Releases: nats-io/nats-server
Releases · nats-io/nats-server
Release v2.1.0
Changelog
Go Version
- 1.12.9: Both release executables and Docker images are built with this Go release.
Added
- RTT in
/routezdetails (#1101) - New
/leafzmonitoring endpoint (#1108) - Latency tracking for exported services (BETA) (#1111, #1112, #1122, #1125, #1130, #1132, #1136, #1137)
- System level services for debugging (BETA). Exported services to the system account for debugging of blackbox systems. Ability to get the number fo subscribers for a given subject and optionally queue group (#1127)
Fixed
- Some typos in code. Thanks to @beautytiger for the contribution (#1105)
- Some Leafnode issues (#1106)
- Issue when there is a circular dependency in account server import (#1119)
- MaxPending configured to more than 2GB. Thanks to @cv711 for the report (#1121)
- Some internal locking issues related to accounts lookup and updates (#1126, #1131)
- Ability to pass to the command line
-cluster nets://<host>:-1for a random port, which is used in some NATS libraries for testing. This was broken due to changes in Golang (#1128) - Ensure server uses default if ResponsesPermissions's values are set to 0 (#1135)
Improved
Complete Changes
Release v2.0.4
Changelog
Go Version
- 1.12.8: Both release executables and Docker images are built with this Go release.
Added
- Use of GoReleaser. Thanks to @caarlos0 for this tool! (#1095)
- Deb and RPM packages (#1095)
- Publish permissions based on reply subjects of received messages (#1081)
- Support for user and activation token revocation (#1086)
- Leafnode connections to
/varz(#1088) - Ability to cross account import services to return streams as well as singletons (#1090)
- Support for service response types (#1091, #1093)
Fixed
- Leafnode user JWT with signer fails to authenticate (#1078)
- Leaked subscriptions from queue group across routes. Thanks to @ripienaar for the report (#1079)
- Shadow subscriptions can be leaked on stream import and connection close (#1090)
- Connection could be closed twice resulting in duplicate reconnect mainly affecting Gateways and Leafnodes (#1092)
- Some typos in code. Thanks to @ethan-daocloud for the contribution (#1098)
Improved
- Reduce memory usage on routes. Thanks to @ripienaar for the report (#1087)
Complete Changes
Release v2.0.2
Changelog
Go Version
- 1.11.12: Both release executables and Docker images are built with this Go release.
Changed
- Default TLS Timeout bumped to 2 seconds (as opposed to 0.5s) (#1042)
Added
- Support to extend leafnodes remote TLS timeout (#1042)
- Allow operator to be inline JWT (#1045)
- Made ReadOperatorJWT public for embedded use cases. Thanks to @ripienaar for the report (#1052)
- Ability to disable sublist cache globally for all accounts. Thanks to @azrle for the report (#1055)
- Ability to set a limit to the trace of the payload of a message. Thanks to @andyxning for the contribution (#1057)
Improved
- Add default port (7422) for Leafnode remote connections (#1049)
- Reduce server PINGs when data is flowing (#1048)
- Allow remotes leafnode to specify an array of URLs. Thanks to @ripienaar for the report (#1069)
Fixed
- Messages not distributed evenly when sourced from leafnode (#1040)
- Help link in top level monitoring (#1043)
- Check of max payload could be bypassed if size overruns an int 32. Note that the client would first have to be authorized to connect. This fix is for CVE-2019-13126. Thanks to Aviv Sasson and Ariel Zelivansky from Twistlock for the security report (#1053)
- Sending to client libraries an updated MaxPayload through INFO protocol when a bound account's MaxPayload is not the same as the server the client is connected to (#1059)
- Routing of responses across leafnodes (#1060)
- Subscriptions were not propagated correctly upon new leafnode joining the network. Thanks to @antmanler for the report and fix! (#1067)
- Prevent multiple solicited leafnodes from forming cycles. Thanks to @ripienaar for the report (#1070)
- Report possible error starting the monitoring port. Thanks to @andyxning for the contribution (#1064)
- Allow use of
insecurefor remote leafnode and gateways again. Thanks to @ripienaar for the report (#1071, #1073) - Report authorization error and use TLS hostname for IPs on leafnodes (#1072)
- Leafnode URLs may be missing in INFO protocol sent to Leafnodes connections (#1074)
- Server now read pending data on closed connection to be able to report error (for instance in case of an authorization error sent by remote server) (#1075)
Complete Changes
Release v2.0.0
Changelog
Go Version
- 1.11.10: Both release executables and Docker images are built with this Go release.
Backward incompatibility
- The routing protocol has been dramatically improved and adds support for accounts and multi-tenancy. The new protocol is not backward compatible with servers <2.0.0.
