Release v2.9.2

Changelog

Go Version

• 1.19.1: Both release executables and Docker images are built with this Go release.

Improved:

• Fan-out performance degraded between v2.8.4 and v2.9.0. This was mainly due to addition of message count/size accounting per-account. Some code refactoring restored or even increased the performance compared to v2.8.4 (#3504)

Fixed

• JetStream:
  • Prevent panic processing a consumer assignment. This could happen in rare situations where a stream would catchup and start processing consumer assignments while the stream itself was "stopped", for instance during a cluster-reset event following a sequence mismatch detection, etc... (#3498)
  • The FileStore implementation could have held into memory of message blocks for longer (about 5 seconds) than needed. In situations where the stream was filling up quickly, the amount of blocks held in memory could grow enough that even 5 seconds expiration could cause the memory growth to be noticeable, even more so if the garbage collection has no reason to trigger if the overall memory usage is below the host's limit (#3501)
  • Scaling a consumer down to a R=1 would work but not send a response to the CLI/application requesting that change. That is, if an application would call js.UpdateConsumer() (using the Golang client library) with a replica of 1, the call would timeout but the operation would actually succeed (#3502)
  • The consumer names paging had issues and could have returned only the API limit, which for this request is 1024 (#3510)
  • Some streams may fail to be recovered if a meta-layer snapshot was done but an upstream source or mirror changed it subjects (#3508)
  • Redeliveries for consumers with the "LastPerSubject" delivery policy were not honored. Thanks to @brentd for the report (#3511)
• Possible exit of NATS Server running as a Windows service without logging enabled when server would report invalid protocols. The workaround is to enable logging (specify a log file as opposed to have the logging directed to the Windows Event Logs). Thanks to @BentTranberg for the report (#3497)

Complete Changes

v2.9.1...v2.9.2

Release v2.9.1

Changelog

Go Version

• 1.19.1: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Ability to remove a server by peer ID instead of server name (#3473)
  • Peer ID in the meta_cluster of statsz or jsz monitoring endpoint (#3476)
  • Ability to apply a discard new policy per subject. A new JSON field in the stream configuration called discard_new_per_subject can now be set (along with discard new policy and max messages per subject > 0) (#3487)

Improved

• JetStream:
  • Optimize acknowledgment handling. Thanks to @neilalexander for the report and contribution (#3468, #3472)

Updated

• Dependencies (#3491)

Changed

• JetStream:
  • When filtering a source stream, use the new consumer create API subject (#3478)

Fixed

• JetStream:
  • Peer randomization when creating consumers group for replicas of 1. Thanks to @goku321 for the contribution (#3470)
  • Added an error if consumer's Name and Durable are not equal when sending to the new $JS.API.CONSUMER.CREATE.%s.%s.%s subject (#3471)
  • Server was not sending a 409 to the client library when a pull request was closed after sending at least a message but could not send more if that would exceed the max_bytes pull request limit (#3474)
  • Possible panic on peer remove on server shutdown (#3477)
  • Filtered consumers may also receive messages on other subjects from the stream. Thanks to @perestoronin for the report (#3486)
• LeafNode:
  • A server that accepts a leaf connection on the websocket port, and the websocket{} block had a no_auth_user defined, this user was not being used for the account binding for that leaf node connection (#3489)
• Edge condition handling in {{Split()}} subject mapping function (#3463)

Complete Changes

v2.9.0...v2.9.1

Release v2.9.0

Changelog

IMPORTANT NOTE: Leafnode connections will now be closed if the cluster name is detected to be the same on the "hub" and "spoke", and reconnect attempts will be delayed by 30 seconds. If you are unaware of this misconfiguration you may experience a split network for longer than expected during the upgrade process. See the CHANGED section below and more details in pull request #3232.

