26.2.1

Heya folks! This is just a fix-up for version bump issue on self-hosted repository for the 26.2.0 release. Nothing much changed.

---

As always, if you run into any issues or have questions about your setup, hop into our Discord—we're always happy to help troubleshoot.

Bug Fixes 🐛

Release

• Restore version bumping for releases by @BYK in #4191
• Be explicit about pre release and post release command by @hubertdeng123 in #4190

Other

• Prevent script injection vulnerability in get-compose-action by @fix-it-felix-sentry in #4179

Internal Changes 🔧

• (deps) Bump getsentry/craft from 2.21.4 to 2.21.7 by @dependabot in #4188

Other

• Use docker-compose shipped in GHA runners by @aminvakil in #4184

26.2.0

Caution

This release is borked, you may read the release notes, but please hold back from upgrading.
Users should wait for 26.2.1 for now, or stay in earlier release.

Quick heads-up: If you're wondering where the mid-month release went—we got delayed by a combination of US holidays, Lunar New Year celebrations, and some unexpected hiccups in our new release process built on Craft. It's now fully sorted, and here's what you're getting.

What's New

Data Forwarding is Live

Data forwarding is now available without any feature flags. You'll find it in Organization Settings → Data Forwarding.

This lets you forward processed error events to third-party providers—currently Segment, Amazon SQS, and Splunk. Useful if you're analyzing errors alongside other datasets, empowering teams outside engineering, or building business intelligence workflows. Note that only error events are forwarded; spans and logs aren't supported yet.

Important Fixes

Missing Feature Flag for Metrics Alerts

If metrics alerts haven't been working for you, check that your sentry.conf.py includes the necessary feature flags from sentry.conf.example.py. Specifically, compare the feature flags section and add anything that's missing.

Nodestore S3 Writes Fixed

We noticed a bug regarding Nodestore writes that was caused by an unbounded boto3 dependency. Fixed in getsentry/sentry-nodestore-s3#3. If you're using S3 for Nodestore, this update should resolve any intermittent write failures you may have seen.

Maintenance

Nginx and Seaweedfs Bumps

We've updated both Nginx and Seaweedfs to their latest versions. These are minor version bumps with no breaking changes, but because the image tags changed, you'll end up with orphaned images. Run docker image prune --all after updating to clear out the old ones and reclaim disk space.

---

As always, if you run into any issues or have questions about your setup, hop into our Discord—we're always happy to help troubleshoot.

New Features ✨

• Updates seaweedfs image to 4.09 by @ronaldorcampos in #4173
• Provide blank environment variables for AWS SES relay by @aldy505 in #4164

Bug Fixes 🐛

• (test) Add Authority Key Identifier to SSL certificates by @oioki in #4162
• Add "organizations:on-demand-metrics-extraction" ff to enable metric alerts by @mzglinski in #4170

Internal Changes 🔧

Deps

• Bump getsentry/craft from 2.21.2 to 2.21.4 by @dependabot in #4172
• Bump getsentry/craft from 2.20.1 to 2.21.2 by @dependabot in #4166
• Bump getsentry/action-release from 3.4.0 to 3.5.0 by @dependabot in #4133
• Bump actions/checkout from 6.0.0 to 6.0.2 by @dependabot in #4155
• Bump actions/setup-python from 6.1.0 to 6.2.0 by @dependabot in #4154
• Bump getsentry/craft from 2.19.0 to 2.20.1 by @dependabot in #4152
• Bump actions/setup-node from 6.1.0 to 6.2.0 by @dependabot in #4153
• Bump astral-sh/setup-uv from 7.1.6 to 7.2.0 by @dependabot in #4132
• Bump codecov/test-results-action from 1.1.1 to 1.2.1 by @dependabot in #4115
• Bump codecov/codecov-action from 5.5.1 to 5.5.2 by @dependabot in #4102
• Bump urllib3 from 2.5.0 to 2.6.3 by @dependabot in #4150