- For users embedding NATS Server and using
Varz()to get server statistics should be aware of some changes described in #989
Changed
- Repository and server name have changed: gnatsd becomes nats-server (#985)
- With go.mod, users embedding NATS Server should change their import path to include
/v2. For instance:
import (
natsd "github.com/nats-io/nats-server/v2/server"
)
- Cluster permissions moved out of cluster's authorization section (#747)
- The utility mkpasswd.go file was moved to its own directory
util/mkpasswdto enablego getto install this tool (#996)
Added
- NKey support (#743)
- Accounts support (#755)
- JWT Support (#804)
- Gateways (#808)
- Leaf Nodes (#928)
- System events (#823)
- Support of TLS certificate subject for users authentication (#896, #909)
- Support of SANs in TLS certificate for user permissions. Thanks to @twrobel3 for the report (#966)
- Ability to disable TLS server name verification for routes. Thanks to @softkot for the contribution (#921)
- Ability to explicitly set server name for TLS in Gateways. Thanks to @danielsdeleo for the contribution (#922)
- Configuration check with
-tcommand line parameter (#745) - Support for route permissions configuration reload (#753)
- Lame duck mode (#780)
- Support for path as argument to
--signal. Thanks to @pires for the contribution (#838) - Expose connection remote address in
ClientAuthentication. Thanks to @ripienaar for the contribution (#837) ntp.servicedependency to the systemd service file. Thanks to @andyxning for the contribution (#880)- Configuration parameter to select the frequency at which failed route, gateways and leaf nodes connections are reported. Thanks to @santo74 for the feedback (#1000, #1001)
- List or route URLs in
cluster{}from/varzendpoint (#1012) - Ability to ignore top-level unknown configuration field (#1024)
Improved
- New route protocol (#786)
- Fan in/out scenarios (#876)
- Various optimizations (#897)
- Utility
mkpasswd's help output. Thanks to @andyxning for the contribution (#881) - You can now have unquoted strings that start with number (#893)
- Use of https for README's links. Thanks to @huynq0911 for the contribution (#914)
- Warning on plaintext password in configuration and redact them from log statements (#743, #776)
Fixed
- Misleading "Slow Consumer" error message during a TLS Handshake (#836)
- Report "Slow Consumer" only for clients that do complete the connect process (#861)
- Configuration reload of boolean flags. Thanks to @sazo for the report (#879)
- Runaway process when parsing a configuration file with missing a
}or)(#887) - Don't allow overruns for message payloads. Thanks to @valichek for the report (#889)
- Possible delays in delivering messages (#895)
- Possible slow consumer when routes exchange their subscriptions list (#912)
- Protocol Parser type safety. Thanks to @nmiculinic for the contribution (#908)
- Use of custom authentication with configuration reload. Thanks to @Will2817 for the report (#924)
- Issue with utility
mkpasswdon Windows platform. Thanks to @Ryner51 for the report (#935) - Some typos. Thanks to @huynq0911, @JensRantil for their contributions.
- Changes to Varz content and fixed race conditions (#989)
Complete Changes
Pre-Release v2.0.0-RC14
Do not use, v2.0.0 is now released: https://github.com/nats-io/nats-server/releases/tag/v2.0.0
Release v1.4.1
Changelog
Go Version
- 1.11.5: Both release executables and Docker images are built with this Go release.
Fixed
- Possible delay in flushing data (#901)
Complete Changes
Release v1.4.0
Changelog
Go Version
- 1.11.4: Both release executables and Docker images are built with this Go release.
Added
- Warning if passwords are stored in plain text in config. Redact password from
CONNECTtrace. - Support for cluster permissions reload (#753)
- Support a path as argument to
--signal. Thanks to @pires for the contribution (#838) RemoteAddress()to theCustomClientAuthenticationinterface. Thanks to @ripienaar for the contribution (#837)
Changed
- Cluster permissions moved out of cluster's authorization (#747)
Fixed
- Ports file on Windows (#733)
- Memory usage for failed TLS connections (#872)
- Issue with configuration reload for some boolean parameters, such as
logtime. Thanks to @sazo for the report (#874, #879) - Reduced risk of slow consumer in fan in scenarios (#876)
Complete Changes
Release v1.3.0
Changelog
Go Version
- 1.11: Both release executables and Docker images are built with this Go release.
