root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 5 Packages Projects Releases Wiki Activity
rabbitmq-server/release-notes/3.7.18.md

6.3 KiB
Raw Permalink Blame History

RabbitMQ 3.7.18

RabbitMQ 3.7.18 is a maintenance release that includes a fix to CVE-2019-11281. Kudos to Markus @RareData Alvila for responsibly disclosing the vulnerability.

The release also contains bug fixes and internal API changes that refine the common plugin API with the upcoming 3.8.0 version.

Erlang/OTP Compatibility Notes

Per the new Erlang version support policy in effect starting with January 2019, this release no longer supports Erlang/OTP 19.3. Make sure a supported Erlang version is used before upgrading.

Provisioning Latest Erlang Releases explains what package repositories and tools can be used to provision latest patch versions of Erlang 21.3.x and 22.x.

Compatibility Notes

This release introduces credential obfuscation for Shovel connections and Federation links. This requires one more application (library) from Erlang/OTP, tools. Operators must make sure that the Erlang runtime provides it. On Debian-based systems, the package erlang-tools must be installed.

This release contains a breaking change to the plugin API around queue state access introduced in 3.7.17. Plugins that do not use that API revision are not affected. All plugins that ship with RabbitMQ have been updated as necessary.

This revision was necessary to maintain a single API with the upcoming 3.8.0 release.

Upgrading to Erlang 21.x or Later Versions

When upgrading to this release and upgrading Erlang to 21.x or later at the same time, extra care has to be taken. Since CLI tools from RabbitMQ releases older than 3.7.7 will fail on Erlang 21 or later, RabbitMQ must be upgraded before Erlang.

Upgrade Doc Guides and Change Log

See 3.7.0 release notes upgrade and compatibility notes first if upgrading from an earlier release.

See the Upgrading guide for general documentation on upgrades and RabbitMQ change log for release notes of other releases.

Getting Help

Any questions about this release, upgrades or RabbitMQ in general are welcome on the RabbitMQ mailing list.

Changes

Core Server

Enhancements

  • New style config file parser is now more forgiving, handles trailing whitespace and empty lines better.

    GitHub issue: rabbitmq/rabbitmq-server#2073

  • gen_server2 now includes two new functions, stop/1 and stop/3, which gen_server in OTP introduced a couple of releases ago.

    Contributed by @codeadict.

    GitHub issue: rabbitmq/rabbitmq-common#335

Bug Fixes

Management Plugin

Enhancements

  • Two more TLS listener options are now available via new style configuration file: management.ssl.verify and management.ssl.fail_if_no_peer_cert.

    GitHub issue: rabbitmq/rabbitmq-management#735

Bug Fixes

AMQP 1.0 Plugin

Bug Fixes

  • Connections that fail due to insufficient client permissions (authorisation failures) are now handled gracefully with reasonable log messages.

    GitHub issue: rabbitmq/rabbitmq-amqp1.0#92

Shovel Plugin

Bug Fixes

  • Sensitive values in Shovel connection state (namely, the connection credentials) are now stored in encrypted form. This avoids unintentional credential logging by the runtime (exception logger) at the cost of making troubleshooting authentication failures harder.

    GitHub issue: rabbitmq-erlang-client#123

Federation Plugin

Bug Fixes

  • Sensitive values in Federation link state (namely, the connection credentials) are now stored in encrypted form. This avoids unintentional credential logging by the runtime (exception logger) at the cost of making troubleshooting authentication failures harder.

    GitHub issue: rabbitmq-erlang-client#123

RabbitMQ Erlang Client

Bug Fixes

  • Sensitive values in connection state (namely, the connection credentials) are now stored in encrypted form. This avoids unintentional credential logging by the runtime (exception logger) at the cost of making troubleshooting authentication failures harder.

    GitHub issue: rabbitmq-erlang-client#123

Web STOMP Examples Plugin

Bug Fixes

Web MQTT Examples Plugin

Bug Fixes

Source code archives

Warning: The source code archive provided by GitHub only contains the source of the broker, not the plugins or the client libraries. Please download the archive named rabbitmq-server-3.7.18.tar.xz.