Release v2.0.0

Changelog

Go Version

• 1.11.10: Both release executables and Docker images are built with this Go release.

Backward incompatibility

• The routing protocol has been dramatically improved and adds support for accounts and multi-tenancy. The new protocol is not backward compatible with servers <2.0.0.
• For users embedding NATS Server and using Varz() to get server statistics should be aware of some changes described in #989

Changed

• Repository and server name have changed: gnatsd becomes nats-server (#985)
• With go.mod, users embedding NATS Server should change their import path to include /v2. For instance:

import (

    natsd     "github.com/nats-io/nats-server/v2/server" 
)

• Cluster permissions moved out of cluster's authorization section (#747)
• The utility mkpasswd.go file was moved to its own directory util/mkpasswd to enable go get to install this tool (#996)

Added

• NKey support (#743)
• Accounts support (#755)
• JWT Support (#804)
• Gateways (#808)
• Leaf Nodes (#928)
• System events (#823)
• Support of TLS certificate subject for users authentication (#896, #909)
• Support of SANs in TLS certificate for user permissions. Thanks to @twrobel3 for the report (#966)
• Ability to disable TLS server name verification for routes. Thanks to @softkot for the contribution (#921)
• Ability to explicitly set server name for TLS in Gateways. Thanks to @danielsdeleo for the contribution (#922)
• Configuration check with -t command line parameter (#745)
• Support for route permissions configuration reload (#753)
• Lame duck mode (#780)
• Support for path as argument to --signal. Thanks to @pires for the contribution (#838)
• Expose connection remote address in ClientAuthentication. Thanks to @ripienaar for the contribution (#837)
• ntp.service dependency to the systemd service file. Thanks to @andyxning for the contribution (#880)
• Configuration parameter to select the frequency at which failed route, gateways and leaf nodes connections are reported. Thanks to @santo74 for the feedback (#1000, #1001)
• List or route URLs in cluster{} from /varz endpoint (#1012)
• Ability to ignore top-level unknown configuration field (#1024)

Improved

• New route protocol (#786)
• Fan in/out scenarios (#876)
• Various optimizations (#897)
• Utility mkpasswd's help output. Thanks to @andyxning for the contribution (#881)
• You can now have unquoted strings that start with number (#893)
• Use of https for README's links. Thanks to @huynq0911 for the contribution (#914)
• Warning on plaintext password in configuration and redact them from log statements (#743, #776)

Fixed

• Misleading "Slow Consumer" error message during a TLS Handshake (#836)
• Report "Slow Consumer" only for clients that do complete the connect process (#861)
• Configuration reload of boolean flags. Thanks to @sazo for the report (#879)
• Runaway process when parsing a configuration file with missing a } or ) (#887)
• Don't allow overruns for message payloads. Thanks to @valichek for the report (#889)
• Possible delays in delivering messages (#895)
• Possible slow consumer when routes exchange their subscriptions list (#912)
• Protocol Parser type safety. Thanks to @nmiculinic for the contribution (#908)
• Use of custom authentication with configuration reload. Thanks to @Will2817 for the report (#924)
• Issue with utility mkpasswd on Windows platform. Thanks to @Ryner51 for the report (#935)
• Some typos. Thanks to @huynq0911, @JensRantil for their contributions.
• Changes to Varz content and fixed race conditions (#989)

Complete Changes

v1.4.1...v2.0.0

Pre-Release v2.0.0-RC14

Do not use, v2.0.0 is now released: https://github.com/nats-io/nats-server/releases/tag/v2.0.0

Release v1.4.1

Changelog

Go Version

• 1.11.5: Both release executables and Docker images are built with this Go release.

Fixed

• Possible delay in flushing data (#901)

Complete Changes

v1.4.0...v1.4.1

Release v1.4.0

Changelog

Go Version

• 1.11.4: Both release executables and Docker images are built with this Go release.