Go Version

• 1.19.1: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • A new stream configuration field AllowDirect allows capable client libraries to have a new API that retrieves a message from any member of the group (leader or replicas). Note that this can lead to non-coherent reads after write since a replica may respond to the request although that replica does not yet have the latest write. The configuration field MirrorDirect allow the mirror to be part of the origin's group (#3158, #3221, #3238, #3247, #3252, #3325, #3329, #3358, #3380, #3392, #3441)
  • Support for InactiveThreshold for durable consumers. If the inactivity threshold is specified, a durable that is offline for more than this duration will be removed (#3190)
  • Ability for an operator to move streams, and support for tags reload (#3217, #3236, #3234, #3270, #3354, #3376, #3419)
  • Support for filter subject in a mirror configuration (#3227)
  • Support for consumer replica change. Thanks to @goku321 for the report (#3293)
  • Support for account purge operation by sending a request to $JS.API.ACCOUNT.PURGE.<account name>. Thanks to @goku321 and @sourabhaggrawal for the report (#3319, #3378)
  • Support for AES-GCM cipher encryption for FileStore (#3371)
  • Ability to override the default server limit for stream catchup. For instance jetstream: { max_outstanding_catchup: 32MB }. This limit is how many bytes in total may be inflight during streams catchup. This can help lower network bandwidth saturation (#3418)
  • Pagination for StreamInfo requests. Note that not all clients may have the ability to provide the offset at the time of the server release (#3454)
• LeafNodes:
  • Support for a SignatureHandler in remote configurations. This is applicable to applications embedding the NATS Server. Thanks to @kung-foo for the suggestion (#3335)
• Monitoring:
  • Account specific in/out messages/bytes and slow consumers statistics in $SYS.ACCOUNT.%s.SERVER.CONNS message response (#3187)
  • New endpoint /accstatz to get specific account statistics (such as number of connections, messages/bytes in/out, etc...) (#3250, #3382)
  • The /healthz endpoint is now also available via the system account under the $SYS.REQ.SERVER.PING.HEALTHZ subject (#3250)
  • New options for the /healthz endpoint: /healthz?js-enabled=true to return an error if JetStream is disabled, and /healthz?js-server-only=true to skip the check of JetStream accounts, streams and consumers. Thanks to @mfaizanse for the contribution (#3326)
  • The /connz?auth=1 endpoint now includes a tls_peer_certs array with subject, subject public key and raw certificate sha256. Thanks to @RedShift1 for the suggestion (#3387)
  • The /jsz?accounts=true endpoint will now show non 0 values for reserved_memory and reserved_storage when applicable (#3435)
• MQTT:
  • A new configuration option consumer_inactive_threshold allow new QoS1 consumers to be removed if they are offline for more than the specified duration (based on #3190) (#3193)
• Use of a library that automatically sets GOMAXPROCS to match Linux container CPU quota. Thanks to @1995parham for the contribution (#3218, #3224, #3237, #3406)
• A new server configuration option DontListen that triggers the server to accept only "in memory" client connections. This is for embedded use-cases only and is paired with changes made in the client library nats.go. Thanks to @neilalexander for the contribution (#2360, #3225)
• Support for JWT account option DisallowBearer (#3127)
• Stubs for WebAssembly. This allows NATS Server to be built under the js/wasm target. Thanks to @neilalexander for the contribution (#2363)
• Symlink for the deb/rpm packages. Since v2.7.4, the server is installed under /usr/bin instead of /usr/local/bin as it used to. We now have added symlink to /usr/local/sbin. Thanks to @ismail0352 for the report (#3242)
• Templates to scoped signing key user permissions (#3367, #3373, #3390)
• New subject mapping functions: SplitFromLeft, SplitFromRight, SliceFromLeft, SliceFromRight and Split (#3305)
• Building of executable, deb and rpm packages for the s390x architecture (#3458)

