Skip to content

RabbitMQ 3.6.1

Compare
Choose a tag to compare
@michaelklishin michaelklishin released this 01 Mar 14:06

RabbitMQ 3.6.1

RabbitMQ 3.6.1 is a maintenance release that includes a fix for CVE-2015-8786,
a vulnerability in RabbitMQ management plugin.

Server

Bug Fixes

  • Purging a lazy queue could result in an exception

    GitHub issue: rabbitmq-server#514

  • Ensure epmd is running before starting RabbitMQ node on Windows

    GitHub issue: rabbitmq-server#625

  • Channel error could make broker unreachable

    Those errors were misleadingly logged as channel_termination_timeout, which
    the issue really was with unhandled messages from concurrently closed TCP socket process.

    GitHub issue: rabbitmq-server#530

  • (Automatic) deletion of an auto-delete queue could lead
    to blocked channels

    GitHub issue: rabbitmq-server#581

  • During (from scratch) queue sync, queue master node didn't respect mirror alarm state.
    With large data sets this could drive mirror node out of memory.

    GitHub issue: rabbitmq-server#616

  • Changing password for users with non-standard (think broker configuration) password
    hashing function, for example, those migrated from 3.5.x releases, didn't update
    effective hashing function.

    GitHub issue: rabbitmq-server#623

  • Heavy and/or prolonged rabbitmqctl use could exhaust Erlang VM atom table

    GitHub issue: rabbitmq-server#549

  • "Min masters" queue master location strategy could result
    in an error.

    GitHub issue: rabbitmq-server#521

  • Fixed a race condition in pause_minority handling mode.

    GitHub issue: rabbitmq-server#307

  • Significantly reduce possibility of a race condition when
    an exchange is deleted and immediately re-declared, e.g. by a federation
    link.

    This could result in a link operation being blocked, preventing
    nodes from stopping.

    GitHub issue: rabbitmq-federation#7

  • amq.rabbitmq.log messages now have information about originating
    node in message headers

    GitHub issue: rabbitmq-server#595

  • scripts/rabbitmq-env now works with GNU sed 4.2.2

    GitHub issue: rabbitmq-server#592

  • Exceptions in VM memory use calculator no longer affect broker startup

    GitHub issue: rabbitmq-server#328

  • Direct Reply-to capability is now advertised to clients

    GitHub issue: rabbitmq-server#520

Enhancements

  • Paths with non-ASCII characters on Windows are now handled

    RabbitMQ now can be installed into a location with non-ASCII characters,
    e.g. when username contains them.

    GitHub issues: rabbitmq-server#493

  • Configurable number of TCP connection acceptors

    Plus a x10 increase of the default. This helps with workloads where connection
    churn is very high (e.g. all clients are PHP Web apps that cannot maintain
    long-lived connections).

    GitHub issues: rabbitmq-server#528

  • rabbitmqctl cluster_status now includes cluster-wide resource alarm status

    GitHub issue: rabbitmq-server#392

  • Windows installer no longer jumps over installation log

    GitHub issue: rabbitmq-server#634

  • Improved rabbitmqctl reset error messages

    GitHub issue: rabbitmq-server#167

  • More unsigned field data types are supported.

    GitHub issue: rabbitmq-server#20

Java client

Enhancements

Bug Fixes

.NET client

Bug Fixes

Federation Plugin

Bug Fixes

  • Significantly reduce possibility of a race condition when
    an exchange is deleted and immediately re-declared, e.g. by a federation
    link

    This rendered federation links dysfunctional.

    GitHub issue: rabbitmq-federation#7

Management plugin

Vulnerability Fixes

  • CVE-2015-8786: user-provided query parameters lengths_age and lengths_incr had no validation
    and could be used to exhaust server resources.

    The attacker needs to have access to HTTP API (authenticate successfully and have sufficient
    tags to pass authorisation) in order to carry out the attack.

    There is no workaround for earlier releases.

    Kudos to Vladimir Ivanov (Positive Technologies) for the responsible disclosure.

    GitHub issue: rabbitmq-management#97

Enhancements

  • Password hashing function is now included in exported definitions

    Those upgrading from versions earlier than 3.6.0 via definitions export
    won't have to temporarily set hashing function to MD5 to ensure export succeeds.

    GitHub issue: rabbitmq-management#117

Bug Fixes

Federation Management plugin

Enhancements

Erlang client

Bug Fixes

STOMP plugin

Bug Fixes

  • durable and persistent headers weren't always used interchangeably,
    leading to non-durable subscriptions

    GitHub issue: rabbitmq-stomp#58

  • Client heartbeat timeouts resulted in confusing error messages
    in broker log.

    GitHub issues: rabbitmq-stomp#63

Web STOMP plugin

Bug Fixes

Web STOMP Examples plugin

Bug Fixes

Event Exchange plugin

Bug Fixes

  • Event timestamps are now in seconds, not milliseconds

    Per AMQP 0-9-1 spec. This is not a particularly great choice for events,
    so we will add an optional header with millisecond precision in a future release.

    GitHub issue: rabbitmq-event-exchange#8

JSON RPC plugin

Note: this plugin is deprecated and its use is highly discouraged.

Enhancements

Upgrading

To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained. When upgrading using definitions export/import from versions earlier than 3.6.0, see http://rabbitmq.com/passwords.html.

To upgrade a RabbitMQ cluster, follow the instructions in RabbitMQ documentation.

Source code archives

Warning: The source code archive provided by GitHub only contains the source of the broker, not the plugins or the client libraries. Please download the archive named rabbitmq-3.6.1.tar.gz.