Releases

e5.1.0

Enhancements

• #11035 (opens new window) Upgraded Cassandra driver to avoid username and password leakage in data bridge logs.
• #10584 (opens new window) Added log level configuration to SSL communication
• #10678 (opens new window) Optimized counter increment calls to avoid work if increment is zero.
• #10690 (opens new window) Added a retry mechanism to webhook bridge that attempts to improve throughput. This optimization retries request failures without blocking the buffering layer, which can improve throughput in situations of high messaging rate.
• #10702 (opens new window) Introduced a more straightforward configuration option keepalive_multiplier and deprecate the old keepalive_backoff configuration. After this enhancement, EMQX checks the client’s keepalive timeout status period by multiplying the “Client Requested Keepalive Interval” with keepalive_multiplier.
• #10698 (opens new window) Optimized memory usage when accessing the configuration during runtime.
• #10778 (opens new window) Refactored Pulsar Producer bridge to avoid leaking resources in case bridge crashed during initialization phase.
• #10813 (opens new window) Refactored Kafka Producer and Consumer bridges to avoid leaking resources in case bridge crashed during initialization phase.
• #10858 (opens new window) A new utility function timezone_to_offset_seconds/1 has been added to the rule engine SQL language. This function converts a timezone string (for example, “+02:00”, “Z” and “local”) to the corresponding offset in seconds.
• #10841 (opens new window) Added a schema validation to ensure message key is not empty when “key_dispatch” strategy is selected in Kafka and Pulsar Producer bridges.
• #10754 (opens new window) The MQTT bridge has been enhanced to utilize connection pooling and leverage available parallelism, substantially improving throughput. As a consequence, single MQTT bridge now uses a pool of clientids to connect to the remote broker.
• #10782 (opens new window) Added a new deliver_rate option to the retainer configuration, which can limit the maximum delivery rate per session in the retainer.
• #10877 (opens new window) Upgraded RocketMQ driver to enhance security for sensitive data.
• #10598 (opens new window) Provided a callback method of Unary type in ExProto to avoid possible message disorder issues.
• #10895 (opens new window) Refactored most of the bridges to avoid resource leaks in case bridge crashed during initialization phase.
• #10790 (opens new window) Optimized access to configuration in runtime by reducing overhead of reading configuration per zone.
• #10892 (opens new window) Added the requirement for setting SID or Service Name in Oracle Database bridge creation.
• #10910 (opens new window) The data bridge resource option auto_restart_interval was deprecated in favor of health_check_interval, and request_timeout was renamed to request_ttl. Also, the default request_ttl value went from 15 seconds to 45 seconds. The previous existence of both auto_restart_interval and health_check_interval was a source of confusion, as both parameters influenced the recovery of data bridges under failures. An inconsistent configuration of those two parameters could lead to messages being expired without a chance to retry. Now, health_check_interval is used both to control the interval of health checks that may transition the data bridge into disconnected or connecting states, as well as recovering from disconnected.
• #10929 (opens new window) Upgraded Erlang/OTP to 25.3.2-1.
• #10909 (opens new window) Removed the deprecated HTTP APIs for gateways.
• #10908 (opens new window) Refactored the RocketMQ bridge to avoid resources leaks in case bridge crashed during initialization phase.
• #10924 (opens new window) Refactored Influxdb bridge connector to avoid resource leaks in case bridge crashed during initialization phase.
• #10944 (opens new window) Improved the GCP PubSub bridge to avoid a potential issue that the bridge could fail to send messsages after node restart.
• #10933 (opens new window) Added support for configuring TCP keep-alive in MQTT/TCP and MQTT/SSL listeners.
• #10948 (opens new window) Added live_connections field for some HTTP APIs, i.e:
  • /monitor_current, /monitor_current/nodes/{node}
  • /monitor/nodes/{node}, /monitor
  • /node/{node}, /nodes
• #10941 (opens new window) Improved the collection speed of Prometheus metrics when setting prometheus.vm_dist_collector=disabled and metric erlang_vm_statistics_run_queues_length_total is renamed to erlang_vm_statistics_run_queues_length
• #10985 (opens new window) Renamed emqx ctl command cluster_call to conf cluster_sync. The old command cluster_call is still a valid command, but not included in usage info.
• #10988 (opens new window) Improved log security when data bridge creation fails to ensure sensitive data is always obfuscated.
• #10926 (opens new window) Allowed enable as well as enabled as the state flag for listeners. Prior to this change, listener can be enable/disabled by setting the true or false on the enabled config. This is slightly different naming comparing to other state flags in the system. Now the enable flag is added as an alias in listener config.
• #10970 (opens new window) A query_mode parameter has been added to the Kafka producer bridge. This parameter allows you to specify if the bridge should use the asynchronous or synchronous mode when sending data to Kafka. The default is asynchronous mode.
• #10676 (opens new window) Added CLI commands emqx ctl export and emqx ctl import for importing/exporting configuration and user data. This allows exporting configurations and built-in database data from a running EMQX cluster and importing them into the same or another running EMQX cluster.
• #11003 (opens new window) Added an option to configure TCP keepalive in Kafka bridge.
• #10961 (opens new window) Added support for unlimited max connections for gateway listeners by allowing infinity as a valid value for the max_connections field in the configuration and HTTP API.
• #11019 (opens new window) Improved log security for JWT, now it will be obfuscated before print.
• #11024 (opens new window) Added a small improvement to reduce the chance of seeing the connecting state when creating/updating a Pulsar Producer bridge.
• #11034 (opens new window) Hid the broker config and changed the broker.shared_subscription_strategy to mqtt.shared_subscription_strategy as it belongs to mqtt.
• #11045 (opens new window) The listener’s authentication and zone related apis have been officially removed in version 5.1.0.
• #11062 (opens new window) Renamed config log.file.to to log.file.path.

