This document contains release information about VMware RabbitMQ for Kubernetes version 1.2.x, 1.3.x, and 1.4.x releases.

VMware RabbitMQ for Kubernetes software is available for download from VMware Tanzu Network.

Release 1.4

Release 1.4.1

VMware RabbitMQ 1.4.1 contains the following packages and changes

• RabbitMQ 3.11.8
• Erlang 25.2
• Cluster Operator 2.1.0
• Messaging Topology Operator 1.10.1
• Standby Replication Operator 0.7.0
• A new audit-logger package to audit events that are triggered by RabbitMQ clusters is included in this release. Go to the Install, Configure and Use the VMware RabbitMQ audit-logger Package documentation to install and use it.

RabbitMQ 3.11.8 Changes

RabbitMQ version 3.11.8 is a maintenance release in the 3.11.x release series. The main fixes in this release are:

Core Server

Stream throughput improvements are implemented for workloads, which have a lot of smaller size messages (messages less than 10 bytes).

CLI Tools Features

• rabbitmqctl hash_password is a new command that produces a hashed value for the password that is provided.

• rabbitmq-diagnostics check_port_connectivity now supports a new optional --address flag where the user can now enter an IP address for the node and test it's connectivity. Previously, only hostname resolution was allowed. This is useful when the target node is configured to only listen for connections on one interface but not others. The following example shows how to provide the IP address with the --address flag.

  rabbitmq-diagnostics check_port_connectivity --address 127.0.0.1
  rabbitmq-diagnostics check_port_connectivity --address "::1"
  

Management Plugin

The bug fixes are:

• Filtering users when using pagination in the RabbitMQ Management UI did not work as expected, this is now fixed.
• Correctly formatted the JSON field value in the channel_details API response.

AMQP 1.0 Plugin

• AMQP 1.0 connection churn was causing a memory leak, this is now fixed.

STOMP Plugin

• STOMP client subscriptions to a destination that is an AMQP 0-9-1 exchange now creates an exclusive, auto-delete queue on an exchange. Previously, it only created an only auto-delete queue but it was not exclusive.

For more information about other features and fixes introduced in the RabbitMQ 3.11.0, review the release notes or to review release notes for RabbitMQ versions from 3.11.2 to the current 3.11.8, go to here and select the release notes file for the particular version you want.

Release 1.4.0

VMware RabbitMQ 1.4 contains the following packages and changes

• RabbitMQ 3.11.2
• Erlang 25.1.1
• Cluster Operator 2.0.0
• Messaging Topology Operator 1.9.0
• Standby Replication Operator 0.7.0

RabbitMQ 3.11.2 Changes

RabbitMQ version 3.11.2 is a maintenance release in the 3.11.x release series. The main fixes in this release are:

Core Server

• RabbitMQ version 3.10.0 introduced an issue where Broker version 3.10.0 and later versions occasionally stop sending publisher confirms for classic mirrored queues.
• The classic mirrored queue leader replica was issuing too much credit to follower replicas which caused an uneven load and memory footprint between the leader replica and follower replicas. The amount of credit issued now is more accurate.
• The Intra-cluster Compression communication link metrics collector was running into an exception when a peer connection was re-established. An example of when this might happen is after a peer node restarts.

MQTT Plugin

When a node was put into maintenance mode, it closed all MQTT client connections for the entire cluster instead of just local client connections.

RabbitMQ 3.11.0 Features

Open Source RabbitMQ 3.11.x contains some great features, which you can avail of. The main features in RabbitMQ 3.11.x are:

Streams

Single Active Consumer: RabbitMQ 3.11 introduced the single active consumer feature for streams. With this feature, several consumer instances can be attached to a stream with one consumer instance active at a time. If the active consumer instance goes down, the next instance automatically take over ensuring processing continues with minimal interuption. To summarize, this features provides exclusive consumption and consumption continuity on a stream. For more information, refer to the Single Active Consumer for Streams blog.

OAuth 2 support

• Previously, the RabbitMQ Management UI only supported the User Account and Authentication Service (UAA) identity provider. Now it supports any identity provider compliant with the OpenID Connect standard, such as Auth0, Keycloak, Azure, and UAA.
• The RabbitMQ Management UI no longer supports implicit flow. It now only supports the much safer authorization code with PKCE.
• The OAuth 2 plugin only supported permissions encoded as scopes. Now, in addition, RabbitMQ supports a new permission model called called Rich Authorization Request.

For more information about other features and fixes introduced in the RabbitMQ 3.11.0, review the release notes or to review release notes for RabbitMQ versions from 3.10.6 to the current 3.11.2, go to here and select the release notes file for the particular version you want.

Cluster Operator 2.0.0

Clusters now have the value of the cluster_formation.target_cluster_size_hint configuration parameter set automatically. This value is adjusted by the Cluster Operator if the size of the cluster changes. Currently, this value is used by RabbitMQ at start up to wait for all nodes to join the cluster and before specific operations such importing definitions.

