BugFixes
- Backward compatible for RMI protocol #911
- Hessian serialization:
- Redis and Multicast registry can not offline.
Enhancements
- Annotation enhancement, #1205. The dubbo-spring-boot-starter has also been released based on this version.
- Add switch for qos:
dubbo.application.qos.enable=true/false
. Notice the new way we configure qos, for example,has been changed todubbo.qos.port
dubbo.application.qos.port
. #1189 - Graceful shutdown, add extra waiting time between registry unregister and threadpool shutdown. #1021
- Improve performance of hessian serialization by avoid usage of inefficient
synchronized
. #1196 - Avoid retry when parameter validation fails. #1031
- Condition router should also check default values. #1204
Vulnerability Patches
- From this version, we will check if the serialization id received from network(only if the id identifies JDK serialization) matches with that in current instance. If it can't be matched, the deserialization process will be rejected. Since the original JDK deserialization has security problems, we do this to prevent unexpected tamper of serialization type, e.g. from
hessian2
tojava
.