Release v2.3.3

Changelog

Go Version

• 1.16.6: Both release executables and Docker images are built with this Go release.

Added

• ReloadOptions API to support configuration reload without use of configuration file for embedded cases. Thanks to @taigrr for the contribution (#2341)
• Kind and ClientType to account CONNECT/DISCONNECT events. Thanks to @mullerch for the report (#2351)
• JetStream:
  • Streams and consumers now have a Description property (#2377)
  • New DeliverLastPerSubject delivery policy (#2381, #2390)

Changed

• Default account fetch timeout to be smaller than client timeout to increase probability of getting the Authorization Violation error instead of a i/o timeout error when credentials of an account has not yet been pushed to the account server (#2365)
• Executable symbol table no longer stripped. Thanks to @yzhao1012 and @justicezyx for the contribution (#2383)

Improved

• TLS timeout in configuration file parsing now accept units, such as "2s" for 2 seconds (#2364)
• JetStream:
  • Server restart time with many expired messages (#2387)

Fixed

• JetStream:
  • A data race on JetStream shutdown (#2353)
  • In clustered mode, the maximum consumers limit was not always applied for ephemeral consumers (#2354)
  • Consumer's NumPending may be stuck at 1 (#2357)
  • Removed a stack print that may appear in some cases since v2.3.1 (#2362)
  • Possible subscription leak when processing service imports and processing of pull subscribers (#2373)
  • Unique server name requirement across domains (#2378)
  • A clustered consumer on an interest retention policy could cause the server to panic when the consumer was being deleted (#2382)
  • Allow non-JS leafnode(s) to access a HUB transparently (#2393)
  • A stream with un-acknowledged messages would not redeliver new un-acknowledged messages following a purge. Thanks to @sloveridge for the report (#2394)
• Subscription on a subject that is not a subset of a wildcard import. Thanks to @DamianoChini for the report (#2369)
• OCSP issue in embedded cases when the TLS configuration did not set the certificate Leaf (#2376)

Complete Changes

v2.3.2...v2.3.3

Release v2.3.2

Changelog

Go Version

• 1.16.5: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Error codes for consumers creation errors (#2345)

Changed

• JetStream:
  • Creating an ephemeral consumer if there is not yet interest will no longer fail, that is, a JetStream consumer can be created prior to low level NATS subscription on the delivery subject (#2347)

Fixed

• JetStream:
  • Updates to a multi-subject tacked stream (#2334)
  • Possible publish timeout due to server sending messages to consumers on a slow connection (#2337)
  • Possible message corruption (#2344)
  • Peer info reports had a large last active values
• Headers handling in system services (#2338, #2348)

Complete Changes

v2.3.1...v2.3.2

Release v2.3.1

Changelog

Go Version

• 1.16.5: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Ability to get a stream last message by subject (#2313)
  • Ability to match based on last expected sequence per subject (#2322)

Improved

• JetStream:
  • Large number of R1 consumers per stream (#2324, #2326)

Fixed

• JetStream:
  • Max consumers was not enforced when set on a stream (#2316)
  • Clustered streams can become broken with sequence mismatch state on low level store failures (#2317)
  • Do not log at [ERR] level some "normal" store failures (such as max messages, bytes, etc..) (#2321)
• Race when generated random service reply subject (#2325)

Complete Changes

v2.3.0...v2.3.1

Release v2.3.0

Changelog

Go Version

• 1.16.5: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Richer API errors. JetStream errors now contain an ErrCode that uniquely describes the error. Thanks to @jon-whit and others for the suggestion (#2168, #2255, #2266)
  • Ability to send more advanced Stream purge requests (#2296, #2297, #2303, #2306)
  • Stream can now be configured with a per-subject message limit (#2284)
  • Encryption at rest (#2302)
• Monitoring:
  • JetStream information into statsz (#2269, #2276)
• OCSP support (#2240, #2263, #2277)

Changed

• CPU and memory usage report on macOS (removed dependency on ps) (#2260)
• Throttle the number of maximum subscriptions exceeded log statements per account, to 1 every 2 seconds (#2304)

Improved

• JetStream:
  • Setting initial pending and selecting starting sequence number of streams with multiple subjects (#2284)
  • Filestore memory usage (#2306)

