Hi, Community!
Our June community report is here! Instead of focusing on major feature releases, the community spent the month strengthening the platform's foundation and production readiness.
Throughout June, contributors concentrated on improving operational stability by finalizing the 3.4.2 maintenance release, enhancing task failover capabilities, fixing high-concurrency edge cases, introducing sensitive data masking for logs, and addressing numerous production issues across deployment, storage, CI, and engineering workflows.
In this report, we'll walk you through the most important production-ready improvements delivered in June, provide upgrade recommendations for production environments, and recognize our top community contributors. Let's dive in! ✨
Project Highlights
Reporting Period: June 1, 2026 – July 1, 2026
- Merged Pull Requests: 22
- Contributors: 9
- Code Changes: +630 / -473
- Major Components: Master, API, Storage, Helm, UI, Documentation & Project Governance
June was primarily a maintenance and platform hardening release cycle. Alongside the Apache DolphinScheduler 3.4.2 release and follow-up fixes, the community delivered meaningful improvements in concurrency safety, log security, Helm deployment, S3 storage handling, and documentation quality.
This update is especially valuable for:
- End users and platform owners who want to quickly understand whether June introduced important stability or usability improvements.
- Platform engineers and DevOps teams who should pay close attention to failover behavior, Helm deployment, S3 storage improvements, and logging security.
- Contributors and developers interested in seeing how the community continues investing in long-term platform reliability and technical governance.
Six Improvements That Matter Most to Users
1. Apache DolphinScheduler 3.4.2 Is Fully Released and Maintained
June included both the official 3.4.2 release and follow-up documentation corrections, representing a typical maintenance release cycle focused on polishing production quality.
Related PRs: #18317, #18319
2. Safer Worker Logs with Password Masking
Worker logs now prevent plaintext passwords from being written to log files.
This improvement is particularly important in enterprise and multi-tenant environments, where credential exposure through logs can become a far greater security risk than ordinary software bugs.
Related PR: #18333
3. Improved Helm Deployment Experience
Several deployment-related improvements landed in June, including fixes for duplicate ConfigMap labels and an updated MySQL Helm chart version.
These changes directly improve deployment reliability and long-term maintainability for Kubernetes users.
Related PRs: #18341, #18336
4. Better Concurrency Safety
A key stability improvement replaces HashMap with ConcurrentHashMap, eliminating potential ConcurrentModificationException issues under high-concurrency workloads.
Although these failures were relatively rare, they could have significant production impact when they occurred.
Related PR: #18331
5. Smarter Task Failover
A new failover enhancement allows Apache DolphinScheduler to automatically terminate external applications when task failover occurs.
This is particularly valuable for Yarn and Kubernetes deployments, preventing orphaned applications from continuing to consume cluster resources after failover.
Related PR: #18353
6. S3 Resource Listings No Longer Stop at 1,000 Objects
Users relying on Amazon S3-compatible storage will no longer encounter incomplete resource listings once object counts exceed 1,000.
This fixes a long-standing usability issue that directly affected storage visibility and operational correctness.
Related PR: #18381
Upgrade Recommendations
If you're running Apache DolphinScheduler in production, we recommend validating this release from two perspectives: maintenance updates and platform stability improvements.
Priority validation areas include:
- Log masking to ensure sensitive credentials are never persisted.
- High-concurrency workload stability.
- S3 resource visibility.
- Helm deployment and upgrade workflows.
We also recommend verifying release documentation and upgrade guides, especially if your organization maintains internal deployment documentation or embedded platform references.
Before incorporating June's updates, we recommend keeping your development environment synchronized using the following commands:
git fetch origin dev
git checkout dev
git pull --rebase
June Contributors
Based on Git author names, nine community members contributed code during June:
- eye-gu
- Jarek Potiuk
- luxiaolong
- njnu-seafish
- suyc
- Victor Laborie
- Wenjun Ruan
- xiangzihao
- Yanjun Qiu
Technical Deep Dive
1. Concurrency Safety: Fixing the Root Cause Instead of the Symptoms
Representative PR: #18331
The UserGroupInformationFactory cache has been upgraded from HashMap to ConcurrentHashMap, accompanied by dedicated concurrency test cases.
