Skip to content

@NATS-CI NATS-CI released this May 14, 2020 · 323 commits to master since this release

Changelog

Go Version

  • 1.13.10: Both release executables and Docker images are built with this Go release.

Added

  • Monitoring endpoints available via system services (#1362)
  • Configuration no_auth_user allows to refer to a configured user/account when no credentials are provided (#1363)
  • Support to match domainComponent (DC) in RDNSequence with TLS authentication (#1386)
  • Configuration http_base_path for monitoring endpoints. Thanks to @guilherme-santos for the contribution (#1392)

Improved

  • Added close reason in the connection close statement (#1348)

Fixed

  • Switch gateways to interest-only mode for Leafnode accounts (#1327)
  • Leafnode loop detection fixes (#1331, #1338)
  • Service reply interest propagation in some Leafnode scenario (#1334)
  • Inconsistent subscription propagation behavior across accounts and Leafnodes (#1335)
  • Service across account and Leafnodes (#1337)
  • Service responses not delivered after Leafnode restart (#1345)
  • Update remote gateway URLs when node goes away in cluster (#1352)
  • Monitoring endpoint /subsz support for accounts (#1377)
  • Validate options on configuration reload (#1381)
  • Closed connection early in connect handshake may linger in the server (including monitoring /connz) (#1385)
  • Account unnecessarily reloaded in some cases during configuration reload (#1387)
  • default_permissions was not applied to NKey users (#1391)

Complete Changes

v2.1.6...v2.1.7

Assets 21

@NATS-CI NATS-CI released this Mar 31, 2020 · 384 commits to master since this release

Changelog

Go Version

  • 1.13.9: Both release executables and Docker images are built with this Go release.

Added

  • Ability to specify TLS configuration for the account resolver. Thanks to @JnMik for the report (#1272):
resolver_tls {
  cert_file: ...
  key_file: ...
  ca_file: ...
}
  • Client IP (client_ip) in the server's INFO sent to clients. Client libraries may expose that in the future (#1293)
  • Option trace_verbose and command line parameters -VV and -DVV to increase trace and debug verbosity. By default system account messages will not be traced unless this option is enabled (#1295)
  • Value of GOMAXPROCS in /varz monitoring output (#1304)
  • Option to include subscription details in monitoring endpoints /routez and /connz. For instance /connz?subs=detail will now return not only the subjects of the subscription, but the queue name (if applicable) and some other details (#1318)

Improved

  • Recover from panics during configuration parsing and instead issue errors (#1274)
  • Parse ping_interval as a duration. If not a duration, falls back to interpret as the number of seconds (#1281)
  • Error trace in case protocol exceeds the max control line value (#1286)
  • TLS version 1.3 and cipher names in log/monitoring. Thanks to @burner-account for the report (#1316)

Updated

  • Include port on the "Connected leafnode" INF notice in the server log (#1303)
  • Some dependencies. This covers the golang crypto package CVE. Note that the CVE mentions the ssh package, which NATS Server does not use, so it should not be affected. Thanks to @KauzClay for the contribution (#1320)

Fixed

  • Server did not exit after receiving the lame duck mode signal. This is a regression introduced in v2.1.2 (#1276)
  • Use configured ping interval for clients that have not yet sent the CONNECT protocol. When the CONNECT protocol is received, a ping will be sent to the client in a short period of time to establish the initial TTL for this client (#1289)
  • A configuration producing a warning causes -DV to be ignored (#1291)
  • Incorrect buffer reuse in case of partial connection write (#1298)
  • Configuration reload of debug/trace option was not applied to existing clients (#1300)
  • Loop detection for LeafNodes (#1308)
  • Use account resolver URL from the operator JWT if one is specified. Note that if one is explicitly configured with the "resolver" option, it will take precedence (#1318)

Complete Changes

v2.1.4...v2.1.6

Assets 21

@NATS-CI NATS-CI released this Jan 30, 2020 · 459 commits to master since this release

Changelog

Go Version

  • 1.13.7: Both release executables and Docker images are built with this Go release.

Added

  • LogSizeLimit option to automatically rotate logs. Thanks to @xzzh999 for the report (#1202)

Updated

  • Handling of slow consumer for non client connections (#1233)

Fixed

  • Prevent "Account no-interest" for account that has service reply subscription (#1204)
  • Closing of Gateway or Route TLS connection may hang (#1209)
  • Messages to queue subscriptions are not distributed evenly. Thanks to @harrisa1 for the report (#1215)
  • Allow multiple stream imports on the same subject (#1220)
  • Do not check URL account resolver reachability on configuration reload (#1239)
  • More than expected switch to Interest-Only mode for given account (#1242)
  • Possible panic when handling bad subjects (#1249)
  • Display of connections IPv6 addresses (#1260)
  • LeafNode TLS issues with mixed IP/Hostnames. Thanks to @rbboulton for the report (#1261, #1264)
  • Fail and report if LeafNode attempt to connect to wrong listen port (#1265)

Complete Changes

v2.1.2...v2.1.4

Assets 21

@NATS-CI NATS-CI released this Nov 18, 2019 · 515 commits to master since this release

Changelog

Go Version

  • 1.12.13: Both release executables and Docker images are built with this Go release.