Fixed

• Gateways:
  • Handling of subject rewrites for subjects to a globally routed subject (#2275)
  • Message headers were lost (passed in the message payload) from a response across a Gateway and through a route (#2278)
• JetStream:
  • Better support for multiple domains where the hub is JetStream enabled but the hub account is not, and the Leafnode is (#2261)
  • Orphaned consumers on sourced or mirrored streams keep trying to create new ones (#2279)
  • CPU spikes in some catch-up situations (#2280)
  • Dynamic account limits would be applied based on single server limits (#2281)
  • Error description missing in some requests (#2293, #2294, #2295)
• LeafNode:
  • Hanging connection when account can't be found (#2267, #2288)
  • Configuration reload could fail even if there were no changes to the Leafnode configuration (#2274)
  • Service export interest was not propagated correctly (#2288)
• MQTT:
  • Panic when subjects cross accounts with import/export. Thanks to @mullerch for the report (#2268)
• Websocket:
  • Compression/Decompression issues with continuation frames. Thanks to @luan007 for the report (#2300)
• Clients disconnected on configuration reload when only $SYS account is configured (#2301)
• Failed route TLS handshake would leave the failed connection's lock in a locked state (#2305)

Complete Changes

v2.2.6...v2.3.0

Release v2.2.6

Changelog

Go Version

• 1.16.4: Both release executables and Docker images are built with this Go release.

Changed

• pinned_certs is now also checked by servers initiating connections, not only when accepting them. Furthermore, connections whose certificate is no longer present in the pinned_cert list after a configuration reload, will be closed (#2247)

Fixed

• JetStream:
  • Possible message corruption with inbound messages that would have an existing header (#2241)
  • In cluster mode and with replicas greater than 1, after a valid "duplicate" error was returned (when using the Nats-Msg-Id header), the server would fail subsequent publish calls of non duplicate messages. It would take several attempts before the message would be accepted without error. Thanks to @krisdaniels for the report (#2245)
  • Messages would not be removed from the stream with WorkQueuePolicy and replicas greater than 1. Thanks to @danpoland for the report (#2246)
  • When using domains, cross domain transfers would stop working after updating the account JWT (#2248)
  • The monitoring endpoint /varz was showing total account usage instead of server usage. Thanks to @cjbottaro for the report (#2249)

Complete Changes

v2.2.5...v2.2.6

Release v2.2.5

Changelog

Go Version

• 1.16.4: Both release executables and Docker images are built with this Go release.

Added

• pinned_certs configuration in TLS blocks, which contains "fingerprint" of accepted certificates. If a connection presents a certificate with a fingerprint that is not in this list, the connection will be rejected (#2233)

Fixed

• JetStream:
  • Bad redelivered values on consumer state should not cause a panic (#2223)
  • Restoring snapshots would require access to /tmp directory, which is not available in docker images (#2227)
  • Ensure that removal of a peer is replicated (#2231)
  • Reject an invalid API prefix for source or mirror is used (#2237)
• MQTT:
  • Reduce replicas value when creating session streams if some servers in the cluster are not running (#2226)
• Monitoring:
  • Always initialize httpReqStats, which allows users embedding NATS Server to use the NATS server http handlers in their own http server, without producing a panic. Thanks to @BlizzTom for the contribution (#2224)
• Under double import scenarios, the server could possibly map to the wrong subject (#2225)

Complete Changes

v2.2.4...v2.2.5

Release v2.2.4

Changelog

Go Version

• 1.16.4: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • The information about an upstream stream source will now have an optional External stream information, which will allow to know the API Prefix (#2218)

Changed

• GetOpts() from ClientAuthentication interface will now returned *ClientOpts (instead of *clientOpts which was internal) (#2189)

Fixed

• JetStream:
  • Server was not checking for invalid de-duplication window specified in a stream mirror (#2204)
  • A store directory on disk without jetstream could appear to lose assets on restart (#2206, #2216)
  • Source stream does not import from another stream if that stream name is not unique within the importing stream sources (#2209)
  • Stream create (and others) responses do not return when the Leafnode is a cluster (#2212)
  • Single instance shows direct consumers when it shouldn't (#2214)
• Websocket:
  • Specifying same_origin or allowed_origins would prevent non web clients (that may not have the Origin header present) to connect, for instance Leafnodes. Thanks to @wutkemtt for the report (#2211)

Complete Changes

v2.2.3...v2.2.4

Release v2.2.3

Changelog

Go Version

• 1.16.4: Both release executables and Docker images are built with this Go release.