Other

• (craft) Update minVersion from 0.23.1 to 2.21.6 by @BYK in #4177
• (deps-dev) Bump cryptography from 46.0.3 to 46.0.5 by @dependabot in #4168
• Fix changelog-preview for external contributors by @BYK in #4158

Other

• Bump nginx 1.29.5 by @aminvakil in #4167
• Allow configuring Sentry taskworker concurrency via env by @madest92 in #4149

26.1.0

New Features ✨

• Switch nodestore-s3 package to getsentry org by @aldy505 in #4119

Build / dependencies / internal 🔧

• (deps) Bump astral-sh/setup-uv from 7.1.5 to 7.1.6 by @dependabot in #4100

Other

• Include SDK version 10 when using local JS SDK assets by @hsgt-brice in #4130

25.12.1

TL;DR: Skip 25.12.0 and upgrade directly to this version. We caught a migration bug shortly after the previous release—details below.

What's Fixed

Migration bug from 25.12.0 — We shipped a migration issue in the previous release that could cause upgrade problems. This patch resolves it cleanly. If you're still on 25.11.x or earlier, you can upgrade straight to 25.12.1 without touching 25.12.0.

SeaweedFS error noise — Fixed those persistent "failed to assign filer id" errors (#4074) by bumping the SeaweedFS version in the Docker Compose file. The logs should be much quieter now.

Action Required

None. No configuration changes needed—just pull and deploy.

---

This is our last release of 2025. Thanks for running self-hosted Sentry, and have a great holiday season!

Questions or issues? We're on Discord and happy to help.

Build / dependencies / internal 🔧

• chore(deps): bump seaweedfs version to 3.97 by @kostirez1 in #4120

25.12.0

Caution

This release is a bit problematic. Skip this release, or try the workaround.

Quiet release. Just maintenance.

This release keeps us aligned with upstream Sentry and fixes an installation script bug that caused errors when running the script multiple times. It was a minor Bash scripting slip-up on our end—fixed in #4076.

No breaking changes, no configuration updates required.

---

Questions or issues? We're on Discord and happy to help.

New Features ✨

• feat(release): Manually run post release script by @hubertdeng123 in #4073

• feat: bump action-setup-venv to use working-directory by @aldy505 in #4098

Bug Fixes 🐛

• fix: Provide useful info on permission errors by @BYK in #4096
• fix: missing 'SENTRY_SYSTEM_SECRET_KEY' declaration on Docker Compose block by @aldy505 in #4087
• fix: grep seaweedfs bucket name instead of using awk by @aldy505 in #4076

Build / dependencies / internal 🔧

Deps

• build(deps): bump actions/create-github-app-token from 2.2.0 to 2.2.1 by @dependabot in #4090

• build(deps): bump actions/setup-node from 4.4.0 to 6.1.0 by @dependabot in #4091

• build(deps): bump astral-sh/setup-uv from 7.1.4 to 7.1.5 by @dependabot in #4093

• chore: guard unit-test.sh from being invoked by users by @aldy505 in #4085

• chore: ask installation type on problem report template by @aldy505 in #4086

Other

• Revert "Revert "ref: migrate to uv (#4061)"" by @aldy505 in #4097
• Revert "ref: migrate to uv (#4061)" by @BYK in #4094
• test: integration test for user feedback by @aldy505 in #3880
• ref: migrate to uv by @aldy505 in #4061
• Add shm_size configuration back to postgres by @max-wittig in #4072

25.11.1

TL;DR: If you're not using profiling, you can skip this one.

Profiling Storage Fix

We've fixed a profiling storage issue where profiles were consistently returning "not found" due to a missing configuration. If you're running profiling, you'll need to update both your sentry/config.yml and docker-compose.yml files. From now on, we'll be storing profiles data on SeaweedFS, you can see for yourself if it's storage-consuming later on 😉.

For those using external storage: make sure vroom and filestore-profiles point to the same bucket. The profiles need to end up in the same place they're being retrieved from, straightforward, but easy to miss if your configuration split them.

