root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
rabbitmq-server/release-notes/3.5.8.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

31 lines
1.1 KiB
Markdown
Raw Permalink Normal View History

Move release notes from rabbitmq/rabbitmq-website Keeping them in this repo might encourage more people to update them as changes are merged, and simplify release automation a bit. So let's try it. Per suggestion from @gerhard.
2021-07-31 00:23:19 +08:00
## RabbitMQ 3.5.8
RabbitMQ `3.5.8` fixes a security vulnerability ([CVE-2016-9877](https://pivotal.io/security/cve-2016-9877)) in the MQTT plugin.
### Server
#### Security
* `rabbit_diagnostics:maybe_stuck/0` no longer prints process' dictionary
because it may contain PRNG seed values and other sensitive information.
### MQTT Plugin
#### Security
* Authentication with correct username but omitted password succeeded when TLS/x509 certificate
wasn't provided by the client. CVE allocation for this vulnerability is pending.
GitHub issue: [rabbitmq-mqtt#96](https://github.com/rabbitmq/rabbitmq-mqtt/issues/96)
## Upgrading
To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained.
To upgrade a RabbitMQ cluster, follow the instructions [in RabbitMQ documentation](https://www.rabbitmq.com/clustering.html#upgrading).
## Source code archives
**Warning**: The source code archive provided by GitHub only contains the source of the broker, not the plugins or the client libraries.
Please download the archive named `rabbitmq-3.5.8.tar.gz`.