Messaging Topology Operator 1.9.0

The main changes are:

• You can now create and manage TopicPermission objects using the Messaging Topology Operator. Topic authorisation targets topic-orientated protocols such as STOMP and MQTT.
• When management.path_prefix is set in the spec.rabbitmq.additionalConfig of a RabbitmqCluster, the Messaging Topology Operator now successfully connects to that cluster.

Photon OS Security Updates

Updated packages for the Photon OS are released to address critical security updates. For more information, refer to:

• Security Update 3.0 479
• Security Update 3.0 480
• Security Update 3.0 489

Release 1.3

Release 1.3.2

VMware RabbitMQ 1.3.2 is a security release which has one change. Erlang is now updated to version 24.3.4.4 to include the fix for CVE-2022-37026. Everything else remains the same as the 1.3.1 release.

Release 1.3.1

VMware RabbitMQ 1.3.1 contains the following packages and changes

• RabbitMQ 3.10.6
• Erlang 24.3.4
• Cluster Operator 1.14.0.
• Messaging Topology Operator 1.7.1
• Standby Replication Operator 0.7.0

RabbitMQ 3.10.6 Changes

RabbitMQ version 3.10.6 is a maintenance release in the 3.10.x release series. The main changes in this release are:

• Core server enhancements and bug fixes
• Consistent hashing bug fixes for the Event Exchange Plugin
• The Consul Peer Discovery Plugin now supports client-side TLS options

For a full list of changes, review the RabbitMQ 3.10.6 release notes. Release notes for previous RabbitMQ versions 3.10.2 to 3.10.5 are here.

Cluster Operator 1.14.0

For a full list of changes, review the Cluster Operator 1.14.0 release note.

Release notes for previous Cluster Operator versions can be reviewed here.

Messaging Topology Operator 1.7.1

For a full list of changes, review the Messaging Topology Operator 1.7.1 release note.

Release notes for previous Messaging Topology Operator versions can be reviewed here.

Standby Replication Operator 0.7.0

This operator now supports getting credentials from Vault when configuring a downstream RabbitMQ cluster.

Release 1.3.0

VMware RabbitMQ 1.3 contains the following packages and changes

• RabbitMQ 3.10.2
• Erlang 24.3.4
• Cluster Operator 1.13.1
• Messaging Topology Operator 1.6.0
• Standby Replication Operator 0.6.2
• Importing large definitions file from a HTTP location

RabbitMQ 3.10 Features

Quorum Queue Features

• Dead Lettering with at-least-one Guarantees: Some messages stored in RabbitMQ quorum queues will expire or be negatively acknowledged by consumers. Now, instead of silently dropping them, RabbitMQ 3.10 can be configured to “dead letter” these messages, which means they are republished to a special-purpose exchange. This new opt-in feature is called “at-least-once” dead lettering. It is available for source queues when they are quorum queues. This feature ensures that all messages dead lettered in the source quorum queue will arrive at the target queues (classic queue, quorum queue, or stream) eventually even where messages may be lost with the “at-most-once” strategy.
• Message TTL (time to live): Now with RabbitMQ, you can set TTL for both messages and queues. This is controlled by optional queue arguments. The best way to configure it is using a policy. TTL can be applied to a single queue, a group of queues, or on a message-by-message basis.

Classic Queues

• Classic queues now ship a new message store and queue index implementation known as CQv2. The operator must opt in to use CQv. CQv1 is still used by default.

Streams Support

• Streams benefit from bug fixes and optimizations. Streams now also support replication over TLS based on the inter-node TLS configuration.

Scope Aliases in the OAuth 2 Plugin

• The OAuth 2 plugin can now configured with a map of scopes to sets of RabbitMQ permissions. This enables the plugin to integrate with identity providers that use scopes as role names assigned to a client identity.

Performance Improvements

• Higher throughput
• Lower latency
• Faster node startups

Find out more about these performance improvements in the RabbitMQ 3.10 Performance Improvements blog.

To review release notes for RabbitMQ versions 3.10.0 to 3.10.2, access the following links:

• RabbitMQ 3.10.0
• RabbitMQ 3.10.1
• RabbitMQ 3.10.2

Cluster Operator 1.13.1

The main changes are:

• Added support for Kubernetes version 1.23. Note, the minimum supported Kubernetes version is 1.19.x.
• The Operator now exposes service binding in the RabbitmqCluster status when Vault integration is setup. Service binding was supported in previous versions but it is now supported when Vault integration is setup.

For a full list of changes, review the Cluster Operator 1.13.1 release note.

Release notes for previous Cluster Operator versions can be reviewed here.

Messaging Topology Operator 1.6.0

The main changes are:

• Interacts with Non-Operator managed RabbitMQ.
• Uses a custom domain to connect to RabbitMQ.
• Supports reconciling Topology objects at specific time intervals.

For a full list of changes, review the Messaging Topology Operator 1.6.0 release note.

Release notes for previous Messaging Topology Operator versions can be reviewed here.

