root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity
rabbitmq-server/release-notes/3.5.8.md

1.1 KiB
Raw Permalink Blame History

RabbitMQ 3.5.8

RabbitMQ 3.5.8 fixes a security vulnerability (CVE-2016-9877) in the MQTT plugin.

Server

Security

  • rabbit_diagnostics:maybe_stuck/0 no longer prints process' dictionary because it may contain PRNG seed values and other sensitive information.

MQTT Plugin

Security

  • Authentication with correct username but omitted password succeeded when TLS/x509 certificate wasn't provided by the client. CVE allocation for this vulnerability is pending.

    GitHub issue: rabbitmq-mqtt#96

Upgrading

To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained.

To upgrade a RabbitMQ cluster, follow the instructions in RabbitMQ documentation.

Source code archives

Warning: The source code archive provided by GitHub only contains the source of the broker, not the plugins or the client libraries. Please download the archive named rabbitmq-3.5.8.tar.gz.