File: 3.5.8.md

package info (click to toggle)
rabbitmq-server 4.0.5-6
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 37,948 kB
  • sloc: erlang: 257,835; javascript: 22,466; sh: 2,796; makefile: 2,517; python: 1,966; xml: 646; cs: 335; java: 244; ruby: 212; php: 100; perl: 63; awk: 13
file content (30 lines) | stat: -rw-r--r-- 1,136 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
## RabbitMQ 3.5.8

RabbitMQ `3.5.8` fixes a security vulnerability ([CVE-2016-9877](https://pivotal.io/security/cve-2016-9877)) in the MQTT plugin.

### Server

#### Security

 * `rabbit_diagnostics:maybe_stuck/0` no longer prints process' dictionary
   because it may contain PRNG seed values and other sensitive information.
   
### MQTT Plugin

#### Security

 * Authentication with correct username but omitted password succeeded when TLS/x509 certificate
   wasn't provided by the client. CVE allocation for this vulnerability is pending.

   GitHub issue: [rabbitmq-mqtt#96](https://github.com/rabbitmq/rabbitmq-mqtt/issues/96)

## Upgrading

To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained.

To upgrade a RabbitMQ cluster, follow the instructions [in RabbitMQ documentation](https://www.rabbitmq.com/clustering.html#upgrading).

## Source code archives

**Warning**: The source code archive provided by GitHub only contains the source of the broker, not the plugins or the client libraries.
Please download the archive named `rabbitmq-3.5.8.tar.gz`.