The real challenge with concurrency issues isn't that they happen—it's that they occur only under specific high-load conditions and are extremely difficult to reproduce.
When Hive authentication and Kerberos renewal threads accessed the same cache simultaneously, a standard HashMap could trigger ConcurrentModificationException during concurrent iteration and modification.
Instead of applying a temporary synchronization workaround, the community addressed the underlying design by replacing the shared data structure with a thread-safe implementation and introducing dedicated tests that simulate concurrent forEach and logout/login operations.
This fundamentally eliminates the issue rather than masking its symptoms.
For production environments using Hive, Kerberos authentication, or long-lived sessions, this significantly reduces intermittent failures that disappear after retries but remain difficult to diagnose.
Recommended validation focuses on Hive workloads, Kerberos renewal scenarios, and high-concurrency datasource access.
2. Smarter Failover That Cleans Up External Applications
Representative PR: #18353
June introduces a new configuration option, kill-application-when-task-failover, integrated into MasterConfig, task execution logic, and multiple deployment configurations.
Historically, failover primarily ensured scheduling continuity.
However, for external execution engines such as Yarn and Kubernetes, the larger operational risk often comes from orphaned applications that continue consuming resources even after the scheduler has recovered.
This enhancement expands failover beyond scheduler metadata management to include cleanup of execution environments.
The implementation spans core Master logic as well as application.yaml, Docker Compose configurations, Kubernetes Helm values, and documentation, demonstrating that this is a production-ready capability rather than an experimental feature.
For organizations running Yarn or Kubernetes clusters, this provides a unified mechanism for preventing resource leakage after failover events.
Recommended validation includes Master failover testing, interrupted task execution, and verification that legitimate applications remain untouched while orphaned applications are correctly terminated.
3. S3 Pagination Support That Scales Beyond Development Environments
Representative PR: #18381
S3StorageOperator.listStorageEntity() has been enhanced to iterate through paginated results using ContinuationToken instead of relying on a single ListObjectsV2 request.
This addresses a classic production issue.
Development environments rarely exceed 1,000 objects, making the limitation difficult to detect. Once production storage grows beyond that threshold, however, users encounter missing resources even though the underlying files still exist.
Rather than implementing a workaround at the application layer, the community fixed pagination directly within the storage plugin.
Listing now continues until isTruncated() returns false, ensuring every object is returned.
As a result, resource centers, file management interfaces, and directory browsers all benefit automatically.
For organizations using large S3 buckets or treating DolphinScheduler as a centralized resource management platform, this restores correctness—not just convenience.
Recommended validation includes directories containing more than 1,000 objects, mixed folder structures, and confirmation that UI and API results match the actual contents of the storage bucket.
4. Small Change, Major Security Improvement: Log Desensitization
Representative PR: #18333
From a code perspective, this pull request modifies only a small portion of PasswordUtils.
Its impact, however, is far greater than the size of the code change suggests.
Security improvements should never be measured by the number of modified lines.
Plaintext credentials appearing in logs don't usually cause immediate system failures. Instead, they silently propagate through centralized logging platforms, troubleshooting systems, backups, and collaborative workflows, dramatically increasing the attack surface.
This update reflects the community's continued investment in secure-by-default behavior.
Many real-world security incidents originate not from broken authentication systems, but from sensitive information accidentally exposed through ordinary application logs.
For organizations already aggregating Worker logs into ELK, Alibaba Cloud SLS, Amazon CloudWatch, or similar platforms, this enhancement provides even greater value because centralized logging significantly amplifies the potential impact of leaked credentials.
When upgrading, verify that sensitive information is properly masked while ensuring logs still retain sufficient detail for effective troubleshooting.
Development Focus
Looking across all 22 merged pull requests, June represents a classic platform hardening cycle focused on resolving numerous high-frequency production issues that affect reliability over time.