Added

• Warning if passwords are stored in plain text in config. Redact password from CONNECT trace.
• Support for cluster permissions reload (#753)
• Support a path as argument to --signal. Thanks to @pires for the contribution (#838)
• RemoteAddress() to the CustomClientAuthentication interface. Thanks to @ripienaar for the contribution (#837)

Changed

• Cluster permissions moved out of cluster's authorization (#747)

Fixed

• Ports file on Windows (#733)
• Memory usage for failed TLS connections (#872)
• Issue with configuration reload for some boolean parameters, such as logtime. Thanks to @sazo for the report (#874, #879)
• Reduced risk of slow consumer in fan in scenarios (#876)

Complete Changes

v1.3.0...v1.4.0

Release v1.3.0

Changelog

Go Version

• 1.11: Both release executables and Docker images are built with this Go release.

Added

• Allow/Deny permissions (#725, #727). It is now possible to specify deny permissions
  for subjects. For instance:

authorization {
    myUserPerms = {
      publish = {
        allow = "*.*"
        deny = ["SYS.*", "bar.baz", "foo.*"]
      }
      subscribe = {
        allow = "foo.*"
        deny = "foo.baz"
      }
    }

    users = [
        {user: myUser, password: pwd, permissions: $myUserPerms}
    ]
}

means that user myUser is allowed to publish to subjects with 2 tokens (allow = "*.*") but not to subjects matching SYS.*, bar.baz or foo.*. It can subscribe to subjects matching foo.* but not foo.baz.

Improved

• Scalability with high cardinality of subscriptions. Thanks to @gwik for the report (#726, #729)

Fixed

• Unexpected Authorization Error during configuration reload (#270)

Complete Changes

v1.2.0...v1.3.0

Release v1.2.0

Changelog

Go Version

• 1.10.3: Both release executables and Docker images are built with this Go release.

Added

• License scan status. Thanks to @xizhao (#658)
• PSE file for OpenBSD. Thanks to @gabeguz (#661)
• Best practices badge (#679)
• Governance and Maintainers files (#703)
• New rtt field in /connz monitoring endpoint. This measures the time between the server sent a PING to a client and the time it got the PONG back (#683)
• Ability to filter /connz by client ID (CID). Example: http://localhost:8222/connz?cid=100. Note that the CID is now sent back to the client. Client libraries have not yet been updated to report this to the application (#687)
• Tracking of closed connections and reason for their closing. To filter closed connections, use ?state=closed as in http://localhost:8222/connz?state=closed. Possible values for state are open, closed, all. The result now includes a new field reason that gives a reason why the connection was closed, for instance reason: Client means that the client closed the connection (#692). For example:

    {
      "cid": 2,
      "ip": "::1",
      "port": 63065,
      "start": "2018-07-05T11:00:16.09747933-06:00",
      "last_activity": "2018-07-05T11:00:21.441585272-06:00",
      "stop": "2018-07-05T11:00:23.445200428-06:00",
      "reason": "Slow Consumer (Write Deadline)",
      "uptime": "7s",
      "idle": "2s",
      "pending_bytes": 8265,
      "in_msgs": 0,
      "out_msgs": 4178,
      "in_bytes": 0,
      "out_bytes": 534784,
      "subscriptions": 1,
      "lang": "go",
      "version": "1.5.0"
    },

• New /connz?sort= sort options: start, stop and reason (#705)
• Support for "echo" feature. By default, if a connection subscribes on foo and publishes on foo, it will receive those messages. To prevent this, the client's CONNECT protocol includes a new boolean field named echo that should be set to false. The server is also sending a new int field proto in the INFO protocol to the client, allowing the client library to decide if it can use the "echo" feature or not. Client libraries have not yet been updated to take advantage of this feature (#698)
• Ability to specify a maximum number of subscriptions (per connection) (#707)
• Ability to get details about a subscription with /subsz?subs=1 (#707). For instance: http://localhost:8222/subsz?subs=1 may return:

"subscriptions_list": [
    {
      "subject": "foo",
      "sid": "1",
      "msgs": 1000,
      "cid": 2
    }
  ]

• Ability to test for matching subscriptions on a given subject (#707). For instance: http://localhost:8222/subsz?subs=1&test=foo would return the subscriptions_list with subscriptions matching the test subject. If no match is found, the subscriptions_list is not present.

