release-notes/3.8.15.md
RabbitMQ 3.8.15 is a maintenance release that includes two security patches.
All users are advised to consult the set of changes in this release but then
upgrade straight to 3.8.16 or a newer version if available and skip this release.
This release addresses two CVEs:
Our team would like to thank
for responsibly disclosing the vulnerabilities and helping assess and test the patches.
This is the first release in the post-Bintray era. Because Bintray shut down on May 1st, 2021, this version is not distributed via Bintray. From now on, releases are distributed via GitHub, Cloudsmith, and PackageCloud.
This release is the last release to support Erlang 22.3. Erlang 23 is highly recommended for best forward compatibility with future RabbitMQ versions.
Provisioning Latest Erlang Releases explains
what package repositories and tools can be used to provision a recent version of Erlang 23.x.
See 3.8.0 release notes upgrade and
compatibility notes first if upgrading from an earlier release series (e.g. 3.7.x).
See the Upgrading guide for general documentation on upgrades and RabbitMQ change log for release notes of other releases.
Any questions about this release, upgrades or RabbitMQ in general are welcome on the RabbitMQ mailing list and RabbitMQ community Slack.
Quorum queues did not take snapshots as frequently as they are expected to with some configurations. This resulted in much higher peak disk space usage for queues that did not have a meaningful backlog.
GitHub issue: #2974
Quorum queue name was unintentionally limited: the length of virtual host and actual queue name was limited to 254 characters. Quorum queues that had longer names failed to be declared.
Deleting a quorum queue would leave some of its internal metrics data around.
GitHub issue: #2846
Client destination address is now obtained w.r.t. the Proxy protocol settings.
Contributed by @carlhoerberg (CloudAMQP).
GitHub issue: #2942
Consumers that consume messages and do not acknowledge them will now have a 15 minute acknowledgement timeout applied to them by default. Operators can increase the timeout if necessary.
Such consumers delay or even prevent on disk data compaction, which can run a node out of disk space much earlier than anticipated.
GitHub issue: #2990
Channel interceptors now can return channel-level exceptions.
Contributed by Ayanda @Ayanda-D Dube.
GitHub issue: #2989
rabbitmq-diagnostics status could run into an exception when formatting responses
from nodes where high VM memory watermark was configured using advanced.config.
GitHub issue: #2964
rabbitmq-queues rebalance will no longer pick nodes under maintenance
as new queue leader placement candidates.
GitHub issue: #2993
rabbitmq-diagnostics remote_shell is a new command that opens a remote Erlang shell
to the target node. This simplifies troubleshooting of a running node.
GitHub issue: #2860
rabbitmq-queues await_online_quorum_plus_one is now a no-op in a single node cluster
since the command does not make sense when there is only one node.
GitHub issue: #2890
When a virtual host was created with tags via the HTTP API, the tags were unintentionally concatenated together.
GitHub issue: #2982
More precise UI description for message consumption mode that is destructive (consumes in automatic acknowledgement mode).
GitHub issue: #3011
AWS peer discovery mechanism now supports Instance Metadata Service v2. In case it is not available, requests will fall back to the original metadata service endpoint.
The v2 endpoint offers substantial security improvements and is one of the AWS best practices.
Contributed by @thuandb (AWS).
GitHub issue: #2952
The plugin now has limited support for username extraction from SAN of type "other name". Note that the type by definition supports arbitrary values, so supporting all possible inputs is not realistic.
Contributed by @Thibi2000.
There were no dependency changes.
To obtain source code of the entire distribution, please download the archive named rabbitmq-server-3.8.15.tar.xz
instead of the source tarball produced by GitHub.