Skip to content

RabbitMQ 3.5.8

Choose a tag to compare
@michaelklishin michaelklishin released this 21 Nov 11:24

RabbitMQ 3.5.8

RabbitMQ 3.5.8 fixes a security vulnerability (CVE-2016-9877) in the MQTT plugin.

Important: release 3.5.8 marks the final patch in the 3.5.x series. RabbitMQ 3.5.x is no longer maintained. Please plan on upgrading to 3.6.x and refer to the current version of RabbitMQ instead.



  • rabbit_diagnostics:maybe_stuck/0 no longer prints process' dictionary
    because it may contain PRNG seed values and other sensitive information.

MQTT Plugin


  • Authentication with correct username but omitted password succeeded when TLS/x509 certificate
    wasn't provided by the client. CVE allocation for this vulnerability is pending.

    GitHub issue: rabbitmq-mqtt#96


To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained.

To upgrade a RabbitMQ cluster, follow the instructions in RabbitMQ documentation.

Source code archives

Warning: The source code archive provided by GitHub only contains the source of the broker, not the plugins or the client libraries.
Please download the archive named rabbitmq-3.5.8.tar.gz.