Bug Fixes

• #11018 (opens new window) Fixed multiple issues with the Stomp gateway, including:

  • Fixed an issue where is_superuser was not working correctly.
  • Fixed an issue where the mountpoint was not being removed in message delivery.
  • After a message or subscription request fails, the Stomp client should be disconnected immediately after replying with an ERROR message.

• #11051 (opens new window) Added validation to ensure that certificate depth (listener SSL option) is a non negative integer.

• #10563 (opens new window) Corrected an issue where the no_local flag was not functioning correctly in subscription.

• #10653 (opens new window) Stored gateway authentication TLS certificates and keys in the data directory to fix the problem of memory leakage.

• #10682 (opens new window) Fixed the timestamp for the will message is incorrectly assigned at the session creation time, now this timestamp is the disconnected time of the session.

• #10701 (opens new window) RPM package for Amazon Linux 2 did not support TLS v1.3 as it was assembled with Erlang/OTP built with openssl 1.0.

• #10677 (opens new window) Fixed an issue in the Rule API where attempting to delete a non-existent rule resulted in a 404 HTTP error code response.

• #10715 (opens new window) Support for getting the client certificate in the client.connected hook. Previously, this data was removed after the connection was established to reduce memory usage.

• #10737 (opens new window) Fixed the issue where the HTTP API interface of Gateway cannot handle ClientIDs with special characters, such as: !@#$%^&*()_+{}:"<>?/.

• #10809 (opens new window) Addressed ** ERROR ** Mnesia post_commit hook failed: error:badarg error messages happening during node shutdown or restart. Mria pull request: https://github.com/emqx/mria/pull/142 (opens new window)

• #10807 (opens new window) The debug-level logs related to license checks will no longer be printed. These logs were generated too frequently and could interfere with log recording.

• #10818 (opens new window) Fixed emqx_ctl traces command error where the traces start command in the emqx_mgmt_cli module was not working properly with some filters.

• #10600 (opens new window) Deleted emqx_statsd application.

• #10820 (opens new window) Fixed the issue where newly added nodes in the cluster would not apply the new license after a cluster license update and would continue to use the old license. Sometimes the new node must start with a outdated license. e.g. use emqx-operator deployed and needed to scale up after license expired. At the time the cluster’s license key already updated by API/CLI, but the new node won’t use it.

• #10851 (opens new window) Obfuscated sensitive data in the bad API logging.

• #10884 (opens new window) Fixed an issue where trying to get rule info or metrics could result in a crash when a node is joining a cluster.

• #10887 (opens new window) Fixed a potential issue where requests to bridges might take a long time to be retried. This only affected low throughput scenarios, where the buffering layer could take a long time to detect connectivity and driver problems.

• #10878 (opens new window) Fixed a vulnerability in the RabbitMQ bridge, which could potentially expose passwords to log files.

• #10871 (opens new window) Fixed an issue where the Dashboard shows that the connection still exists after a CoAP connection is disconnected, but deletion and message posting requests do not take effect.

• #10880 (opens new window) Added a new REST API POST /clients/kickout/bulk for kicking out multiple clients in bulk.

• #10913 (opens new window) Fixed an issue where the plugin status REST API of a node would still include the cluster node status after the node left the cluster.

• #10923 (opens new window) Fixed a race-condition in channel info registration. Prior to this fix, when system is under heavy load, it might happen that a client is disconnected (or has its session expired) but still can be found in the clients page in dashboard. One of the possible reasons is a race condition fixed in this PR: the connection is killed in the middle of channel data registration.

• #10930 (opens new window) Added a schema validation for duration data type to avoid invalid values. Before this fix, it was possible to use absurd values in the schema that would exceed the system limit, causing a crash.

• #10952 (opens new window) Disallow enabling fail_if_no_peer_cert in listener SSL options if verify = verify_none is set. Setting fail_if_no_peer_cert = true and verify = verify_none caused connection errors due to incompatible options. This fix validates the options when creating or updating a listener to avoid these errors.

  Note: any old listener configuration with fail_if_no_peer_cert = true and verify = verify_none that was previously allowed will fail to load after applying this fix and must be manually fixed.

