github rabbitmq/rabbitmq-server v4.2.6
RabbitMQ 4.2.6
on GitHub

latest release: v4.3.0
8 hours ago

RabbitMQ 4.2.6 is a maintenance release in the 4.2.x release series.

It is strongly recommended that you read 4.2.0 release notes
in detail if upgrading from a version prior to 4.2.0.

Minimum Supported Erlang Version

RabbitMQ and Erlang/OTP Compatibility Matrix has more details on Erlang version requirements for RabbitMQ.

Nodes will fail to start on older Erlang releases.

Changes Worth Mentioning

Release notes can be found on GitHub at rabbitmq-server/release-notes.

Core Server

Bug Fixes

  • Quorum queues: get_checked_out aux command could return messages in incorrect order

    GitHub issue: #16008

  • rabbitmqctl forget_cluster_node now removes all quorum queue and stream members (replicas)
    before proceeding to leave the metadata store cluster.

    This order minimizes the risk of some replicas being left behind on the leaving node.

    GitHub issue: #15729

  • The channel limit exceeded error message now correctly identifies the per-user limit
    as the reason

    GitHub issue: #15750

  • AMQP 0-9-1: configure permission checks now apply to passive queue and exchange declarations,
    matching the behavior of their regular counterparts

  • Khepri: missing keys are now correctly distinguished from errors in certain internal operations,
    avoiding spurious error-level log messages

    GitHub issue: #15942

  • Bindings targeting Direct Reply-to pseudo-queues are now rejected instead of
    being silently accepted without any functional effect

    GitHub issue: #15935

Enhancements

  • More rabbitmq.conf keys now accept tagged values (e.g., encrypted:...)

    GitHub issue: #15808

  • When quorum queue members (replicas) are deleted from a node, either manually
    via rabbitmq-queues shrink or as part of rabbitmqctl forget_cluster_node,
    the members are stopped in parallel

    GitHub issue: #15081

  • AMQP 0-9-1: configure permission checks now apply to passive queue and exchange declarations,
    matching the behavior of their regular counterparts

    GitHub issue: #16085

  • AMQP 0-9-1: when a connection's credentials are refreshed, the permissions cache is now
    cleared and consumer permissions are re-validated immediately

    GitHub issue: #16092

Management Plugin

Bug Fixes

  • effective_policy_definition in HTTP API responses now returns an empty JSON object
    (not an array or empty string) when no policy applies to a queue

    GitHub issue: #16017

  • Management UI: OAuth 2 combined with basic_auth could fail to reload provider
    configuration correctly

    GitHub issue: #15858

  • Management UI: preference cookie expiry now respects the configured session timeout
    setting rather than using a hardcoded value

    GitHub issue: #15814

  • Management UI: users were presented with a 401 error after changing their own password
    via the UI. The session is now refreshed automatically

    GitHub issue: #15730

  • The deprecated, unused GET /api/auth endpoint was removed

    It has been out of use since 3.11 but never removed.

    GitHub issue: #16083

  • POST /api/users/bulk-delete now respects the protected_users configuration,
    matching the behavior of the single-user DELETE /api/users/:name endpoint

    GitHub issue: #16143

  • Quorum queue status and stream tracking endpoints now enforce virtual host
    access checks, consistent with all other vhost-scoped endpoints

    GitHub issue: #16104

Enhancements

  • HTTP API displays static connection info (peer address, TLS details, auth mechanism)
    even when stats collection is disabled via rabbitmq.conf

    GitHub issue: #16009

  • Super stream creation via HTTP API now verifies configure permission, matching
    the stream protocol code path

    GitHub issue: #16099

  • Management API regex filters (?name=...&use_regex=true) now enforce match limits,
    preventing pathological patterns from consuming excessive CPU time

    GitHub issue: #16074

MQTT Plugin

Bug Fixes

  • Fixed a timing-sensitive issue around Last Will message delivery and session expiration

    GitHub issue: #15999

Enhancements

  • MQTT QoS 0 queue type now reports member information in management API responses

    GitHub issue: #15656

Web MQTT Plugin

Enhancements

  • A default max_frame_size is now set on WebSocket connections, bounding decompressed frame sizes.
    The limit starts at mqtt.max_packet_size_unauthenticated and is raised after successful CONNECT

    GitHub issue: #16180

  • A login_timeout is now enforced for WebSocket connections, matching the TCP listener behavior

    GitHub issue: #16120

  • WebSocket Origin header validation is now available via web_mqtt.allow_origins

    GitHub issue: #16158

Web STOMP Plugin

Enhancements

  • A default max_frame_size is now set on WebSocket connections. A smaller pre-authentication
    limit is raised after successful STOMP CONNECT, matching the Web MQTT pattern

    GitHub issue: #16180

  • A login_timeout is now enforced for WebSocket connections, matching the TCP listener behavior

    GitHub issue: #16120

  • WebSocket Origin header validation is now available via web_stomp.allow_origins

    GitHub issue: #16158

Shovel Plugin

Bug Fixes

  • AMQP 1.0 shovels now properly detach links when closing connections, preventing
    spurious error log entries during shutdown

    GitHub issue: #15603

  • AMQP 1.0 shovel status no longer includes full connection URIs in API responses
    and CLI output

    GitHub issue: #16108

Shovel Management Plugin

Bug Fixes

  • DELETE operations now require the policymaker tag, matching the
    federation plugin counterpart

    GitHub issue: #16051

Federation Management Plugin

Bug Fixes

  • Federation link restart operations now require the policymaker tag

    GitHub issue: #16051

OAuth 2 Plugin

Bug Fixes

  • The auth cache backend now correctly delegates token expiry timestamps to the wrapped backend,
    ensuring connections are closed when tokens expire

    GitHub issue: #16100

  • OAuth 2 management UI: improved provider configuration loading and rendering

    GitHub issue: #15858

LDAP Plugin

Bug Fixes

  • DN values are now handled per RFC 4514

    GitHub issue: #16101

Trust Store Plugin

Enhancements

  • Refactored certificate identification to avoid (unlikely) conflicts

    GitHub issue: #16116

  • Proper CLI commands for trust store certificate management have been introduced

    GitHub issue: #15746

  • Rejected certificates are now logged with additional diagnostic details

    GitHub issue: #15889

Consistent Hashing Exchange Plugin

Bug Fixes

  • Binding weights above 10,000 are now rejected. Previously, extremely large weights could cause
    excessive memory allocation

    GitHub issue: #16118

Dependency Changes

  • khepri was upgraded to 0.17.7
  • gen_batch_server was upgraded to 0.9.1
Check out latest releases or
releases around rabbitmq/rabbitmq-server v4.2.6

Don't miss a new rabbitmq-server release

NewReleases is sending notifications on new releases.

Get notifications