release-notes/3.7.21.md
RabbitMQ 3.7.21 is a maintenance release that includes a patch for CVE-2019-11287.
RabbitMQ 3.7.x series is supported through March 2020.
Per the new Erlang version support policy in effect starting with January 2019, this release no longer supports Erlang/OTP 20.3. Make sure a supported Erlang version is used before upgrading.
Provisioning Latest Erlang Releases explains
what package repositories and tools can be used to provision latest patch versions of Erlang 21.3.x and 22.x.
When upgrading to this release and upgrading Erlang to 21.x or later at the same time, extra care has to be taken. Since CLI tools from RabbitMQ releases older than 3.7.7 will fail on Erlang 21 or later, RabbitMQ must be upgraded before Erlang.
See 3.7.0 release notes upgrade and compatibility notes first if upgrading from an earlier release.
See the Upgrading guide for general documentation on upgrades and RabbitMQ change log for release notes of other releases.
Any questions about this release, upgrades or RabbitMQ in general are welcome on the RabbitMQ mailing list.
Avoid pattern expansion when logging connection closure reason.
This addresses CVE-2019-11287.
GitHub issue: rabbitmq/rabbitmq-server#2155
Errors were not propagated back to the client correctly in case of an LDAP server authentication failure.
GitHub issue: rabbitmq/rabbitmq-auth-backend-ldap#116
stomp.hide_server is now available in the new style configuration format.
GitHub issue: rabbitmq/rabbitmq-stomp#140
The plugin emitted a warning on start.
GitHub issue: rabbitmq/rabbitmq-web-stomp#115
The plugin emitted a warning on start.
GitHub issue: rabbitmq/rabbitmq-web-mqtt#59
event_exchange.vhost is now available in the new style configuration format.
GitHub issue: rabbitmq/rabbitmq-event-exchange#43
Warning: The source code archive provided by GitHub only contains the source of the broker,
not the plugins or the client libraries. Please download the archive named rabbitmq-server-3.7.21.tar.xz.