Added
- Allow/Deny permissions (#725, #727). It is now possible to specify deny permissions
for subjects. For instance:
authorization {
myUserPerms = {
publish = {
allow = "*.*"
deny = ["SYS.*", "bar.baz", "foo.*"]
}
subscribe = {
allow = "foo.*"
deny = "foo.baz"
}
}
users = [
{user: myUser, password: pwd, permissions: $myUserPerms}
]
}
means that user myUser is allowed to publish to subjects with 2 tokens (allow = "*.*") but not to subjects matching SYS.*, bar.baz or foo.*. It can subscribe to subjects matching foo.* but not foo.baz.
Improved
Fixed
- Unexpected
Authorization Errorduring configuration reload (#270)
Complete Changes
Release v1.2.0
Changelog
Go Version
- 1.10.3: Both release executables and Docker images are built with this Go release.
Added
- License scan status. Thanks to @xizhao (#658)
- PSE file for OpenBSD. Thanks to @gabeguz (#661)
- Best practices badge (#679)
- Governance and Maintainers files (#703)
- New
rttfield in/connzmonitoring endpoint. This measures the time between the server sent a PING to a client and the time it got the PONG back (#683) - Ability to filter
/connzby client ID (CID). Example:http://localhost:8222/connz?cid=100. Note that the CID is now sent back to the client. Client libraries have not yet been updated to report this to the application (#687) - Tracking of closed connections and reason for their closing. To filter closed connections, use
?state=closedas inhttp://localhost:8222/connz?state=closed. Possible values forstateareopen,closed,all. The result now includes a new fieldreasonthat gives a reason why the connection was closed, for instancereason: Clientmeans that the client closed the connection (#692). For example:
{
"cid": 2,
"ip": "::1",
"port": 63065,
"start": "2018-07-05T11:00:16.09747933-06:00",
"last_activity": "2018-07-05T11:00:21.441585272-06:00",
"stop": "2018-07-05T11:00:23.445200428-06:00",
"reason": "Slow Consumer (Write Deadline)",
"uptime": "7s",
"idle": "2s",
"pending_bytes": 8265,
"in_msgs": 0,
"out_msgs": 4178,
"in_bytes": 0,
"out_bytes": 534784,
"subscriptions": 1,
"lang": "go",
"version": "1.5.0"
},
- New
/connz?sort=sort options:start,stopandreason(#705) - Support for "echo" feature. By default, if a connection subscribes on
fooand publishes onfoo, it will receive those messages. To prevent this, the client'sCONNECTprotocol includes a new boolean field namedechothat should be set tofalse. The server is also sending a newintfieldprotoin theINFOprotocol to the client, allowing the client library to decide if it can use the "echo" feature or not. Client libraries have not yet been updated to take advantage of this feature (#698) - Ability to specify a maximum number of subscriptions (per connection) (#707)
- Ability to get details about a subscription with
/subsz?subs=1(#707). For instance:http://localhost:8222/subsz?subs=1may return:
"subscriptions_list": [
{
"subject": "foo",
"sid": "1",
"msgs": 1000,
"cid": 2
}
]
- Ability to test for matching subscriptions on a given subject (#707). For instance:
http://localhost:8222/subsz?subs=1&test=foowould return thesubscriptions_listwith subscriptions matching the test subject. If no match is found, thesubscriptions_listis not present.
Improved
- Authorization and Authentication documentation in README (#673, #678)
- Big performance improvement for fan-out situations (one message to many subscriptions). Special thanks to @ripienaar that has been helping test the solution at scale (#680).
Fixed
- Display of cluster port when configured as random (#657)
- Inability to remove a route from configuration (with configuration reload) if the remote server is not running (#682)
- Do not send more than one error when client sends invalid protocol. Thanks to @danielwertheim for the report (#684)
- Possible truncation of the subscription interest list when route connects (#680)
- Route behavior in high fan-out (slow consumer) (#680)
Updated
- Build requirements in the README (now require Go 1.9+ to build from source) and default cipher suites (#689)
- Elevate TLS statements from DBG to ERR. Thanks to @ripienaar for the report (#690)
Release v1.1.0
Changelog
Go Version
- 1.9.4: Both release executables and Docker images are built with this Go release.
Added
- Monitoring endpoint functions (Varz(), etc...) for those embedding NATS Server in their application. Thanks to @ripienaar for the report (#615)
Improved
- Better attempt at delivering messages to queue subscriptions. Thanks to @vkhorozvs (#638)
- Compatibility with JSON in configuration parser (#653)
Fixed
- Cluster topology change possibly not sent to clients (#631, #634)
- Race between delivering messages to queue subscriptions and subscriptions being unsubscribed (#641)
- Close log file on log re-open signal. Thanks to @acadiant for the report (#644)
Changed
- Moved to Apache 2.0 License following move to CNCF (#650)
Removed
ssl_requiredfield in INFO protocol. This was deprecated some time ago. The correct field to use is TLSRequired (#655)