RabbitMQ 3.6.9

@michaelklishin michaelklishin released this Mar 29, 2017 · 1931 commits to master since this release

Assets

RabbitMQ 3.6.9

RabbitMQ 3.6.9 is a security and maintenance release.

Upgrades and Compatibility

See the "Upgrading clusters" section of the documentation
for general documentation on upgrades.

This release has no incompatibilities with 3.6.7. See 3.6.7 release notes
upgrade and compatibility notes if upgrading from an earlier release.

Management and Management Agent Plugins

Security Vulnerability Patches

Details for the CVEs below are pending publication.

  • CVE-2017-4965: XSS vulnerabilities in management UI
  • CVE-2017-4966: authentication details are stored in browser-local storage without expiration
  • CVE-2017-4967: XSS vulnerabilities in management UI

As part of the patch addressing CVE-2017-4966 management UI sessions were limited to 8 hours.

Bug Fixes

Federation Plugin

Bug Fixes

.NET Client

Bug Fixes

Upgrading

To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained. When upgrading using definitions export/import from versions earlier than 3.6.0, see http://rabbitmq.com/passwords.html.

To upgrade a RabbitMQ cluster, follow the instructions in RabbitMQ documentation.

Source code archives

Warning: The source code archive provided by GitHub only contains the source of the broker,
not the plugins or the client libraries. Please download the archive named rabbitmq-3.6.9.tar.gz.