Security

• TLS default (secure) ciphers were not selected when configuring TLS from the command line as opposed to from the configuration file. Thanks to @DavidSimner for the report. See CVE-2021-32026 (#2167)

Added

• JetStream:
  • Support for multiple JetStream domains across Leafnodes. A new field called domain (a string) can be specified in the jetstream{} block (#2171, #2186, #2190, #2194)
• LeafNode:
  • dont_randomize configuration under a remote leaf configuration to restore original behavior that was no randomizing the list of URLs (#2156)
• Monitoring:
  • LeafNodes deny exports and imports in /varz (#2159)

Changed

• Server is now trying to send data from the producer's network loop only when both producers and consumers are user connections. Thanks to @shkim-will for the contribution (#2093)
• LeafNode:
  • Randomize remote URLs list by default. Thanks to @RudeDude for the suggestion (#2156)
• MQTT:
  • In order to support use of MQTT in some more complex setups, the server must enforce that its server_name configuration be explicitly defined (#2178)

Improved

• JetStream: stability for concurrent compact, purge, expiration and persisting of messages (#2180)

Fixed

• Panic on startup when using a NATS Resolver without having configured a system account. The server will now report the error instead of panic'ing (#2162)
• JetStream:
  • Pull based message delivery could drop responses in a super cluster configuration (#2166)
  • Under heavy load, a leader change could warn about not processing entry responses (#2173)
  • Stream bytes limit setting failed when account used dynamic limits. Also, file store implementation was not honoring block size (#2183)
  • Mirror/Source streams from work queues which could cause a deadlock on Interest policy streams (#2187)
  • Raft groups could continuously spin trying to catchup (#2191)
  • Check for more unwanted characters for the stream/consumer names, namely , \r, \n, \t and \f in addition to existing ., * and > (#2195)
• LeafNode:
  • A message loop could occur if a Leafnode, which has several members of a queue group, reconnects to a different server in a remote cluster. Thanks to @RudeDude for the report (#2163)
• Monitoring:
  • The http endpoint /varz would report increased subscriptions count every time it was inspected, even if no new subscription was added. Thanks to @cjbottaro and @harrisa1 for the report (#2172)
• MQTT:
  • JetStream assets would not be placed in the local LeafNode cluster (#2164)
  • A server would be forced to have JetStream enabled locally, which is not required if it is part of a cluster and JetStream is available in that cluster (#2164, #2178)
  • Several issues including connection timeouts, unexpected memory usage in QoS1 high publish message rate, etc... (#2178)
  • Retained message in cluster mode may not be delivered to starting matching subscription (#2179)
• The User.Username was not used when a custom authenticator was calling RegisterUser (#2165)
• Error parsing operator JWT on Windows (#2181)

Complete Changes

v2.2.2...v2.2.3

Release v2.2.2

Changelog

Go Version

• 1.16.3: Both release executables and Docker images are built with this Go release.

Added

• Kind() to the ClientAuthentication interface so that applications can know what type of connection they are dealing with (#2084)

Improved

• Some code cleanup. Thanks to @alexpantyukhin for the contributions (#2064, #2065)
• JetStream:
  • Startup for filtered consumers on large streams (#2075)
  • When running in mixed mode (some of clustered servers having JetStream enabled, some not) (#2095)
  • Setup with a remote Leafnode cluster extending a cluster or super-cluster and the JetStream domain. The Leafnode will not be elected as a leader and placement will by default be in the Leafnode's cluster (#2108)
• MQTT:
  • Error message when clients try to connect using Websocket protocol, which is currently not supported. Thanks to @LLLLimbo for the report (#2151)

Changed

• JetStream:
  • The StreamInfo response contained an array of sequences of deleted messages. It will now return the number of deleted messages and the request needs to set boolean deleted_details to true to get back the array of sequences of deleted messages (#2109)