Changed

• Gateway:
  • Phasing out of the "optimistic" mode whereby a server could send messages to the remote cluster without knowing if there was an interest or not. The remote cluster would reply with a "no interest" protocol. As of v2.9.0, servers that creates a gateway connection to a server of that version (and above) will no longer send messages in optimistic mode since it is assumed that all accounts will be switched to interest-only mode (where the subscription interest map is sent over) (#3383)
• JetStream:
  • Stream's RePublish configuration field is now a new RePublish object (and SubjectMapping has been removed) that allows for a new boolean field called HeadersOnly. This could be useful for large messages and having republish just be a signaling mechanism (#3157)
  • When a pull request exceeds the maximum bytes, the error returned will be a "409" now instead of a "408" (#3172)
  • Make pull consumers FIFO per message, not per request (#3241)
  • Accept Nats-Expected-Last-Sequence with a 0 value. The server used to ignore if the sequence was 0, but now it will treat it as a requirement that the stream be empty if the header is present with a value of 0. Thanks to @bruth for the suggestion (#3038)
  • A consumer "Maximum Deliveries" count can now be updated. Thanks to @abegaj for the contribution (#3265)
  • Encryption of meta and RAFT stores (#3308)
  • Now return an error if there is an overlap between a source/mirror filter subject and the existing origin stream's subjects (#3356)
  • Compression in RAFT and stream catchup traffic when nodes are v2.9.0+. This can reduce network bandwidth (#3419)
• LeafNodes:
  • On establishment, the connection will now be closed when the same cluster name is detected on the "hub" and "spoke" side (#3232)
• Default to essential client information. We did default to full sharing for an export from the system account, the main one being JetStream (#3220)
• The queue group named _sys_ is now reserved and an application attempting to use it would get a permission violation (#3246)

Improved

• JetStream:
  • Server under heavy load and low on resources like file descriptors (#3168)
  • Performance of wildcard filtered consumer with stream with many subjects (#3184)
  • Better distribution in placement of streams in a cluster when no "max bytes" is set (#3194)
  • When the user adds a stream that already exists with a different configuration, the error description returned to the application was "stream name already in use", it will now be "stream name already in use with a different configuration". Also, when the user tries to restore a stream, if the stream was already present, the operation would fail with "stream name already in use", it will now be "stream name already in use, cannot restore". Thanks to @AndrewDK for the suggestion (#3280)
  • Speed of storing new keys with a large number of pre-existing keys (#3320)
  • Replicas ordering and information regarding unknown replica in stream information API response (#3347)
  • Catchup logic (#3348)
  • Catchup aborted on requester failure and better flow control (#3349)
  • FileStore for large KeyValue streams (#3351, #3353, #3366, #3401, #3413, #3416)
  • Usage of the FileStore implementation for the RAFT logs (#3377, #3394)
  • General improvements to clustered streams during server restart and KV/Compare-And-Swap use cases (#3392)
  • Ability to secure the creation of consumer for libraries sending consumer creation requests to the new subject $JS.API.CONSUMER.CREATE.<stream>.<subject>.<filter> (#3409)
  • Better accounting for max-bytes for pull consumers (#3456)
  • Better error description when an asset placement fails (#3342, #3459)
• Server banner for Trusted Operators now displays the Expires date as Never instead of the epoch time. Thanks @mschneider82 for the contribution (#3452)

Updated

• Dependencies (#3153, #3263, #3286)
• JetStream:
  • Allow consumer filter subjects to be updated (#3216)
  • AckAll and NoAck are now allowed on pull consumers (#3442)

Fixed

• Configuration Reload:
  • Configuration reload would fail if a leafnodes block would contain an authorization{} block, even if no modification was done there. Thanks to @cleaton for the report (#3204)
  • Some data races that could also lead to a server panic when processing a subscription and trying to send it to routes (#3222)
• Gateway:
  • Possible panic if monitor endpoint is inspected too soon on startup (#3374)
  • Possible routing issues with System messages and JetStream when internal subscriptions are created and internal requests are sent through gateways. The replies may sometimes be missed (#3427)
• JetStream:
  • Suppress consumer and stream advisories on server restart and any direct stream get message (#3156, #3160, #3162)
  • Possibly fail to retrieve a newly stored message. This would happen when stores and load using "last for subject" were concurrent (#3159)
  • When using Republish feature, republish on the republish subject and place original subject in a Nate-Subject header - similar to stream direct get message...

Release v2.8.4

Changelog

Go Version

• 1.17.10: Both release executables and Docker images are built with this Go release.

