Changelog
Go Version
- 1.16.4: Both release executables and Docker images are built with this Go release.
Security
- TLS default (secure) ciphers were not selected when configuring TLS from the command line as opposed to from the configuration file. Thanks to @DavidSimner for the report. See CVE-2021-32026 (#2167)
Added
- JetStream:
- LeafNode:
dont_randomize
configuration under a remote leaf configuration to restore original behavior that was no randomizing the list of URLs (#2156)
- Monitoring:
- LeafNodes deny exports and imports in
/varz
(#2159)
- LeafNodes deny exports and imports in
Changed
- Server is now trying to send data from the producer's network loop only when both producers and consumers are user connections. Thanks to @shkim-will for the contribution (#2093)
- LeafNode:
- MQTT:
- In order to support use of MQTT in some more complex setups, the server must enforce that its
server_name
configuration be explicitly defined (#2178)
- In order to support use of MQTT in some more complex setups, the server must enforce that its
Improved
- JetStream: stability for concurrent compact, purge, expiration and persisting of messages (#2180)
Fixed
- Panic on startup when using a NATS Resolver without having configured a system account. The server will now report the error instead of panic'ing (#2162)
- JetStream:
- Pull based message delivery could drop responses in a super cluster configuration (#2166)
- Under heavy load, a leader change could warn about not processing entry responses (#2173)
- Stream bytes limit setting failed when account used dynamic limits. Also, file store implementation was not honoring block size (#2183)
- Mirror/Source streams from work queues which could cause a deadlock on Interest policy streams (#2187)
- Raft groups could continuously spin trying to catchup (#2191)
- Check for more unwanted characters for the stream/consumer names, namely
\r
,\n
,\t
and\f
in addition to existing.
,*
and>
(#2195)
- LeafNode:
- Monitoring:
- The http endpoint
/varz
would report increased subscriptions count every time it was inspected, even if no new subscription was added. Thanks to @cjbottaro and @harrisa1 for the report (#2172)
- The http endpoint
- MQTT:
- JetStream assets would not be placed in the local LeafNode cluster (#2164)
- A server would be forced to have JetStream enabled locally, which is not required if it is part of a cluster and JetStream is available in that cluster (#2164, #2178)
- Several issues including connection timeouts, unexpected memory usage in QoS1 high publish message rate, etc... (#2178)
- Retained message in cluster mode may not be delivered to starting matching subscription (#2179)
- The
User.Username
was not used when a custom authenticator was callingRegisterUser
(#2165) - Error parsing operator JWT on Windows (#2181)