Changelog
Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.
Go Version
- 1.21.6
Dependencies
- golang.org/x/crypto v0.18.0
- golang.org/x/sys v0.16.0
- github.com/nats-io/nkeys v0.4.7
Added
TLS
- Add 'certs' option to TLS block for multi-cert support (#4889)
Improved
General
- Random number generation now uses a faster lock-free algorithm (#4901)
- no_auth_user is now allowed to be an nkey (#4938)
JetStream
- Improve matching efficiency of filter subjects in consumer (#4864) Thanks to @svenfoo for the contribution!
- Optimize JetStream metalayer snapshots by reducing allocations and simplifying marshaling (#4925)
- Micro-optimization where subject tokenization occurs (#4880) Thanks to @svenfoo for the contribution!
- Prevent backing up internal JS API requests in large-scale source and mirror setups (#4884)
- Optimize catchups for replicas and mirrors where there are a significant number of interior deletes (#4929)
- Reduce lock contention on the stream lock for some operations that could block routes & gateways (#4933)
- Do not load all blocks for NumPending when delivery is LastPerSubject (#4885)
- Call stream update only if the config has changed (#4898)
- Prevent large memory buildup in the apply queue for NRGs during startup (#4895)
- Finding the last sourced message for each source of a stream is now much faster (#4935)
MQTT
- Retained messages will now be fetched concurrently for a new subscription (#4835)
Fixed
Accounts
JetStream
- Fix accounting for replicas and tier limits (#4868, #4909)
- Ensure all filter subjects across consumers are accounted for when purging a stream (#4873) Thanks to @svenfoo for the contribution!
- Detect corrupt psim subjects during recovery of index.db (#4890)
- Don’t allow writing snapshots to disk before recovery has completed (#4927)
- Reduce memory usage during purge operations by flushing cache (#4905)
- Return an “Account not enabled” error when trying to access JetStream via the system account (#4910)
- Reduce the number of blocks loaded into memory when doing linear scans (#4916)
Leafnodes
- Mapping updates on reload for the global account are now propagated to leafnodes correctly (#4937)
- Leafnode authorization now supports nkeys (#4940)
MQTT
- Fixed an out-of-date error message on unsupported characters in MQTT topics (#4903)
OCSP
- Default to Unknown status instead of Good for unknown status assertions (#4917)
- Fixed OCSP Stapling not resuming for gateways on reload after certs change (#4943)