RabbitMQ 3.5.8
RabbitMQ 3.5.8
RabbitMQ 3.5.8
fixes a security vulnerability (CVE-2016-9877) in the MQTT plugin.
Important: release 3.5.8 marks the final patch in the 3.5.x
series. RabbitMQ 3.5.x
is no longer maintained. Please plan on upgrading to 3.6.x
and refer to the current version of RabbitMQ instead.
Server
Security
rabbit_diagnostics:maybe_stuck/0
no longer prints process' dictionary
because it may contain PRNG seed values and other sensitive information.
MQTT Plugin
Security
-
Authentication with correct username but omitted password succeeded when TLS/x509 certificate
wasn't provided by the client. CVE allocation for this vulnerability is pending.GitHub issue: rabbitmq-mqtt#96
Upgrading
To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained.
To upgrade a RabbitMQ cluster, follow the instructions in RabbitMQ documentation.
Source code archives
Warning: The source code archive provided by GitHub only contains the source of the broker, not the plugins or the client libraries.
Please download the archive named rabbitmq-3.5.8.tar.gz
.