What's Actually Happening Under the Hood

The profiling team has been working on vroomrs (mentioned a few releases back), and it's now doing the heavy lifting. The ingest-profiles container now processes profiles immediately via vroomrs and writes them directly to your bucket. This streamlines the pipeline and eliminates the storage mismatch that was causing the "not found" errors.

Community Contribution

(Probably not) Worth calling out: @copilot made their first contribution to the project! Okay jokes aside, we still write Bash scripts by hand.

---

Need help with the update? We're always happy to discuss your setup over on Discord.

Build / dependencies / internal 🔧

• chore: remove some more unused directories by @aldy505 in #4046
• build(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 by @dependabot in #4058
• build(deps): bump actions/checkout from 5 to 6 by @dependabot in #4059
• chore: uptime checker is missing on the release issue by @aldy505 in #4047

Bug Fixes 🐛

• fix(profiling): Ingest profile file path by @Zylphrex in #4060
• fix: ensure seaweedfs lifecycle policy is set correctly by @kodebach in #4040
• fix: missing SYMBOLICATOR_STATSD_ADDR environment var for symbolicator-cleanup by @aldy505 in #4042

Other

• Add dcx shortcut for docker compose exec with HTTP proxy env vars by @copilot-swe-agent in #4067

25.11.0

No major fireworks, just solid, necessary maintenance and performance tweaks that keep things running smoothly.

Say Goodbye to the Old System Overview Page

This one is a necessary cleanup. Since we moved the underlying system from Celery to Taskbroker, the old "System Overview" page in Sentry’s /managed/ section just doesn't provide accurate or useful data anymore. It's now gone (PR #102988). Don't fret that it's missing! If you want to monitor the health of your self-hosted Sentry, you should be using StatsD and external monitoring tools. It gives you far better and more reliable data. Check out the documentation here if you haven't set up proper monitoring yet.

If symbolicator-cleanup container is unhealthy, you might want to snuck in this commit to fix it.

The Profiling Fix

There was a small snag with profiling: a crucial feature flag was missing, which prevented processing via vroomrs (the fast, Rust-based profiling library) from being properly enabled. This has been fixed now (issue #4012). If you use profiling, this means your profiles are back to being processed with that desirable Rust speed and efficiency. It was a minor internal slip-up, but an important one for performance folks.

Relay Gets Leaner

Relay—the component that handles receiving and processing your event data—got an update to reduce its CPU and memory usage. This improvement specifically benefits users running Relay in "proxy mode". While most self-hosted users default to "processing mode", if you happen to be running a complex setup with a separate ingest box, this update should save you some resources. Efficiency is always a good thing, regardless of your architecture size.

---

Questions or need to discuss these changes? Join us on Sentry's Discord! We're always happy to help and discuss your setup.

Various fixes & improvements

• feat: statsd configuration through environment variables (#4031) by @aldy505
• ref: sound SENTRY_DISALLOWED_IPS on the configuration file (#3981) by @aldy505
• fix: broken link to Errors-Only Mode docs (#4032) by @mariansimecek
• Fix Clickhouse max_server_memory_usage_to_ram_ratio setting (#4025) by @otoriphoenix
• Increase default max_suspicious_broken_parts to 100 (#4011) by @stevenobird
• fix(install): add migrate-pgbouncer.sh to install.sh (#4030) by @kodebach
• fix: remove snuba uptime results consumer (#4027) by @aldy505

25.10.0

TL;DR: Symbolicator migrated to distroless images for better security. We've completed the Celery replacement by removing cron and worker containers, and consolidated Snuba consumers into the Event Analytics Platform dataset. No configuration changes required.

Symbolicator Now Uses Distroless Images

We've migrated Symbolicator from Debian to distroless base images. These streamlined containers strip away unnecessary components like package managers, shells, and other OS distribution elements – enhancing security by reducing the attack surface.

Container Consolidation & Dataset Migration

Following last month's announcement, we've now removed the cron and worker containers entirely – taskbroker and taskworker handle everything. We've published comprehensive scaling documentation to help you optimize these services for your workload.

