NATS - v2.10.4

Security

Changelog

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

CVEs

  • CVE-2023-46129 - nkeys: xkeys seal encryption used fixed key for all encryption

Go Version

  • 1.21.3

Dependencies

  • github.com/nats-io/nats.go v1.31.0
  • github.com/nats-io/nkeys v0.4.6
  • github.com/klauspost/compress v1.17.2
  • golang.org/x/crypto v0.14.0
  • golang.org/x/sys v0.13.0

Added

JetStream
- Report Raft group name in stream and consumer info responses (#4661)

MQTT
- Add config options to disable QoS 2 support (#4705)

TLS
- Add opt-in TLS handshake first for client connections (#4642)

Improved

Dependencies
- Remove unnecessary constraints dependency for ordered constraint (#4709) Thanks to @misterpickypants for the contribution!

JetStream
- Add internal pprof labels as metadata to the stream config for improved debuggability (#4662)
- Stricter management of Raft state, which should improve recovery from a leaderless state (#4684)
- Avoid unnecessary reallocations when writing the full filestore state to disk (#4687)
- Improve recovery of blocks that are being updated midway (#4692)
- Recycle filestore buffers on rebuild and write out full state prior to snapshotting (#4699)
- Extend AckTerm advisory event to support a reason (#4697)
- Improve time to select skip list and starting sequence number for deliver last by subject (#4712, #4713) Thanks to @StanEgo for the report!
- Optimize loading messages on last by subject if max messages per subject is one (#4714)

MQTT
- No longer require a server name to be set for a standalone server (#4679)

Routes
- Remove unnecessary account lookups for pinned accounts (#4686)
- Upgrade non-solicited routes if present in config (#4701, #4708)

Systemd
- Use correct network target to prevent host-dependent race conditions when establishing external connections (#4676)

Fixed

Configuration
- Fix possible panic during configuration reload during a server shutdown (#4666)

Exports/imports
- Prevent service import from duplicating MSG as HMSG with a remapped subject (#4678) Thanks to @izwerg for the report!

JetStream
- Fix panic if store error occurs when requesting consumer info (#4669)
- Fix incorrect calculation of num pending with a filtered subject (#4693) Thanks to @a-h for the report!
- Prevent purge of entire stream when targeting a sequence of 1 (#4698) Thanks to @john-bagatta for the report!
- Ensure there is a valid messages queue prior to processing within a mirror (#4700)
- Avoid concurrent consumer setLeader calls resulting in chance of multiple leaders (#4703)

MQTT
- Fix memory leak for retained messages (#4665) Thanks to @pricelessrabbit for the contribution!

Windows
- Ensure signal handler is stopped when shutting down on Windows to prevent goroutine leak (#4690)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.10.3...v2.10.4

Details

date
Oct. 27, 2023, 3:57 p.m.
name
Release v2.10.4
type
Patch
official page
https://github.com/nats-io/nats-server/releases/tag/v2.10.4
👇
Register or login to:
  • 🔍View and search all NATS releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or