Fixed

• JetStream:
  • Consumer pending count was not correct when a stream had max messages per subject greater than 1 and a consumer that filtered out part of the stream was created (#3148)
  • Spurious 408 status messages sent to pull consumers. Also made some modifications to reduce lock contention between processing of acknowledgments and delivery of messages (#3149)
• MQTT:
  • Connections with same client ID but on different domains may have been detected as duplicates (#3150)

Complete Changes

v2.8.3...v2.8.4

Release v2.8.3

Changelog

Go Version

• 1.17.10: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Consumer configuration has now MaxRequestMaxBytes as a int to limit a pull request to that many bytes (#3126)
  • Allow explicit consumer configuration of replica count and memory storage (#3128, #3131). Note: This feature is not compatible or tested in conjunction with modifying the associated stream's replication factor once created (2.7.3+).
  • EXPERIMENTAL FEATURE: Stream configuration has now RePublish which is a SubjectMapping with a Source and Destination. This enables lightweight distribution of messages to very large number of NATS subscribers (#3129, #3138)
• MQTT:
  • New configuration parameters stream_replicas, consumer_replicas and consumer_memory_storage, which allow the override of the replica count for MQTT streams (which are normally auto-determined base on the cluster size, but capped at 3) and also override the consumer replica count and possibly underlying storage (based on feature added in #3128). Thanks to @ianzhang1988 for the feedback (#3130)

Improved

• JetStream:
  • Tweak RAFT election timeouts and heartbeats and also reduce lock contention (#3132, #3135)
• Monitoring:
  • A route information in /routez will now include start, last_activity, uptime and idle fields (#3133)

Fixed

• JetStream:
  • Panic due to non loaded message cache during a file compaction (#3110)
  • Downstream sourced retention policy streams during server restart have redelivered messages (#3109, #3122)
  • Possible lockup due to a missing mutex unlock in some conditions (#3115)
  • Panic when processing a consumer create in clustered mode. This was introduced in v2.8.2 (#3117)
  • Some data races (#3120, #3134)
  • Panic runtime error: makeslice: cap out of range on server restart. Thanks to @ajlane for the report (#3121)
  • A purge with a given subject and a sequence of 1 for a stream with a single message would not work (#3121)
  • Some JS API requests handled through routes or gateways may be dropped when there were too many of them at once (#3142)
  • Consumer with "deliver new" delivery mode could skip messages in some conditions after a consumer step down or server(s) restart (#3143)
• MQTT:
  • Errors deleting consumers will now prevent deletion of the session record, which would otherwise leave orphan consumers. Thanks to @ianzhang1988 for the report (#3144)
• Accounts Export/Import isolation with overlap subjects. Thanks to @JH7 for the report (#3112)

Complete Changes

v2.8.2...v2.8.3

Release v2.8.2

Changelog

Go Version

• 1.17.9: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • A JSConsumerDeliveryNakAdvisory when a message is nak'ed. Thanks to @Coffeeri for the contribution (#3074)

Improved:

• JetStream:
  • KeyValue memory store performance for history of 1 (#3081)
  • A check was done twice (per message) for max_msg_per_subject and discard_new policy, which is the case for KV stores (#3101)
  • Reduce the number of RAFT warnings to 1 per second (for exact same log line) (#3100)
  • Bumped the default file store block size (#3102)

Changed

• JetStream:
  • When reaching the max number of pull requests, the server would evict existing pending requests (with a 408 Request Canceled) instead of sending a 409 Exceeded MaxWaiting to the new request (#3099)

Fixed

• JetStream:
  • Step-down timing for consumers or streams. When becoming leader a consumer's stream sequence number could be reset (#3079)
  • Not able to recover a consumer if a source based stream which housed the consumer filter subject was removed. Also made updates to the /healthz behavior (#3080)
  • File store compaction would not work well for blocks with small messages and lots of interior deletes. The index file was also written too often (#3087)
  • Subject transforms and delivery subjects (#3088)
  • Lock inversion, but no known situations that would have triggered it (#3092)
  • Possible panic when checking for RAFT group leaderless status (#3094)
  • A pull consumer with a MaxWaiting of 1 would not send the notification that the request timed-out (#3099)
  • RAFT and clustering issues that may have contributed to repeated warnings about inability to store an entry to WAL and expected first catchup entry to be a snapshot and peer state (#3100)
• Permissions:
  • Queue subscription's deny subjects were not always enforced. CVE-2022-29946 (#3090)

Complete Changes

v2.8.1...v2.8.2

Release v2.8.1

Changelog

Go Version

• 1.17.9: Both release executables and Docker images are built with this Go release.