Key investment areas included:
- Release Management & Project Governance: #18310, #18317, #18319, #18363, #18374, #18375
- Runtime Stability: #18331, #18347, #18351, #18352, #18353
- Cloud-Native Deployment: #18336, #18341, #18355, #18360
- Security & Compliance: #18310, #18333, #18363
- Storage & Ecosystem: #18381
- Documentation & User Experience: #18321, #18323, #18327, #18308
If we had to summarize Apache DolphinScheduler's June development in a single sentence, it would be this:
June wasn't about shipping major new features—it was about making Apache DolphinScheduler more reliable, more secure, and better prepared for production by strengthening the operational details that matter most.
Appendix A: Merged Pull Requests in June 2026
-
2026-06-02#18310Add AGENTS.md + SECURITY.md to make the security model discoverable -
2026-06-04#18317Release 3.4.2 -
2026-06-04#18319Hotfix 3.4.2 doc error -
2026-06-05#18321Update the parameter priority explanation in the docs -
2026-06-05#18323Add a note to the parameter priority documentation specifying and fix some issues -
2026-06-07#18316Remove dead code aftert_ds_relation_user_alertgrouptable dropped -
2026-06-10#18331Replace HashMap with ConcurrentHashMap inUserGroupInformationFactory -
2026-06-12#18341Fix duplicateapp.kubernetes.io/namelabel on ConfigMap -
2026-06-12#18333Remove plaintext passwords from the logs -
2026-06-12#18336Update mysql helm chart version -
2026-06-15#18347countTaskInstanceStateByProjectCodesusessubmit_timefiltering -
2026-06-16#18327Fix and enrich the documentation for parameter priority -
2026-06-16#18355Change the description field to optional -
2026-06-17#18353Addkill-application-when-task-failoverlogic -
2026-06-17#18352Fix rerun workflow instance should follow the specifiedworkerGroup -
2026-06-18#18360Change the description field to optional in k8s config -
2026-06-22#18351FixforceTaskSuccesscannot reset the last unsuccessful workflow instance to success -
2026-06-22#18363Fix sonar token leak -
2026-06-23#18374Remove sonar check -
2026-06-23#18375Fix auto labeler error -
2026-06-23#18308Frontend correctly uses the preferred values of the associated project for task creating and workflow scheduling -
2026-06-26#18381Fix list resources returned only 1000 records in s3 storage type
Appendix B: References
- PR #18308: https://github.com/apache/dolphinscheduler/pull/18308
- PR #18310: https://github.com/apache/dolphinscheduler/pull/18310
- PR #18316: https://github.com/apache/dolphinscheduler/pull/18316
- PR #18317: https://github.com/apache/dolphinscheduler/pull/18317
- PR #18319: https://github.com/apache/dolphinscheduler/pull/18319
- PR #18321: https://github.com/apache/dolphinscheduler/pull/18321
- PR #18323: https://github.com/apache/dolphinscheduler/pull/18323
- PR #18327: https://github.com/apache/dolphinscheduler/pull/18327
- PR #18331: https://github.com/apache/dolphinscheduler/pull/18331
- PR #18333: https://github.com/apache/dolphinscheduler/pull/18333
- PR #18336: https://github.com/apache/dolphinscheduler/pull/18336
- PR #18341: https://github.com/apache/dolphinscheduler/pull/18341
- PR #18347: https://github.com/apache/dolphinscheduler/pull/18347
- PR #18351: https://github.com/apache/dolphinscheduler/pull/18351
- PR #18352: https://github.com/apache/dolphinscheduler/pull/18352
- PR #18353: https://github.com/apache/dolphinscheduler/pull/18353
- PR #18355: https://github.com/apache/dolphinscheduler/pull/18355
- PR #18360: https://github.com/apache/dolphinscheduler/pull/18360
- PR #18363: https://github.com/apache/dolphinscheduler/pull/18363
- PR #18374: https://github.com/apache/dolphinscheduler/pull/18374
- PR #18375: https://github.com/apache/dolphinscheduler/pull/18375
- PR #18381: https://github.com/apache/dolphinscheduler/pull/18381

Top comments (0)