• #10951 (opens new window) Fixed the issue in MQTT-SN gateway when the mountpoint did not take effect on message publishing.

• #10943 (opens new window) Deprecated UDP mcast mechanism for cluster discovery. This feature has been planed for deprecation since 5.0 mainly due to the lack of actual production use. This feature code is not yet removed in 5.1, but the document interface is demoted.

• #10902 (opens new window) Avoid syncing cluser.hocon file from the nodes running a newer version than the self-node. During cluster rolling upgrade, if an older version node has to restart due to whatever reason, if it copies the cluster.hocon file from a newer version node, it may fail to start. After this fix, the older version node will not copy the cluster.hocon file from a newer, so it will use its own cluster.hocon file to start.

• #10967 (opens new window) Fixed error message formatting in rebalance API: previously they could be displayed as unclear dumps of internal Erlang structures. Added wait_health_check option to node evacuation CLI and API. This is a time interval when the node reports “unhealthy status” without beginning actual evacuation. We need this to allow a Load Balancer (if any) to remove the evacuated node from balancing and not forward (re)connecting clients to the evacuated node.

• #10911 (opens new window) The error message and log entry that appear when one tries to create a bridge with a name the exceeds 255 bytes is now easier to understand.

• #10983 (opens new window) Fixed the issue when mqtt clients could not connect over TLS if the listener was configured to use TLS v1.3 only. The problem was that TLS connection was trying to use options incompatible with TLS v1.3.

• #10977 (opens new window) Fixed the delay in updating subscription count metric and corrected configuration issues in Stomp gateway.

• #10950 (opens new window) Fixed the issue where the enable_qos option does not take effect in the MQTT-SN gateway.

• #10999 (opens new window) Changed schema validation for Kafka fields ‘Partition Count Refresh Interval’ and ‘Offset Commit Interval’ to avoid accepting values larger then maximum allowed.

• #10997 (opens new window) The ClickHouse bridge had a problem that could cause messages to be dropped when the ClickHouse server is closed while sending messages even when the request_ttl is set to infinity. This has been fixed by treating errors due to a closed connection as recoverable errors.

• #10994 (opens new window) Redacted proxy-authorization headers as used by HTTP connector to avoid leaking secrets into log files.

• #10996 (opens new window) For any unknown HTTP/API request, the default response is a 404 error rather than the dashboard’s index.html.

• #11005 (opens new window) Fixed the issue where the method field cannot be correctly printed in the trace logs of AuthN HTTP.

• #11006 (opens new window) Fixed QUIC listeners’s default cert file paths. Prior to this change, the default cert file paths are prefixed with environment variable ${EMQX_ETC_DIR} which were not interpolated before used in QUIC listeners.

• #10998 (opens new window) Do not allow batch_size option for MongoDB bridge resource. MongoDB connector currently does not support batching, the batch_size config value is forced to be 1 if provided.

• #10955 (opens new window) Fixed the issue in MQTT-SN gateway where deleting Predefined Topics configuration does not work.

• #11025 (opens new window) Fixed a case_clause error that could arise in race conditions in Pulsar Producer bridge.

• #11030 (opens new window) Improved error messages when a validation error occurs while using the Listeners HTTP API.

• #11033 (opens new window) Deprecated the mountpoint field in AuthenticateRequest in ExProto gateway. This field was introduced in e4.x, but in fact, in e5.0 we have provided gateway.exproto.mountpoint for configuration, so there is no need to override it through the Authenticate request.

  Additionally, updates the default value of subscriptions_max, inflight_max, mqueue_max to infinity.

• #11040 (opens new window) Fixed a health check issue for Kafka Producer that could lead to loss of messages when the connection to Kafka’s brokers were down.

• #11038 (opens new window) Fixed a health check issue for Pulsar Producer that could lead to loss of messages when the connection to Pulsar’s brokers were down.

• #11042 (opens new window) Fixed crash on REST API GET /listeners when listener’s max_connections is set to a string.

• #11028 (opens new window) Disallowed using multiple TLS versions in the listener config that include tlsv1.3 but exclude tlsv1.2. Using TLS configuration with such version gap caused connection errors. Additionally, drop and log TLS options that are incompatible with the selected TLS version(s).

  Note: any old listener configuration with the version gap described above will fail to load after applying this fix and must be manually fixed.

• #11031 (opens new window) Fixed credential validation when creating bridge and checking status for InfluxDB Bridges.

• #11056 (opens new window) Fixed the issue where newly created listeners sometimes do not start properly. When you delete a system default listener and add a new one named ‘default’, it will not start correctly.

  • Fixed the bug where configuration failure on certain nodes can cause Dashboard unavailability.

• #11070 (opens new window) Fixed the problem that the cluster.autoclean configuration item does not take effect.

• #11092 (opens new window) and #11100 (opens new window) Fixed problem when replicat nodes were unable to connect to the core node due to timeout in mria_lb:core_nodes() call. Relevant mria pull request: https://github.com/emqx/mria/pull/143 (opens new window)

Breaking Changes (opens new window)

Known Issues (opens new window)