Changed:

• JetStream:
  • Enforce a minimum of 100ms for "max age" and "duplicates window" settings (#3056)

Updated:

• Dependencies:
  • golang.org/x/crypto due to a CVE scan. However, since this affects crypto/ssh that the server is not using, the vulnerability does not impact the NATS Server. Thank you to @pgvishnuram for the contribution (#3065)

Fixed

• JetStream:
  • Assets migration may fail due to an aggressive internal polling mechanism (#3059)
  • Mirror streams would fail to be recovered from an earlier NATS Server versions with an error regarding duplicate window. Thanks to @yadvlz and @BenChen-PKI for the reports (#3060, #3067)
  • Mirror and Sources issues, especially in a mixed-mode super cluster layout (#3061, #3066)
  • A stream with a source may be canceled when the stream was updated. Thanks to @sargikk for the report (#3061)
• LeafNode:
  • Failed to propagate subscription interest after a configuration reload. Thanks to @LLLLimbo for the report (#3058)

Complete Changes

v2.8.0...v2.8.1

Release v2.8.0

Changelog

Go Version

• 1.17.9: Both release executables and Docker images are built with this Go release.

Added:

• LeafNode:
  • Support for a min_version in the leafnodes{} that would reject servers with a lower version. Note that this would work only for servers that are v2.8.0 and above (#3013)
• Monitoring:
  • Server version in monitoring landing page (#2928)
  • Logging to /healthz endpoint when failure occurs. Thanks to @samuel-form3 for the contribution (#2976)
  • MQTT and Websocket blocks in the /varz endpoint (#2996)
• JetStream:
  • Consumer check added to healthz endpoint (#2927)
  • Max stream bytes checks (#2970)
  • Ability to limit a consumer's MaxAckPending value (#2982)
  • Allow streams and consumers to migrate between clusters. This feature is considered "beta" (#3001, #3036, #3041, #3043, #3047)
  • New unique_tag option in jetstream{} configuration block to prevent placing a stream in the same availability zone twice (#3011)
  • Stream Alternates field in StreamInfo response. They provide a priority list of mirrors and the source in relation to where the request originated (#3023)
• Deterministic subject tokens to partition mapping (#2890)

Changed:

• Gateway:
  • Duplicate server names are now detected across a super-cluster. Server names ought to be unique, which is critical when JetStream is used (#2923)
• JetStream:
  • Processing of consumers acknowledgments are now done outside of the socket read go routine. This helps reducing occurrences of "Readloop" warnings for route connections when there was a lot of pending acknowledgements to process per consumer. The redeliveries are also possibly postponed (by chunk of 100ms) to favor processing of acknowledgements (#2898)
  • Lower default consumer's "Maximum Ack Pending" from 20,000 to 1,000. This affects only applications/NATS CLI that do not set an explicit value. If you notice a performance degradation and your system can handle very well a higher value, then the parameter should be explicitly configured to a higher value when creating the consumer/subscription (#2972)
• Duplicate user names in authorization{} and accounts{} blocks are now detected and will fail the start of the server. Thanks to @smlx for the report (#2943)

