89365902126f508dcae387a32ec3712df6b1cd to 0efa5cf5178c9906cb46ed8d1a357df8fd6b1a06 by @dependabot in #4253
- Bump astral-sh/setup-uv from 7.6.0 to 8.0.0 by @dependabot in #4254
- Bump getsentry/craft from 2.23.2 to 2.24.1 by @dependabot in #4221
- Bump astral-sh/setup-uv from 7.2.1 to 7.5.0 by @dependabot in #4220
Other
- (config) Remove graduated standalone span ingestion flag by @Dav1dde in #4274
- Restore unpinned actions by @aldy505 in #4243
- Swap pre-commit with prek by @aldy505 in #4235
Other
- Bump postgres 14.22-bookworm by @aminvakil in #4249
Contributors
Assets 2
26.3.1
This is a hotfix release addressing the database migration issue introduced in 26.3.0. If you got hit by that, this is the fix — no configuration changes required.
Optional: Disable Relay's DNS Caching
A few users have reported that the relay container fails to authenticate against web after a fresh install or restart. The culprit is DNS caching that the Relay team enabled via Hickory DNS, it can cause stale resolution under certain networking setups.
If you're running into this, you can work around it by applying the patch from PR #4213. We're likely making this the default in the next release, so consider this a heads-up.
Notable Changes
-
Size Analysis is GA (demo video here) — the feature is now generally available, though we're holding off on including it in the default self-hosted install until the Emerge-related dependencies stabilize. Looking to experiment? You can enable it manually in the meantime.
-
Reduced downtime during upgrades — we've reordered the installation sequence (PR #4202) so Docker images are pulled before the Compose stack is taken down. If you're on a slower connection, you should notice meaningfully less downtime on future upgrades.
-
Graduated feature flags cleanup — since late February, there's been an ongoing effort to remove a large batch of graduated feature flags. Worth a look if you want to know which features are now enabled by default in self-hosted.
Questions or want to talk through your setup? We're on Sentry's Discord — always happy to chat.
26.3.0
Caution
This release contains a migration issue. Please skip directly to the next release.
New Features ✨
Bug Fixes 🐛
Internal Changes 🔧
Deps
- Bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot in #4206
- Bump getsentry/craft from 2.21.7 to 2.23.2 by @dependabot in #4207
- Bump minimatch from 9.0.5 to 9.0.7 in /_integration-test/nodejs by @dependabot in #4189
Contributors
Assets 2
26.2.1
Heya folks! This is just a fix-up for version bump issue on self-hosted repository for the 26.2.0 release. Nothing much changed.
As always, if you run into any issues or have questions about your setup, hop into our Discord—we're always happy to help troubleshoot.
Bug Fixes 🐛
Release
- Restore version bumping for releases by @BYK in #4191
- Be explicit about pre release and post release command by @hubertdeng123 in #4190
Other
- Prevent script injection vulnerability in get-compose-action by @fix-it-felix-sentry in #4179
Internal Changes 🔧
- (deps) Bump getsentry/craft from 2.21.4 to 2.21.7 by @dependabot in #4188
Other
- Use docker-compose shipped in GHA runners by @aminvakil in #4184
Contributors
Assets 2
26.2.0
Caution
Skip this release!
This release is borked, you may read the release notes, but please hold back from upgrading.
Users should wait for 26.2.1 for now, or stay in earlier release.
Quick heads-up: If you're wondering where the mid-month release went—we got delayed by a combination of US holidays, Lunar New Year celebrations, and some unexpected hiccups in our new release process built on Craft. It's now fully sorted, and here's what you're getting.
What's New
Data Forwarding is Live
Data forwarding is now available without any feature flags. You'll find it in Organization Settings → Data Forwarding.
This lets you forward processed error events to third-party providers—currently Segment, Amazon SQS, and Splunk. Useful if you're analyzing errors alongside other datasets, empowering teams outside engineering, or building business intelligence workflows. Note that only error events are forwarded; spans and logs aren't supported yet.
Important Fixes
Missing Feature Flag for Metrics Alerts
If metrics alerts haven't been working for you, check that your sentry.conf.py includes the necessary feature flags from sentry.conf.example.py. Specifically, compare the feature flags section and add anything that's missing.
Nodestore S3 Writes Fixed
We noticed a bug regarding Nodestore writes that was caused by an unbounded boto3 dependency. Fixed in getsentry/sentry-nodestore-s3#3. If you're using S3 for Nodestore, this update should resolve any intermittent write failures you may have seen.
Maintenance
Nginx and Seaweedfs Bumps
We've updated both Nginx and Seaweedfs to their latest versions. These are minor version bumps with no breaking changes, but because the image tags changed, you'll end up with orphaned images. Run docker image prune --all after updating to clear out the old ones and reclaim disk space.
As always, if you run into any issues or have questions about your setup, hop into our Discord—we're always happy to help troubleshoot.
New Features ✨
- Updates seaweedfs image to 4.09 by @ronaldorcampos in #4173
- Provide blank environment variables for AWS SES relay by @aldy505 in #4164
Bug Fixes 🐛
- (test) Add Authority Key Identifier to SSL certificates by @oioki in #4162
- Add "organizations:on-demand-metrics-extraction" ff to enable metric alerts by @mzglinski in #4170
Internal Changes 🔧
Deps
- Bump getsentry/craft from 2.21.2 to 2.21.4 by @dependabot in #4172
- Bump getsentry/craft from 2.20.1 to 2.21.2 by @dependabot in #4166
- Bump getsentry/action-release from 3.4.0 to 3.5.0 by @dependabot in #4133
- Bump actions/checkout from 6.0.0 to 6.0.2 by @dependabot in #4155
- Bump actions/setup-python from 6.1.0 to 6.2.0 by @dependabot in #4154
- Bump getsentry/craft from 2.19.0 to 2.20.1 by @dependabot in #4152
- Bump actions/setup-node from 6.1.0 to 6.2.0 by @dependabot in #4153
- Bump astral-sh/setup-uv from 7.1.6 to 7.2.0 by @dependabot in #4132
- Bump codecov/test-results-action from 1.1.1 to 1.2.1 by @dependabot in #4115
- Bump codecov/codecov-action from 5.5.1 to 5.5.2 by @dependabot in #4102
- Bump urllib3 from 2.5.0 to 2.6.3 by @dependabot in #4150
Other
- (craft) Update minVersion from 0.23.1 to 2.21.6 by @BYK in #4177
- (deps-dev) Bump cryptography from 46.0.3 to 46.0.5 by @dependabot in #4168
- Fix changelog-preview for external contributors by @BYK in #4158
Other
- Bump nginx 1.29.5 by @aminvakil in #4167
- Allow configuring Sentry taskworker concurrency via env by @madest92 in #4149
Contributors
Assets 2
26.1.0
New Features ✨
Build / dependencies / internal 🔧
- (deps) Bump astral-sh/setup-uv from 7.1.5 to 7.1.6 by @dependabot in #4100
Other
- Include SDK version 10 when using local JS SDK assets by @hsgt-brice in #4130