Added

  • QueueSubscribe permissions (#1143)
  • Use of single/multiple users for authentication of Leafnodes (#1147, #1168)
  • ~ support for Leafnode credentials (#1148)
  • Account support in /connz (#1154)
  • server_name configuration option to help better identify a server through /varz or system events (#1158, #1166)

Updated

  • In monitor home page, the help link now points to the monitoring page in our new documentation website (#1169)
  • Handling of replies (including service replies) across Gateways (#1183, #1184, #1190, #1195)
  • Server performs actual shutdown procedure (closing client connections, etc..) when signaled to exit (#1186)

Fixed

  • Reject duplicate service import "to" subject (#1140)
  • String trim in function getting the process name on Windows. Thanks to @beautytiger for the contribution (#1157)
  • Panic when incorrectly using a wildcard for a stream import prefix. Thanks to @lucj for the report (#1160)
  • Explicit gateway not using discovered URLs (#1165)
  • Leafnode loop detection (#1170, #1172)
  • Prevent server from sending a PING to measure RTT until the client has finished the connect process (#1175)
  • Requestor RTT was often reported as 0 when tracking latency (#1179)
  • Leaking of service imports and subscriptions on routes (#1185)
  • Possible panic when processing route subscription interest (#1189)
  • Some account locking issues and race that could cause clients to not receive messages (#1191)
  • Server was fetching unknown account when tracking remote connections (#1192)
  • Handling of missing account when processing a remote latency update (#1194)
  • Ability to daisy chain Leafnode servers (#1196)
  • Handling of split buffers for Leafnodes. Thanks to Bfox for the report (#1198, #1199)

Complete Changes

v2.1.0...v2.1.2

Assets 21

@NATS-CI NATS-CI released this Sep 20, 2019 · 611 commits to master since this release

Changelog

Go Version

  • 1.12.9: Both release executables and Docker images are built with this Go release.

Added

  • RTT in /routez details (#1101)
  • New /leafz monitoring endpoint (#1108)
  • Latency tracking for exported services (BETA) (#1111, #1112, #1122, #1125, #1130, #1132, #1136, #1137)
  • System level services for debugging (BETA). Exported services to the system account for debugging of blackbox systems. Ability to get the number fo subscribers for a given subject and optionally queue group (#1127)

Fixed

  • Some typos in code. Thanks to @beautytiger for the contribution (#1105)
  • Some Leafnode issues (#1106)
  • Issue when there is a circular dependency in account server import (#1119)
  • MaxPending configured to more than 2GB. Thanks to @cv711 for the report (#1121)
  • Some internal locking issues related to accounts lookup and updates (#1126, #1131)
  • Ability to pass to the command line -cluster nets://<host>:-1 for a random port, which is used in some NATS libraries for testing. This was broken due to changes in Golang (#1128)
  • Ensure server uses default if ResponsesPermissions's values are set to 0 (#1135)

Improved

Complete Changes

v2.0.4...v2.1.0

Assets 21

@NATS-CI NATS-CI released this Aug 15, 2019 · 680 commits to master since this release

Changelog

Go Version

  • 1.12.8: Both release executables and Docker images are built with this Go release.

Added

  • Use of GoReleaser. Thanks to @caarlos0 for this tool! (#1095)
  • Deb and RPM packages (#1095)
  • Publish permissions based on reply subjects of received messages (#1081)
  • Support for user and activation token revocation (#1086)
  • Leafnode connections to /varz (#1088)
  • Ability to cross account import services to return streams as well as singletons (#1090)
  • Support for service response types (#1091, #1093)

Fixed

  • Leafnode user JWT with signer fails to authenticate (#1078)
  • Leaked subscriptions from queue group across routes. Thanks to @ripienaar for the report (#1079)
  • Shadow subscriptions can be leaked on stream import and connection close (#1090)
  • Connection could be closed twice resulting in duplicate reconnect mainly affecting Gateways and Leafnodes (#1092)
  • Some typos in code. Thanks to @ethan-daocloud for the contribution (#1098)

Improved

  • Reduce memory usage on routes. Thanks to @ripienaar for the report (#1087)

Complete Changes

v2.0.2...v2.0.4

Assets 21

@NATS-CI NATS-CI released this Jul 15, 2019 · 722 commits to master since this release

Changelog

Go Version

  • 1.11.12: Both release executables and Docker images are built with this Go release.

