Releases
v2.2.0
Changelog
Go Version
1.16.2: Both release executables and Docker images are built with this Go release.
Added
JetStream, our new persistence offering (https://docs.nats.io/jetstream/jetstream )
Websocket support (https://docs.nats.io/nats-server/configuration/websocket ) (#1309 )
Websocket Leafnode connections (#1858 )
Cookie JWT authentication for Websocket. Thanks to #pas2k for the contribution (#1477 )
MQTT Support (https://docs.nats.io/nats-server/configuration/mqtt ) (#1754 )
Allow BearerToken as MQTT authentication method. Thanks to @angiglesias for the contribution (#1840 )
Monitoring:
New Endpoint: jsz
for JetStream (#1881 )
New Endpoint /accountz
(#1611 )
Value of GOMAXPROCS in /varz
endpoint (#1304 )
Ability to include subscription details in monitoring responses (#1318 )
Endpoints now available via system services (#1362 )
Base path for monitoring endpoints. Thanks to @guilherme-santos for the contribution (#1392 )
Filtering by account for /leafz
and exposing this as per account subject (#1612 )
Support for tags and filter PING monitoring requests by tags (#1832 )
JWT/IssuerKey/NameTag/Tags to monitoring and event endpoints (#1830 )
tls_required
, tls_verify
and tls_timeout
to Cluster/Gateway/Leafnode sections under /varz
(#1854 )
Operator JWT to /varz
(#1862 )
system_account
to /varz
(#1898 )
Options
lame_duck_grace_period
(#1460 )
sys_trace
or --sys_trace
command line to trace the system account (#1295 )
resolver_tls
to specify TLS configuration for account resolver. Thanks to @JnMik for the report (#1272 )
allowed_connection_types
to restrict which type connections (STANDARD, WEBSOCKET, etc..) can authenticate with a specific user (#1594 )
verify_cert_and_check_known_urls
to tie subject ALT name to URL in configuration (#1727 )
account_token_position
to simplify the securing of imports without requiring a token (#1874 )
Support for JWT BearerToken (#1226 )
Accounts default permissions (#1398 )
Printing of the configuration file being used in the startup banner. Thanks to @rmoriz for the report (#1473 )
Checks for CIDR blocks and connect time ranges specified in JWTs (#1567 )
Support for route hostname resolution. Thanks to @israellot for the report (#1590 )
Account name checks for Leafnodes in operator mode (#1739 )
User JWT payload and subscriber limits (#1570 )
Ability to use JWT latency sampling properties "headers" and "share" (#1776 )
Support for wildcard services and import remapping by JWT (#1790 )
Support for JWT export response threshold (#1793 )
Enforcement and usage of scoped signing keys (#1805 )
Support for StrictSigningKeyUsage (#1845 )
Support for JWT based account mappings (#1897 )
Build for mips64le platform. Thanks to @duchuanLX for the contribution (#1885 )
Changed
nats.io
resources from HTTP to HTTPS. Thanks to @DavidSimner for the contribution (#1596 )
Default TLS and Authentication timeouts, to 2 seconds and TLS timeout + 1 second respectively (#1633 )
Gateways:
Connections now always send PINGs (the server otherwise will sometime suppress PINGs) (#1692 )
Log statements regarding Interest-only mode switch is now DBG
instead of INF
(#2002 )
Enforce max_control_line
for client connections only. The enforcement was previously happening only in case of handling of a partial protocol (#1850 )
Improved
Better support for distinguishedNameMatch in TLS authentication (#1577 )
Updated
Various dependencies, notably JWT and NKeys (#2004 )
Fixed
Log file size limit not honored after re-open signal (#1438 )
Leafnode issues
Unsubscribe may not be propagated correctly (#1455 )
TLSMap authentication override (#1470 )
Solicit failure race could leave the connection registered (#1475 )
Loop detection may prevent early reconnect (#1607 )
Possible panic when server accepts TLS Leafnode connection (#1652 )
Duplicate queue messages in complex routing setup (#1725 )
Reject duplicate remote (#1738 )
Route parser error. Thanks to @wuddl6 for the report (#1745 )
Configuration reload for remote TLS configurations (#1771 )
Connection issues if scheme was not tls://
in some instances (#1846 )
Gateway issues:
Implicit reconnection (#1785 )
Implicit connection not using global username/password. Thanks to @DavidSimner for the report (#1915 )
System account incorrect tracking of gateways routed replies (#1749 )
Configuration reload for remote TLS configurations (#1771 )
Connection name in log statement for some IPv6 addresses (#1506 )
Handling of real duplicate subscriptions (same subscription ID sent by clients) (#1507 )
Handling of gossiped URLs (#1517 )
Queue subscriptions not able to receive system events (#1530 )
JWT:
Revocation checks (#1632 , #1645 )
Validation of private imports (tokens) did return a warning instead of an error (#2004 )
Detect service import cycles (#1731 )
Syslog warning trace as a "INF" instead of "WRN". Thanks to @paoloteti for the contribution (#1788 )
Monitoring endpoint /connz
may report incorrect user. Thanks to @nqd for the report (#1800 )
Complete Changes
v2.1.9...v2.2.0
You can’t perform that action at this time.