Improved

• Configuration:
  • Skip exact duplicate URLS for routes, gateways or leaf nodes. Duplicate route URLs could cause issues for JetStream cases since it may prevent electing a leader (#2930)
• Logging:
  • Limiting rate of some identical warnings (#2994)
• JetStream:
  • Behavior of "list" and "delete" operations for offline streams has been improved (responses no longer hanging or failing) (#2925)
  • When a consumer had a backoff duration list, the server could check for redeliveries more frequently than it should have. The redelivery timing was still honored though (#2948)
  • Ensures the cluster information in /jsz monitoring endpoint is sent from the leader only (#2932, #2983, #2984)
  • Memory pooling and management (#2960)
  • Consumer snapshot logic and disk usage in clustered mode. Thanks to @phho for the report (#2973)
  • Performance of ordered consumers (and stream catchup) with longer RTTs (#2975)
  • Performance for streams containing multiple subjects and consumer with a filter. Thanks to @samuel-form3 for the report (#3008)
  • Reduction of unnecessary leader elections (#3035)
  • On recovery, the server will now print the filenames for which bad checksums were detected (#3053)

Fixed

• JetStream:
  • Consumer state handling, for instance a consumer with "DeliverNew" deliver policy could receive old messages after a server restart in some cases (#2927)
  • Removal of an external source stream was not working properly. Thanks to @kylebernhardy for the report (#2938)
  • Possible panic on leadership change notices (#2939)
  • Possible deadlock during consumer leadership change. Thanks to @wchajl for the report (#2951)
  • Scaling up a stream was not replicating existing messages (#2958)
  • Heavy contention in file store could result in underflow and panic. Thanks to @whynowy for the report (#2959)
  • Consumer sample frequency not updated during a consumer update. Thanks to @boris-ilijic for the report and contribution (#2966)
  • Some limit issues on update (#2945)
  • Memory based replicated consumers could possibly stop working after snapshots and server restart. The $SYS folder could also being seen as growing in size. Thanks to @phho and @MilkyWay-core for the reports (#2973)
  • Possible panic (due to data races) when processing pull consumer requests. Thanks to @phho for the report (#2977)
  • Account stream imports were not removed on configuration reload. Thanks to @alirezaDavid for the report (#2978)
  • Sealed streams would not recover on server restart (#2991)
  • Possible panic on server shutdown trying to migrate ephemeral consumers (#2999)
  • A "next message" request for a pull consumer, when going over a gateway but down to a Leafnode could fail (#3016)
  • Consumer deliver subject incorrect when imported and crossing route or gateway (#3017, #3025)
  • RAFT layer for stability and leader election (#3020)
  • Memory stream potentially delivering duplicates during a node restart. Thanks to @aksdb for the report (#3020)
  • A stream could become leader when it should not, causing messages to be lost (#3029)
  • A stream catchup could stall because the server sending data could fail during the process but still send an indication that the other server that catchup did complete (#3029, #3040)
  • Route could be blocked when processing an API call while an asset was recovering a big file (#3035)
  • Assets (streams or consumers) state could be removed if they had been recreated after being initially removed (#3039)
  • When running on mixed-mode, a JetStream export could be removed on JWT update (#3044)
  • Possible panic on cluster step-down of a consumer (#3045)
  • Some limit enforcement issues and prevent loops in cyclic source stream configurations (#3046)
  • Some stream source issues, including missing messages and possible stall (#3052)
  • On configuration reload, JetStream would be disabled if it was enabled only from the command line options. Thanks to @xieyuschen for the contribution (#3050)
• Leafnode:
  • Interest propagation issue when crossing accounts and the leaf connection is recreated. This could also manifest with JetStream since internally there are subscriptions that do cross accounts. Thanks to @LLLLimbo and @JH7 for the report (#3031)
• Monitoring:
  • reserved_memory and/or reserved_storage in the jetstream{} block of the /varz endpoint could show incorrect huge number due to a unint64 underflow (#2907)
  • verify_and_map in the tls{} block would prevent inspecting the monitoring page when using the secure https port. Thanks to @rsoberano-ld for the report (#2981)
  • Possible deadlock when inspecting the /jsz endpoint (#3029)
• Miscellaneous:
  • Client connection occasionally incorrectly assigned to the global account. This happened when the configuration was incorrectly referencing the same user in authorization{} and accounts{}. Thanks to @smlx for the report (#2943)
  • The NATS account resolver, while synchronizing all JWTs, would not validate the nkey(s) or jwt(s) received via the system account (CVE-2022-28357) (#2985)
  • Reject messages from application that have an invalid reply subject (contains the $JS.ACK prefix) (#3026)
  • Allow server to run as system user on Windows. Thanks to @LaurensVergote for the contribution (#3022)