Changed

  • Default TLS Timeout bumped to 2 seconds (as opposed to 0.5s) (#1042)

Added

  • Support to extend leafnodes remote TLS timeout (#1042)
  • Allow operator to be inline JWT (#1045)
  • Made ReadOperatorJWT public for embedded use cases. Thanks to @ripienaar for the report (#1052)
  • Ability to disable sublist cache globally for all accounts. Thanks to @azrle for the report (#1055)
  • Ability to set a limit to the trace of the payload of a message. Thanks to @andyxning for the contribution (#1057)

Improved

  • Add default port (7422) for Leafnode remote connections (#1049)
  • Reduce server PINGs when data is flowing (#1048)
  • Allow remotes leafnode to specify an array of URLs. Thanks to @ripienaar for the report (#1069)

Fixed

  • Messages not distributed evenly when sourced from leafnode (#1040)
  • Help link in top level monitoring (#1043)
  • Check of max payload could be bypassed if size overruns an int 32. Note that the client would first have to be authorized to connect. This fix is for CVE-2019-13126. Thanks to Aviv Sasson and Ariel Zelivansky from Twistlock for the security report (#1053)
  • Sending to client libraries an updated MaxPayload through INFO protocol when a bound account's MaxPayload is not the same as the server the client is connected to (#1059)
  • Routing of responses across leafnodes (#1060)
  • Subscriptions were not propagated correctly upon new leafnode joining the network. Thanks to @antmanler for the report and fix! (#1067)
  • Prevent multiple solicited leafnodes from forming cycles. Thanks to @ripienaar for the report (#1070)
  • Report possible error starting the monitoring port. Thanks to @andyxning for the contribution (#1064)
  • Allow use of insecure for remote leafnode and gateways again. Thanks to @ripienaar for the report (#1071, #1073)
  • Report authorization error and use TLS hostname for IPs on leafnodes (#1072)
  • Leafnode URLs may be missing in INFO protocol sent to Leafnodes connections (#1074)
  • Server now read pending data on closed connection to be able to report error (for instance in case of an authorization error sent by remote server) (#1075)

Complete Changes

v2.0.0...v2.0.2

Assets 10

@NATS-CI NATS-CI released this Jun 5, 2019 · 790 commits to master since this release

Changelog

Go Version

  • 1.11.10: Both release executables and Docker images are built with this Go release.

Backward incompatibility

  • The routing protocol has been dramatically improved and adds support for accounts and multi-tenancy. The new protocol is not backward compatible with servers <2.0.0.
  • For users embedding NATS Server and using Varz() to get server statistics should be aware of some changes described in #989

Changed

  • Repository and server name have changed: gnatsd becomes nats-server (#985)
  • With go.mod, users embedding NATS Server should change their import path to include /v2. For instance:
import (

    natsd     "github.com/nats-io/nats-server/v2/server" 
)
  • Cluster permissions moved out of cluster's authorization section (#747)
  • The utility mkpasswd.go file was moved to its own directory util/mkpasswd to enable go get to install this tool (#996)

Added

  • NKey support (#743)
  • Accounts support (#755)
  • JWT Support (#804)
  • Gateways (#808)
  • Leaf Nodes (#928)
  • System events (#823)
  • Support of TLS certificate subject for users authentication (#896, #909)
  • Support of SANs in TLS certificate for user permissions. Thanks to @twrobel3 for the report (#966)
  • Ability to disable TLS server name verification for routes. Thanks to @softkot for the contribution (#921)
  • Ability to explicitly set server name for TLS in Gateways. Thanks to @danielsdeleo for the contribution (#922)
  • Configuration check with -t command line parameter (#745)
  • Support for route permissions configuration reload (#753)
  • Lame duck mode (#780)
  • Support for path as argument to --signal. Thanks to @pires for the contribution (#838)
  • Expose connection remote address in ClientAuthentication. Thanks to @ripienaar for the contribution (#837)
  • ntp.service dependency to the systemd service file. Thanks to @andyxning for the contribution (#880)
  • Configuration parameter to select the frequency at which failed route, gateways and leaf nodes connections are reported. Thanks to @santo74 for the feedback (#1000, #1001)
  • List or route URLs in cluster{} from /varz endpoint (#1012)
  • Ability to ignore top-level unknown configuration field (#1024)

Improved

  • New route protocol (#786)
  • Fan in/out scenarios (#876)
  • Various optimizations (#897)
  • Utility mkpasswd's help output. Thanks to @andyxning for the contribution (#881)
  • You can now have unquoted strings that start with number (#893)
  • Use of https for README's links. Thanks to @huynq0911 for the contribution (#914)
  • Warning on plaintext password in configuration and redact them from log statements (#743, #776)

Fixed

  • Misleading "Slow Consumer" error message during a TLS Handshake (#836)
  • Report "Slow Consumer" only for clients that do complete the connect process (#861)
  • Configuration reload of boolean flags. Thanks to @sazo for the report (#879)
  • Runaway process when parsing a configuration file with missing a } or ) (#887)
  • Don't allow overruns for message payloads. Thanks to @valichek for the report (#889)
  • Possible delays in delivering messages (#895)
  • Possible slow consumer when routes exchange their subscriptions list (#912)
  • Protocol Parser type safety. Thanks to @nmiculinic for the contribution (#908)
  • Use of custom authentication with configuration reload. Thanks to @Will2817 for the report (#924)
  • Issue with utility mkpasswd on Windows platform. Thanks to @Ryner51 for the report (#935)
  • Some typos. Thanks to @huynq0911, @JensRantil for their contributions.
  • Changes to Varz content and fixed race conditions (#989)

Complete Changes

v1.4.1...v2.0.0

Assets 10
Jun 4, 2019
Release v2.0.0-RC19
You can’t perform that action at this time.