File: 3.6.9.md

package info (click to toggle)
rabbitmq-server 4.0.5-6
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 37,948 kB
  • sloc: erlang: 257,835; javascript: 22,466; sh: 2,796; makefile: 2,517; python: 1,966; xml: 646; cs: 335; java: 244; ruby: 212; php: 100; perl: 63; awk: 13
file content (63 lines) | stat: -rw-r--r-- 2,575 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
## RabbitMQ 3.6.9

RabbitMQ `3.6.9` is a security and maintenance release.

### Upgrades and Compatibility

See the ["Upgrading clusters" section of the documentation](https://www.rabbitmq.com/clustering.html#upgrading)
for general documentation on upgrades.

This release has no incompatibilities with 3.6.7. See [3.6.7 release notes](https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_7)
upgrade and compatibility notes if upgrading from an earlier release.


### Management and Management Agent Plugins

#### Security Vulnerability Patches

Details for the CVEs below are pending publication.

 * `CVE-2017-4965`: XSS vulnerabilities in management UI
 * `CVE-2017-4966`: authentication details are stored in browser-local storage without expiration
 * `CVE-2017-4967`: XSS vulnerabilities in management UI

As part of the patch addressing `CVE-2017-4966` management UI sessions were limited to 8 hours.

#### Bug Fixes

 * Certain TCP and TLS listener configuration settings could break JSON serialisation of
   `GET /api/overview` responses.
 
   GitHub issues: [rabbitmq-management-agent#39](https://github.com/rabbitmq/rabbitmq-management-agent/issues/39),
                  [rabbitmq-management#364](https://github.com/rabbitmq/rabbitmq-management/issues/364),
                  [rabbitmq-management-agent#36](https://github.com/rabbitmq/rabbitmq-management-agent/issues/36)

### Federation Plugin

#### Bug Fixes

 * More numerical types are now handled for the "hops" property.
 
   GitHub issue: [rabbitmq-federation#56](https://github.com/rabbitmq/rabbitmq-federation/issues/56)


### .NET Client

#### Bug Fixes

 * Calling ExchangeBind more than once with the same arguments threw an exception.
 
   GitHub issues: [rabbitmq-dotnet-client#314](https://github.com/rabbitmq/rabbitmq-dotnet-client/issues/314),
                  [rabbitmq-dotnet-client#317](https://github.com/rabbitmq/rabbitmq-dotnet-client/issues/317)


## Upgrading

To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained. When upgrading using definitions export/import from versions earlier than 3.6.0, see http://rabbitmq.com/passwords.html.

To upgrade a RabbitMQ cluster, follow the instructions [in RabbitMQ documentation](https://www.rabbitmq.com/clustering.html#upgrading).

## Source code archives

**Warning**: The source code archive provided by GitHub only contains the source of the broker,
not the plugins or the client libraries. Please download the archive named `rabbitmq-3.6.9.tar.gz`.