github nats-io/nats-server v2.2.0
Release v2.2.0

Changelog

Go Version

  • 1.16.2: Both release executables and Docker images are built with this Go release.

Added

  • JetStream, our new persistence offering
  • Websocket support (#1309)
    • Websocket Leafnode connections (#1858)
    • Cookie JWT authentication for Websocket. Thanks to #pas2k for the contribution (#1477)
  • MQTT Support (#1754)
    • Allow BearerToken as MQTT authentication method. Thanks to @angiglesias for the contribution (#1840)
  • Monitoring:
    • New Endpoint: jsz for JetStream (#1881)
    • New Endpoint /accountz (#1611)
    • Value of GOMAXPROCS in /varz endpoint (#1304)
    • Ability to include subscription details in monitoring responses (#1318)
    • Endpoints now available via system services (#1362)
    • Base path for monitoring endpoints. Thanks to @guilherme-santos for the contribution (#1392)
    • Filtering by account for /leafz and exposing this as per account subject (#1612)
    • Support for tags and filter PING monitoring requests by tags (#1832)
    • JWT/IssuerKey/NameTag/Tags to monitoring and event endpoints (#1830)
    • tls_required, tls_verify and tls_timeout to Cluster/Gateway/Leafnode sections under /varz (#1854)
    • Operator JWT to /varz (#1862)
    • system_account to /varz (#1898)
  • Options
    • lame_duck_grace_period (#1460)
    • sys_trace or --sys_trace command line to trace the system account (#1295)
    • resolver_tls to specify TLS configuration for account resolver. Thanks to @JnMik for the report (#1272)
    • allowed_connection_types to restrict which type connections (STANDARD, WEBSOCKET, etc..) can authenticate with a specific user (#1594)
    • verify_cert_and_check_known_urls to tie subject ALT name to URL in configuration (#1727)
    • account_token_position to simplify the securing of imports without requiring a token (#1874)
  • Support for JWT BearerToken (#1226)
  • Accounts default permissions (#1398)
  • Printing of the configuration file being used in the startup banner. Thanks to @rmoriz for the report (#1473)
  • Checks for CIDR blocks and connect time ranges specified in JWTs (#1567)
  • Support for route hostname resolution. Thanks to @israellot for the report (#1590)
  • Account name checks for Leafnodes in operator mode (#1739)
  • User JWT payload and subscriber limits (#1570)
  • Ability to use JWT latency sampling properties "headers" and "share" (#1776)
  • Support for wildcard services and import remapping by JWT (#1790)
  • Support for JWT export response threshold (#1793)
  • Enforcement and usage of scoped signing keys (#1805)
  • Support for StrictSigningKeyUsage (#1845)
  • Support for JWT based account mappings (#1897)
  • Build for mips64le platform. Thanks to @duchuanLX for the contribution (#1885)

Changed

  • nats.io resources from HTTP to HTTPS. Thanks to @DavidSimner for the contribution (#1596)
  • Default TLS and Authentication timeouts, to 2 seconds and TLS timeout + 1 second respectively (#1633)
  • Gateways:
    • Connections now always send PINGs (the server otherwise will sometime suppress PINGs) (#1692)
    • Log statements regarding Interest-only mode switch is now DBG instead of INF (#2002)
  • Enforce max_control_line for client connections only. The enforcement was previously happening only in case of handling of a partial protocol (#1850)

Improved

  • Better support for distinguishedNameMatch in TLS authentication (#1577)

Updated

  • Various dependencies, notably JWT and NKeys (#2004)

Fixed

  • Log file size limit not honored after re-open signal (#1438)
  • Leafnode issues
    • Unsubscribe may not be propagated correctly (#1455)
    • TLSMap authentication override (#1470)
    • Solicit failure race could leave the connection registered (#1475)
    • Loop detection may prevent early reconnect (#1607)
    • Possible panic when server accepts TLS Leafnode connection (#1652)
    • Duplicate queue messages in complex routing setup (#1725)
    • Reject duplicate remote (#1738)
    • Route parser error. Thanks to @wuddl6 for the report (#1745)
    • Configuration reload for remote TLS configurations (#1771)
    • Connection issues if scheme was not tls:// in some instances (#1846)
  • Gateway issues:
    • Implicit reconnection (#1785)
    • Implicit connection not using global username/password. Thanks to @DavidSimner for the report (#1915)
    • System account incorrect tracking of gateways routed replies (#1749)
    • Configuration reload for remote TLS configurations (#1771)
  • Connection name in log statement for some IPv6 addresses (#1506)
  • Handling of real duplicate subscriptions (same subscription ID sent by clients) (#1507)
  • Handling of gossiped URLs (#1517)
  • Queue subscriptions not able to receive system events (#1530)
  • JWT:
    • Revocation checks (#1632, #1645)
    • Validation of private imports (tokens) did return a warning instead of an error (#2004)
  • Detect service import cycles (#1731)
  • Syslog warning trace as a "INF" instead of "WRN". Thanks to @paoloteti for the contribution (#1788)
  • Monitoring endpoint /connz may report incorrect user. Thanks to @nqd for the report (#1800)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.1.9...v2.2.0

latest releases: v2.6.1, v2.6.0, v2.5.0...
6 months ago