Releases
v5.3.2
Enhancements
#11725 Introduced the LDAP as a new authentication and authorization backend.
#11752 Changed default RPC driver from
gen_rpctorpcfor core-replica database synchronization.This improves core-replica data replication latency.
#11785 Allowed users with the "Viewer" role to change their own passwords. However, those with the "Viewer" role do not have permission to change the passwords of other users.
#11787 Improved the performance of the
emqxcommand.#11790 Added validation to Redis commands in Redis authorization source. Additionally, this improvement refines the parsing of Redis commands during authentication and authorization processes. The parsing now aligns with
redis-clicompatibility standards and supports quoted arguments.
Bug Fixes
#11757 Fixed the error response code when downloading non-existent trace files. Now the response returns
404instead of500.#11762 Fixed an issue in EMQX's
built_in_databaseauthorization source. With this update, all Access Control List (ACL) records are completely removed when an authorization source is deleted. This resolves the issue of residual records remaining in the database when re-creating authorization sources.#11771 Fixed validation of Bcrypt salt rounds in authentication management through the API/Dashboard.
#11780 Fixed validation of the
iterationsfield of thepbkdf2password hashing algorithm. Now,iterationsmust be strictly positive. Previously, it could be set to 0, which led to a nonfunctional authenticator.#11791 Fixed an issue in the EMQX CoAP Gateway where heartbeats were not effectively maintaining the connection's active status. This fix ensures that the heartbeat mechanism properly sustains the liveliness of CoAP Gateway connections.
#11797 Modified HTTP API behavior for APIs managing the
built_in_databaseauthorization source. They will now return a404status code ifbuilt_in_databaseis not set as the authorization source, replacing the former20Xresponse.#11965 Improved the termination of EMQX services to ensure a graceful stop even in the presence of an unavailable MongoDB resource.
#11975 This fix addresses an issue where redundant error logs were generated due to a race condition during simultaneous socket closure by a peer and the server. Previously, concurrent socket close events triggered by the operating system and EMQX resulted in unnecessary error logging. The implemented fix improves event handling to eliminate unnecessary error messages.
#11987 Fixed a bug where attempting to set the
active_noption on a TCP/SSL socket could lead to a connection crash.The problem occurred if the socket had already been closed by the time the connection process attempted to apply the
active_nsetting, resulting in acase_clausecrash.
v5.3.1
Enhancements
- #11637 Added extra diagnostic checks to help debug issues when mnesia is stuck waiting for tables. Library Updates:
ekkahas been upgraded to version 0.15.15, andmriato version 0.6.4.
Bug Fixes
#11565 Upgraded jq library from v0.3.10 to v0.3.11. In this version, jq_port programs are initiated on-demand and will not appear in users' processes unless the jq function in EMQX is used. Additionally, idle jq_port programs will auto-terminate after a set period. Note: Most EMQX users are running jq in NIF mode and will not be affected by this update.
#11676 Hid a few pieces of sensitive information from debug-level logs.
#11697 Disabled outdated TLS versions and cipher suites in the EMQX backplane network (
gen_rpc). Added support for tlsv1.3 on the backplane and introduced new configuration parameters:EMQX_RPC__TLS_VERSIONSandEMQX_RPC__CIPHERS.The corresponding
gen_rpcPR: https://github.com/emqx/gen_rpc/pull/36#11734 Fixed clustering in IPv6 network. Added new configurations
rpc.listen_addressandrpc.ipv6_onlyto allow EMQX cluster RPC server and client to use IPv6.#11747 Updated QUIC stack to msquic 2.2.3.
#11796 Fixed rpc schema to ensure that client/server uses same transport driver.
#11798 Fixed the issue where the node could not start after executing
./bin/emqx data import [FILE].The connection between
apikey_keyandapikey_nameis also enhanced for better consistency and unique identification.apikey_key: When generating an API key via the dashboard,apikey_keywill now create a unique value derived from the provided human-readableapikey_name.apikey_nameConversely, when using a bootstrap file to generate an API key,apikey_namewill be generated as a unique value based on the associatedapikey_key.
#11813 Fixed the schema to ensure that RPC client SSL port aligns with the configured server port. This fix also guarantees that the RPC ports are correctly opened in the Helm chart.
#11819 Upgraded opentelemetry library to v1.3.1-emqx. This opentelemetry release fixes invalid metrics timestamps in the exported metrics.
#11861 Fixed excessive warning message printed in remote console shell.
#11733 Resolved an incompatibility issue that caused crashes during session takeover or channel eviction when the session was located on a remote node running EMQX v5.2.x or an earlier version.
#11750 Eliminated logging and tracing of HTTP request bodies in HTTP authentification and HTTP bridges.
#11886 Fixed backward plugin compatibility. Currently, EMQX validates hook point names, and invalid hook points cannot be used for hook registration. However, some older versions of plugin templates used misspelled hook points, and actual plugins in use may also have this issue. To maintain compatibility with these older plugins, we allow the use of the old hook points for hook registration, but we issue deprecated warnings for them. As before, these hooks will not be called.
#11897 Fixed the issue of waiting for a loop race condition during node configuration synchronization when cluster nodes are started approximately at the same time.
v5.3.0
Enhancements
#11597 Upgraded ekka to 0.15.13, which incorporates the following changes:
- Upgraded Mria to 0.6.2.
- Introduced the ability to configure the bootstrap data sync batch size, as detailed in Mria PR.
- Enhanced the reliability of mria_membership processes, as described in Mria PR.
- Fix log message formatting error.
- Added
node.default_bootstrap_batch_sizeoption to EMQX configuration. Increasing the value of this option can greatly reduce a replicant node startup time, especially when the EMQX cluster interconnect network latency is high and the EMQX built-in database holds a large amount of data, e.g. when the number of subscriptions is high.
#11620 Added a new rule-engine SQL function
bytesizeto get the size of a byte-string. e.g.SELECT * FROM "t/#" WHERE bytesize(payload) > 10.#11642 Updated to quicer version 0.0.200 in preparation for enabling openssl3 support for QUIC transport.
Bug Fixes
- #11682 Fixed an issue where logging would stop if "Rotation Size" would be set to
infinityon file log handlers. - #11567 Improve EMQX graceful shutdown (
emqx stopcommand):- Increase timeout from 1 to 2 minutes.
- Printed an error message if EMQX can't stop gracefully within the configured timeout.
- Print periodic status messages while EMQX is shutting down.
- #11584 Fixed telemetry reporting error on Windows when os_mon module is unavailable.
- #11605 Lowered CMD_overridden log severity from warning to info.
- #11622 Upgraded rpc library gen_rpc from 2.8.1 to 3.1.0.
- #11623 Upgraded library
esockdfrom 5.9.6 to 5.9.7. This upgrade included:- Enhancements regarding proxy protocol error and timeout. esockd pr#178
- Lowered
ssl_errorexceptions to info-level logging. esockd pr#180 - Malformed MQTT packet parsing exception log level is lowered from
errortoinfo. - In command
emqx ctl listenersoutput, theshutdown_countcounter is incremented when TLS handshake failure (ssl_error) or Malformed packet (frame_error) happens.
- #11661 Fixed log formatter when log.HANDLER.formatter is set to 'json'. The bug was introduced in v5.0.4 where the log line was no longer a valid JSON, but prefixed with timestamp string and level name.
- #11667 Disabled access to the
logoutendpoint by the API key. This endpoint is for the Dashboard only.