release-notes/3.7.18.md
RabbitMQ 3.7.18 is a maintenance release that includes a fix to CVE-2019-11281.
Kudos to Markus @RareData Alvila for responsibly disclosing the vulnerability.
The release also contains bug fixes and internal
API changes that refine the common plugin API with the upcoming 3.8.0 version.
Per the new Erlang version support policy in effect starting with January 2019, this release no longer supports Erlang/OTP 19.3. Make sure a supported Erlang version is used before upgrading.
Provisioning Latest Erlang Releases explains
what package repositories and tools can be used to provision latest patch versions of Erlang 21.3.x and 22.x.
This release introduces credential obfuscation for Shovel connections and Federation links. This requires
one more application (library) from Erlang/OTP, tools. Operators must make sure that the Erlang runtime
provides it. On Debian-based systems, the package erlang-tools must be installed.
This release contains a breaking change to the plugin API around queue state access introduced in 3.7.17.
Plugins that do not use that API revision are not affected. All plugins that ship with RabbitMQ have been updated
as necessary.
This revision was necessary to maintain a single API with the upcoming 3.8.0 release.
When upgrading to this release and upgrading Erlang to 21.x or later at the same time, extra care has to be taken. Since CLI tools from RabbitMQ releases older than 3.7.7 will fail on Erlang 21 or later, RabbitMQ must be upgraded before Erlang.
See 3.7.0 release notes upgrade and compatibility notes first if upgrading from an earlier release.
See the Upgrading guide for general documentation on upgrades and RabbitMQ change log for release notes of other releases.
Any questions about this release, upgrades or RabbitMQ in general are welcome on the RabbitMQ mailing list.
New style config file parser is now more forgiving, handles trailing whitespace and empty lines better.
GitHub issue: rabbitmq/rabbitmq-server#2073
gen_server2 now includes two new functions, stop/1 and stop/3, which gen_server in OTP
introduced a couple of releases ago.
Contributed by @codeadict.
GitHub issue: rabbitmq/rabbitmq-common#335
Log rotation is functional again on Windows.
GitHub issue: rabbitmq/rabbitmq-server#2059
White space characters in RABBITMQ_BASE and other configurable paths are now handled better on Windows.
GitHub issue: rabbitmq/rabbitmq-server#2025
Eliminate a "deprecated Ranch options" log warning.
GitHub issue: rabbitmq/rabbitmq-server#2069
Two more TLS listener options are now available via new style configuration file:
management.ssl.verify and management.ssl.fail_if_no_peer_cert.
GitHub issue: rabbitmq/rabbitmq-management#735
HTTP API documentation correction.
GitHub issue: rabbitmq/rabbitmq-management#737
Connections that fail due to insufficient client permissions (authorisation failures) are now handled gracefully with reasonable log messages.
GitHub issue: rabbitmq/rabbitmq-amqp1.0#92
Sensitive values in Shovel connection state (namely, the connection credentials) are now stored in encrypted form. This avoids unintentional credential logging by the runtime (exception logger) at the cost of making troubleshooting authentication failures harder.
GitHub issue: rabbitmq-erlang-client#123
Sensitive values in Federation link state (namely, the connection credentials) are now stored in encrypted form. This avoids unintentional credential logging by the runtime (exception logger) at the cost of making troubleshooting authentication failures harder.
GitHub issue: rabbitmq-erlang-client#123
Sensitive values in connection state (namely, the connection credentials) are now stored in encrypted form. This avoids unintentional credential logging by the runtime (exception logger) at the cost of making troubleshooting authentication failures harder.
GitHub issue: rabbitmq-erlang-client#123
jQuery was upgraded to 3.4.x.
GitHub issue: rabbitmq/rabbitmq-web-stomp-examples#18
jQuery was upgraded to 3.4.x.
GitHub issue: rabbitmq/rabbitmq-web-mqtt-examples#2
Warning: The source code archive provided by GitHub only contains the source of the broker,
not the plugins or the client libraries. Please download the archive named rabbitmq-server-3.7.18.tar.xz.