Importing Large Definitions Files from a HTTP Location

You can now import definitions from a URL accessible over HTTPS on node boot. Set the definitions.import_backend and definitions.https.url config keys to https and a valid URL where a JSON definition is located. More details here.

Release 1.2

Release 1.2.3

VMware RabbitMQ 1.2.3 is a security release which has two changes only. Erlang is now updated to version 24.3.4.4 to include the fix for CVE-2022-37026 and RabbitMQ is now updated to 3.9.23. Everything else remains the same as the 1.2.2 release.

Release 1.2.2

VMware RabbitMQ 1.2.2 contains the following packages and changes

• RabbitMQ 3.9.13
• Erlang 24.1.4
• Cluster Operator 1.11.1
• Topology Operator 1.2.1
• Standby Replication Operator 0.6.0

VMware RabbitMQ OCI

• VMware RabbitMQ now reports the correct version in the startup logs.
• Warm Standby Replication stream client can now connect over TLS to the upstream.

Release notes for individual RabbitMQ versions from 3.9.9 to 3.9.13:

• RabbitMQ 3.9.9
• RabbitMQ 3.9.10
• RabbitMQ 3.9.11
• RabbitMQ 3.9.12
• RabbitMQ 3.9.13

Cluster Operator 1.11.1

• Fixed an incorrect check when the default image pull secret was set to empty string.

Check the release note for Cluster Operator 1.11.1 here.

Release 1.2.1

VMware RabbitMQ 1.2.1 contains the following packages and changes

• RabbitMQ 3.9.8
• Erlang 24.1
• Cluster Operator 1.11.0
• Topology Operator 1.2.1
• Standby Replication Operator 0.6.0

VMware RabbitMQ OCI

• User and group permissions have been adjusted to make the OCI compatible with OpenShift.

Cluster Operator 1.11.0

• Allow a default to be set for imagePullSecrets on operator scope
• Set podSecurityContext.fsGroup to 0 instead of 999
• Bump k8s api 1.22
• Fix port exposure in MQTT/STOMP and WS variants
• Include protocol information in Service ports
• Do not requeue error when disableNonTLSListeners is true and TLS has not been configured

Release 1.2.0

VMware RabbitMQ 1.2 contains the following packages and changes

• RabbitMQ 3.9.8
• Erlang 24.1
• Cluster Operator 1.10.0
• Topology Operator 1.2.1
• Standby Replication Operator 0.6.0

RabbitMQ 3.9.8

Bug Fixes

• When the mandatory flag was used when publishing to classic queues, but publisher confirms were not, channels memory usage would grow indefinitely.
• rabbitmq-diagnostics memory_breakdown failed to read memory of connection reader, writer and channel processes.
• In some environments, Stream replicas advertised IP addresses that could not be reached by cluster peers (eg. IP addresses behind a NAT in a Docker deployment). RabbitMQ node hostnames are now advertised as well so that other peers can resolve them to get an externally visible IP address.

Prometheus Plugin

• More data is exposed via the GET /metrics/detailed endpoint.

Management Plugin

• When setting topic permissions, the list of exchanges in the UI now honors the currently selected virtual host.

Web STOMP Plugin

• STOMP-over-WebSockets connections now can consume from streams.

Commercial Plugins

Warm Standby Replication

• New plugin included in this release.
• This plugin provides the functionality to setup a Warm Standby cluster.
• This plugin allows to replicate messages across two different RabbitMQ clusters over the WAN.

Schema Definition Replication

• Now supports filtering of downstream entities, allowing to exclude users, vhost, queues, etc. from the replication.

Cluster Operator 1.10.0

• Move default image configuration to operator pod environment variables, this allows for easier helm integration
• Reduced log volume by making use of debug level
• Add documented examples for NetworkPolicies

Messaging Topology Operator 1.2.1

• Fixed an issue that would cause endless reconciliations
• Remove update and create permissions for rmq, secrets, and services
• 'Edit' permission to create secrets is necessary for users.rabbitmq.com. The operator supports creating generated credentials for users and therefore needs to be able to create k8s secret.

Standby Replication Operator 1.2.1

Standby Replication Operator is included in this release. This allows for an 'Active Passive toplogy to be configured for VMware RabbitMQ 1.2.

Known Issues and Limitations

None

Resolved Issues

Issue Description	Release Found In	Release Resolved In
VMware RabbitMQ prints incorrect version in the logs.	1.2.1	1.2.2
Warm Standby Replication downstream (standby) worker does not load TLS settings correctly.	1.2.1	1.2.2
In-cluster stream replication over TLS does not work in the case where the inter-node TLS configuration uses the {match_fun, ...} key. This prevents the use of wildcard certificates for Erlang distribution port over TLS.	1.3.1	1.4.0
Invalid default LDAP configuration for the user_dn_pattern.	1.4.0	1.4.1
The command delete_internal_streams_on_standby_replication_upstream_cluster does not seem to work.	1.4.0	1.4.1
Vhosts created with the standby_replication tag using the cli crashes the Standby Message Replication (rabbitmq_standby_replication) plugin.	1.4.0	1.4.1