We've also retired the snuba-spans consumer in favor of three focused replacements: process-spans, process-segments, and snuba-eap-items-consumer. This consolidation routes most products (errors, spans, uptime monitoring, and logs) into the Event Analytics Platform (EAP) dataset – making cross-product correlation faster and more efficient.

Other Notable Changes

• Reference architectures: We've added a new Reference Architectures section to the documentation to help you plan and scale your deployment.
• Enhanced data scrubbing: Relay now automatically scrubs otp and two_factor as sensitive values (PR #5250).
• Trace waterfall cleanup: We've removed the "No instrumentation" placeholder from trace waterfalls (PR #101408).
• Pre-release features: Looking to experiment? Check out Native OTLP Ingestion (#3830) and Trace Metrics (#3993) – both available for early testing on self-hosted instances.

---

Questions or need to discuss these changes? Join us on Sentry's Discord! We're always happy to help and discuss your setup.

Various fixes & improvements

• fix: geoip standalone script should check on CONTAINER_ENGINE variable first (#3982) by @aldy505
• fix: missing -dir flag for seaweedfs (#3991) by @aldy505
• Remove symbolicator volume once (#3994) by @aminvakil
• Remove symbolicator external volume (#3992) by @aminvakil
• chore(spans): Remove old snuba-spans consumer (#3989) by @jjbayer
• Bump redis 6.2.20-alpine (#3988) by @aminvakil
• ref: add continue-on-error for codecov action on self-hosted integration tests (#3978) by @aldy505
• ref: use dedicated healthcheck command for symbolicator & remove cron for symbolicator-cleanup (#3979) by @aldy505
• fix(actions): include arch and compose_profiles information on cache keys (#3974) by @aldy505
• ref: Remove proxy_next_upstream directives (#3973) by @aminvakil
• fix: Unset the proxy when performing the seaweedfs health check (#3959) by @SteppingHat
• fix: logic error in s3 install script (#3965) by @kodebach
• Fix swap allocation in integration test (#3972) by @aminvakil
• chore(tasks) Remove reference to celery (#3962) by @markstory
• Respect uppercase proxy variables (#3949) by @aminvakil
• chore(tasks): Remove the worker and cron containers (#3946) by @markstory
• fix: install behind a proxy (#3944) by @moroine

25.9.0

Caution

Skip this, and go straight to 25.10.0 instead!
This release (the install script, specifically) had a problem with setting up storage for attachment. It's fixed if you skip directly to 25.10.0 or the latest hard stop. More information on this issue comment.

Logs is Now Available for Self-Hosted! 🪵🪵

Logs is now available for self-hosted deployments! To properly enable it on your instance, you'll need to update your sentry.conf.py to match the example one – this step is essential for functionality.

ClickHouse Upgrade to 25.3

We've upgraded ClickHouse to 25.3, which should resolve that persistent connection closed prematurely error from Snuba consumers. We've confirmed it was a ClickHouse issue rather than Snuba's. As a standard precaution, please ensure you back up your server before upgrading – it's always the right move.

Updated Memory Requirements

We've had to increase the minimum requirements to 16 GB of swap file. That brings us to 32 GB total memory (16 GB physical RAM + 16 GB swap). If you're handling significant traffic though, you're likely already running well above these specifications.

PGBouncer Integration

We've integrated PGBouncer into the Docker Compose stack to better manage Postgres connections. The install script will handle your sentry.conf.py updates automatically. For non-interactive-TTY users, please set the environment variable SKIP_USER_PROMPT=1.

SeaweedFS for Nodestore (Opt-in)

We're introducing SeaweedFS with its S3-compatible API for storing Nodestore data. This is opt-in, and you'll see a prompt during installation, similar to PGBouncer.

For context: Nodestore manages raw events data, which can become substantial with high event volumes. Previously, self-hosted deployments stored this in Postgres (which we acknowledge wasn't ideal), while SaaS uses Google BigTable. We believe SeaweedFS provides a practical middle-ground solution.

