Skip to content

dubbo-2.6.10.1
Compare
Choose a tag to compare
@AlbumenJ AlbumenJ released this 29 May 17:15
dubbo-2.6.10.1
d388050

Notice

1. ScriptRouter

ScriptRouter will not be activated defaultly. If user still wants use it, please add scriptRouterFactory in selfs spi file.
See dubbo-cluster/src/test/resources/META-INF/dubbo/internal/org.apache.dubbo.rpc.cluster.RouterFactory

2. Gerenic Invoke

Native Java deserialization will not be activated defaultly. If user still wants use it, please set dubbo.security.serialize.generic.native-java-enable as true in environment.

3. Serialization Block List

An embedded serialization block list is introduced in dubbo-common/src/main/resources/security/serialize.blockedlist.
If user wants to add allow list, please refer dubbo.security.serialize.allowedClassList.

4. Serialization ID Check

An optional checker can be enabled to check if consumer has sent the permitted serialiaztion id and consumer has received the same serialization id like it sent to provider. You can set serialization.security.check as true to enable this feature.

Change Lists

  • Evacuation unnecessary example Initialization, creation Resource cost
  • Fix TPS Limiter not work under Dynamic Configuration
  • Solve the problem of not sharing the shared connection under lazy mode
  • Fix methodName and retries in FailoverClusterInvoker
  • Fix Dubbo qos command not work to offline provider
  • Add socks5 proxy support to netty4 client
  • Support high version Nacos
  • Add some serialize check
  • Fix MonitorService missing side=consumer paramter issue
  • Fix netty3 backlog
  • Fix Deserialization vulnerability
Assets 2