Complete Changes

v2.7.4...v2.8.0

Release v2.7.4

Changelog

Note about .deb/.rpm packages

We use Goreleaser to build our assets, and it seems that it changed the default install from /usr/local/bin to /usr/bin. See Goreleaser's change here. We are sorry for the inconvenience this may cause.

Go Version

• 1.17.8: Both release executables and Docker images are built with this Go release.

Improved

• JetStream:
  • Better startup logging to help debug RAFT log directories to streams/consumers (#2897)

Fixed

• JetStream:
  • The consumers count when getting stream information could be wrong in clustered mode (#2896)
  • Never used clustered and filtered consumers consume storage under $SYS. Thanks to @nayanparegi and @aksdb for the reports (#2899, #2914)
  • Stream not recovered on restart with "deleted message", "checksum" or "no message cache" errors (#2900)
  • Schema violations in the NATS CLI tool caused by large number overflow when "active" field for Sources and Mirrors was computed and there had been no contact yet (#2903)
  • Some Stream advisories were missing (#2887)
  • Inconsistent durable consumer state after stream peer removal (#2904)
  • Scaling up and down for streams and consumers (#2905)
  • Validate files' path when restoring stream from a snapshot/backup (CVE-2022-26652). Thanks to Yiming Xiang for the report (#2917)
• Monitoring:
  • Panic on non 64-bit platforms due to an unaligned 64-bit atomic operation. Thanks to @mlorenz-tug for the report (#2915)
• LeafNode:
  • Queue subscription interest could be suppressed in complex situations causing messages to not flow from a LeafNode server to the rest of the (super)cluster (#2901)
• Fixed some lock inversions (#2911)

Complete Changes

v2.7.3...v2.7.4

Release v2.7.3

Changelog

Go Version

• 1.17.7: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Allow replica updates during stream update (#2867)
  • Allow stream placement by tags (#2871)

Updated

• Dependencies:
  • github.com/klauspost/compress: v1.13.4 -> v1.14.4
  • github.com/minio/highwayhash : v1.0.1 -> v1.0.2

Improved

• JetStream:
  • Sparse consumers replay time. This is when a stream has multiple subjects and a consumer filters the stream to a small and spread out list of messages (#2848, #2863)
  • Small improvements to send performance when sending to a full stream (#2877)

Fixed

• Gateway:
  • Connection could fail with 'Authorization Violation' and parser error due to an initial PING possibly sent prior to the CONNECT protocol. Also, the server accepting a connection was not starting the authentication timer, which responsibility is to close the connection if the CONNECT protocol is not received within the gateway's authentication timeout. It can be configured with authorization{ timeout: 5.0 } in the gateway{} block, but if not set will default to 2 seconds. Thanks to @jimenj1970 for the report (#2881)
• JetStream:
  • Flow control stall under specific conditions of messages size (#2847)
  • A stream name is tied to its identity and cannot be changed on restore (#2857)
  • The consumer information's state in response to a consumer create request could return inaccurate information, specially regarding number of pending messages (#2858)
  • Remove "fss" files from a snapshot when a block is removed. Thanks to @nekufa for the report (#2859)
  • Prevent a panic when stream restore fails (#2864
  • Interest policy and staggered filtered consumers could fail to remove messages. Thanks to @lukasGemela for the report (#2875)
  • Remove "key" files when removing message blocks and encryption is used. Thanks to @exename for the report (#2878)
  • Reduce logging for internal message exchange (#2879)
  • Rare possible re-use of internal RAFT inbox that could cause a node to receive a message on the wrong inbox, possibly leading to a panic. Servers would likely have to be started at the exact same time for that to happen (#2879)

Complete Changes

v2.7.2...v2.7.3