Good news: you won't lose your existing event details from Postgres until the retention period passes, and there's no need to migrate your Nodestore data from Postgres to S3. We've included write_through, read_through, and delete_through options for passing operations to Nodestore data in Postgres – these default to True for new installations. After 90 days, we recommend setting these options to False. Learn more: https://github.com/stayallive/sentry-nodestore-s3#installation

Enhanced Security Defaults

SENTRY_DISALLOWED_IPS in sentry.conf.py now includes more secure defaults. This enhancement prevents Sentry from making outbound connections to private/internal IPs in integration and webhook requests. If your integrations or webhooks require access to internal addresses, you can safely override this setting.

Taskbroker & Taskworker Replace Celery

Taskbroker & taskworker are now enabled to replace Celery – eliminating the outdated RabbitMQ and reducing Redis memory consumption. Please remove any options disabling taskbroker in your sentry.conf.py. Next month, we'll be retiring the cron and worker containers as planned.

Other Notable Changes

• New feature flags: We've added several new feature flags to sentry.conf.example.py – please ensure these are included in your sentry.conf.py. Some of these flags indicate we're transitioning the Insights page to use the eap dataset instead of the legacy metrics dataset.
• Air-gapped support: For air-gapped environments, please add SENTRY_AIR_GAP = True to your sentry.conf.py configuration. This ensures no unwanted outgoing HTTP calls are made to external services.
• Vroom script fix: We've corrected an oversight in the Vroom chmod script that affected errors-only users. We've now properly added errors-only to the integration test matrix for both AMD64 and ARM64, ensuring full coverage going forward.
• Dependency updates: We've updated patch versions for self-hosted dependencies (Postgres, Redis, and Kafka). Nginx received a minor version bump to the latest stable release, which maintains full compatibility.

---

Questions or need to discuss these changes? Join us on Sentry's Discord! We're always happy to help and discuss your setup.

Various fixes & improvements

• fix: able to setup nodestore multiple times (#3940) by @aldy505
• build(deps): bump actions/create-github-app-token from 2.1.1 to 2.1.4 (#3936) by @dependabot
• docs: provide information for SENTRY_AIR_GAP flag on Django config file (#3935) by @aldy505
• feat: Use S3 node store with seaweedfs (#3498) by @BYK
• feat(tasks): Remove taskworker option override and add worker healthcheck (#3933) by @markstory
• feat: install script to migrate sentry.conf.py config to use pgbouncer (#3898) by @aldy505
• chore(deps): bump clickhouse to 25.3 (#3878) by @aldy505
• feat: enable issue-views flag (#3922) by @aldy505
• feat: query against eap dataset instead of metrics dataset for spans (#3923) by @aldy505
• build(deps): bump actions/setup-python from 5 to 6 (#3927) by @dependabot
• Add restart policy to pgbouncer service (#3925) by @frederikspang
• fix(tests): skip logs event test for errors-only (#3915) by @aldy505
• Improve nginx depends_on policy (#3914) by @aminvakil
• test: run errors-only integration tests (#3910) by @aldy505
• feat: enable Logs feature (#3912) by @aldy505
• fix: ensuring vroom permission should be skipped on errors-only (#3911) by @aldy505
• chore(deps): bump patches version (#3879) by @aldy505
• Revert "increase postgres max_connections above 100 connections (#2740)" (#3899) by @aminvakil
• Add pgbouncer (#3884) by @frederikspang
• chore: resolve GHA code scanning alerts (#3889) by @aldy505
• fix(enhancement): search for permissions on docker container instead of host and combine it in one command for performance enhancement (#3890) by @LvckyAPI
• build(deps): bump actions/create-github-app-token from 2.1.0 to 2.1.1 (#3885) by @dependabot
• build(deps): bump actions/checkout from 4 to 5 (#3883) by @dependabot

25.8.0

Important

If you have .env.custom or other custom .env files, make sure to adjust your image value to ghcr.io/getsentry/{project} instead of getsentry/{project}. We're no longer publishing Docker images to DockerHub and will be moving to GitHub Container Registry.