Improved

• Authorization and Authentication documentation in README (#673, #678)
• Big performance improvement for fan-out situations (one message to many subscriptions). Special thanks to @ripienaar that has been helping test the solution at scale (#680).

Fixed

• Display of cluster port when configured as random (#657)
• Inability to remove a route from configuration (with configuration reload) if the remote server is not running (#682)
• Do not send more than one error when client sends invalid protocol. Thanks to @danielwertheim for the report (#684)
• Possible truncation of the subscription interest list when route connects (#680)
• Route behavior in high fan-out (slow consumer) (#680)

Updated

• Build requirements in the README (now require Go 1.9+ to build from source) and default cipher suites (#689)
• Elevate TLS statements from DBG to ERR. Thanks to @ripienaar for the report (#690)

v1.1.0...v1.2.0

Release v1.1.0

Changelog

Go Version

• 1.9.4: Both release executables and Docker images are built with this Go release.

Added

• Monitoring endpoint functions (Varz(), etc...) for those embedding NATS Server in their application. Thanks to @ripienaar for the report (#615)

Improved

• Better attempt at delivering messages to queue subscriptions. Thanks to @vkhorozvs (#638)
• Compatibility with JSON in configuration parser (#653)

Fixed

• Cluster topology change possibly not sent to clients (#631, #634)
• Race between delivering messages to queue subscriptions and subscriptions being unsubscribed (#641)
• Close log file on log re-open signal. Thanks to @acadiant for the report (#644)

Changed

• Moved to Apache 2.0 License following move to CNCF (#650)

Removed

• ssl_required field in INFO protocol. This was deprecated some time ago. The correct field to use is TLSRequired (#655)

Complete Changes

v1.0.6...v1.1.0

Release v1.0.6

Changelog

Go Version

• 1.9.4: Both release executables and Docker images are built with this Go release.

Added

• ARM32v6 Release build (#629)
• Server ID to /connz and /routez (#598)
• Server notifies clients when server join/leave/rejoins cluster. Thanks to @madgrenadier for feedback (#606, #626)
• Client and Cluster Advertise address (#608)
• GitCommit of release is printed in the banner (#624)

Improved

• Various internal optimizations (#580, #585)

Changed

• Log level for route errors were elevated from debug to error (#611)

Fixed

• Profiling and Monitoring timeout issues (#603)
• /connz could be delayed for TLS clients still in TLS handshake (#604)

Complete Changes

v1.0.4...v1.0.6

Release v1.0.4

Changelog

Go Version

• 1.8.3: Both release executables and Docker images are built with this Go release.

Added

• ARM64v8 Release build (#567)
• Systemd unit file. Thanks to @RedShift1 (#587)
• Custom Authentication. Thanks to @cdevienne (#576)

Fixed

• Subscriptions not closed in the cluster when using auto unsubscribe. Thanks to @ingosus (#551)
• Use of * and > in subjects as literals. Thanks to @s921102002 for the report (#561)
• Clarification about token usage. Thanks to @sarbash (#563)
• Sublist insert and remove with wildcards in literals (#573)
• Override from command line not always working (#578)
• Name of selected new cipher suites (#592)

Complete Changes

v1.0.2...v1.0.4

Release v1.0.2

Changelog

Go Version

• 1.7.6

Fixed

• Windows Docker Images failure to start with error: “The service process could not connect to the service controller” (#544)
• Unnecessary attempt to reconnect a route. When server B connected to A and B was then shutdown, A would try to reconnect to B once, although the route was implicit (#547)

Complete Changes

v1.0.0...v1.0.2