Fixed

• JetStream:
  • Report the possible account loading failure when creating a stream (#2076)
  • Possible panic when a mirror was removed or its configuration changes (#2078)
  • Possible panic and file corruption during a file store compact (#2080)
  • Stream expired messages were not removed from consumer pending ack list (#2085)
  • Memory store should take length of message header into consideration to check for max bytes, similar to the file store implementation. Thanks to @alexpantyukhin for the contribution (#2086)
  • Issue with cached messages when server exits abruptly. Thanks to @GuangchaoDeng for the report (#2099, #2104)
  • Messages not properly removed from a stream with interest retention when a pull consumer was deleted. Thanks to @GuangchaoDeng for the report (#2105)
  • Mirrors failed when upstream messages had expired (#2110)
  • Make sure to stop unneeded retries for mirror consumers (#2113)
  • Subscription leak on failure when creating source consumers (#2118)
  • Files handles not closed on store close. Only impacting tests or applications embedding the server (#2121)
  • Inability to add some nodes to the group if they were not known prior to the meta group leader being elected (#2119)
  • General updates and stability improvements (#2131)
  • Prevent possible stall when shutting down a high traffic server or stream (#2146)
  • Errors deleting streams on Windows (#2152)
• LeafNode:
  • Incorrect loop detection when cluster of leaf nodes reconnect to a server in another cluster (#2066)
  • Subscriptions not properly removed during a route disconnect and information not properly forwarded to leaf nodes, resulting in possible unnecessary message flow (#2066)
  • Possible failure for a solicited leaf node connection to authenticate in extremely rare timing conditions (#2088)
  • Permission negotiation between two servers that could result in authorization failures causing connection to be closed (#2091, #2101)
  • Loss of subscription interest or closed connection could cause incorrect suppression of interest in a local cluster (#2124)
  • Possible panic due to concurrent access of unlocked map when permissions are set on a leaf node (#2136)
• Websocket:
  • TLS configuration changes were not reflected after a configuration reload (#2072)
• Monitoring:
  • Ensure /varz subscriptions count is for all accounts (#2074)
• Issue with concurrent fetching of an account that could result in message flow disruption (#2067)
• On TERM signal, the server would exit with code 0, while it should have been 1 (#2103)
• GetTLSConnectionState() was not using proper locking, resulting on some DATA RACE reports (#2122)
• Do not propagate service import interest across gateways and routes (#2123)

Complete Changes

v2.2.1...v2.2.2

Release v2.2.1

Changelog

Go Version

• 1.16.3: Both release executables and Docker images are built with this Go release.

Added

• Ability to set a timeout to NATS resolver (#2057)

Changed

• JetStreamVarz fields from structures to pointers so they can be omitted if empty. This is may affect users that embed the NATS Server in their code (#2009)

Improved

• Error log statement when an account registration fails (#2016)
• JetStream:
  • Durable consumers performance with Replicas > 1 (#2039, #2049)
  • Report error when mirror/sources stream prefix overlaps/collides with stream subjects (#2041)

Fixed

• JetStream:
  • Possible panic when consumers are stopped (#2008)
  • Panic on 32bit systems due to unaligned 64-bit atomic operations. Thanks to @GuangchaoDeng for the report (#2012)
  • Check for filter subject correctness of an upstream stream's mirror or source (#2013)
  • Reduce memory pressure and protect against some nil dereferences (#2015)
  • Mirror streams were not properly retrying after failures to create their internal consumer (#2017)
  • Prevent suppression of idle heartbeats for a filtered consumer on a busy stream (#2018)
  • Some updates for direct consumers (used for mirrors and sources streams) (#2021)
  • Possible double adds under reload or restart scenarios (#2023)
  • In operator mode, JetStream accounts were not all loaded on startup (#2024)
  • Consumer interest dropping and coming back across gateways (#2024)
  • Leaked subscriptions when retrying to create streams' source consumers (#2024)
  • Idle heartbeats were unnecessarily sent when a consumer was known to be active (#2024)
  • Performance degradation for mirrors and sources in presence of gaps (#2025)
  • Reworked sources and mirrors on missed data (#2026)
  • Reduce sliding window for direct consumers and catchup stream windows (#2027)
  • Flow control with multiple sources streams (#2028)
  • Chaining of sources and mirrors with filtered consumers (#2028)
  • General stability improvements (#2033)
  • Possible deadlock (#2034)
  • Panic when WAL was corrupted (#2045)
  • Prevent bad stream updates from deleting the stream (#2045)
  • When a request to get a message fails, returns code 404, instead of 500 (#2053)
  • Possible deadlock caused by an account lookup failure when processing a consumer assignment (#2054)
  • Consumer state (ack floor/pending or number of pending messages) could be skewed after server restarts (#2058)
• LeafNode:
  • verify_and_map was not honored (#2038)
  • When using Websocket connections, in some cases corruption could prevent messages to flow properly between nodes (#2040)
  • Subscriptions leak for subscriptions when hitting the "auto-unsubscribe" limit (#2059)
• MQTT:
  • Fix a possible subscription leak in setup failure conditions (#2061)
• Websocket:
  • Possible empty frames sent to webbrowser clients (#2040)
• Account connection events were not sent when using custom authentication (#2020)
• Disconnect clients for account JWT that has been disabled (#2048)

Complete Changes

v2.2.0...v2.2.1