We're excited to see so many new contributors bringing their excellent work to this release! Here's what's new:

Default Disallowed IPs

SENTRY_DISALLOWED_IPS defaults will be changed in the next self-hosted release. These defaults are commented out right now here: getsentry/sentry@4c4eec3, but will be adopted in 25.9.0.

Podman support

We finally addressed that 5 years old issue requesting Podman support. Since podman compose has become quite compatible with docker compose, we decided it was time to make this happen. To use it, simply run the install script with CONTAINER_ENGINE_PODMAN=1 ./install.sh. If you successfully get self-hosted Sentry running with Podman, we'd love to hear about it on our Discord!

Healthchecks for Sentry containers

Previously, only databases and web containers had healthchecks, which wasn't ideal. We've now added healthchecks to most containers, so you can easily spot which ones are having issues without digging through logs one by one. Just make sure your docker-compose.yml is updated to take advantage of this improvement.

Various configuration changes

We made several configuration changes that should improve your experience. In docker-compose.yml, we added some missing containers related to snuba-subscriptions-generic-metrics, which fixes the issue where metrics alerts weren't triggering properly (see issue #3838).

In sentry.conf.py, we reorganized the feature flags and added the missing organizations:profiling-view flag to ensure profiling works correctly in the web UI. One important change: make sure you have SENTRY_OPTIONS["taskworker.enabled"] = False so your jobs continue running on Celery. We're planning to transition to Taskbroker next month, which will also remove the cron and worker containers, reducing the load on Redis (or RabbitMQ) queues.

Other notable changes

• We bumped the minimum bash version to 4.4.0. If you're running CentOS 7, you'll need to either upgrade your distribution or upgrade bash (though the latter is more challenging).
• The chown command for the sentry-vroom volume used to take an unnecessarily long time. We've optimized it to check ownership first before executing the command, making it much faster.
• New available preview feature: Native OTLP ingestion! See issue #3830.
• The sentry image is no longer being published on DockerHub. As mentioned in release notes for 25.7.0, we're going to remove workflows to push images to DockerHub in the upcoming months.

For questions or discussion about these changes, join us on Sentry's Discord! We're always happy to chat.

Various fixes & improvements

• feat: Relay healthcheck (#3875) by @aldy505
• fix: setup swapfile only if runner architecture is X64 or X86 (#3876) by @aldy505
• Set minimum bash version to 4.4.0 (#3873) by @aminvakil
• fix: adjust file healthcheck durations (#3874) by @mzglinski
• feat: healthchecks for sentry components (#3859) by @mzglinski
• fix(eap): Fix dataset parameter to target spans (#3866) by @phacops
• build(deps): bump actions/create-github-app-token from 2.0.6 to 2.1.0 (#3865) by @dependabot
• fix(scripts): use env to find bash interpreter (#3861) by @Zaczero
• fix(scripts): every known flags should be shifted before executing the sentry command (#3831) by @aldy505
• fix: uptime checker image should be bumped to the tagged release (#3858) by @aldy505
• fix(enhancement): ensure correct ownership check before setting permissions of profiles (#3855) by @LvckyAPI
• chore(features): cleanup feature flags grouped by its' category (#3843) by @aldy505
• fix: add schedulers for generic metrics subscriptions (#3847) by @mzglinski
• feat: Continue using celery in self-hosted for now (#3845) by @markstory
• feat(features): add profiling-view flag (#3837) by @aldy505
• Potential fix for code scanning alert no. 12: Workflow does not contain permissions (#3822) by @aldy505
• docs: clearly state that system.internal-url-prefix shouldn't be changed (#3829) by @aldy505
• feat(install): Adds support for podman(compose) (#3673) by @DuncanConroy
• fix(action): missing project directory path for failure inspection (#3825) by @aldy505
• Cleanup unused feature flags (#3820) by @doc-sheet
• feat: inspect docker compose failure on self-hosted e2e action (#3817) by @aldy505