3.5.8 fixes a security vulnerability (CVE-2016-9877) in the MQTT plugin.
Important: release 3.5.8 marks the final patch in the
3.5.x series. RabbitMQ
3.5.x is no longer maintained. Please plan on upgrading to
3.6.x and refer to the current version of RabbitMQ instead.
rabbit_diagnostics:maybe_stuck/0no longer prints process' dictionary
because it may contain PRNG seed values and other sensitive information.
Authentication with correct username but omitted password succeeded when TLS/x509 certificate
wasn't provided by the client. CVE allocation for this vulnerability is pending.
GitHub issue: rabbitmq-mqtt#96
To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained.
To upgrade a RabbitMQ cluster, follow the instructions in RabbitMQ documentation.
Source code archives
Warning: The source code archive provided by GitHub only contains the source of the broker, not the plugins or the client libraries.
Please download the archive named