v5.7.0
版本发布时间: 2024-05-28 00:09:30
emqx/emqx最新发布版本:v5.8.4(2024-12-27 14:15:44)
Enhancements
MQTT
Implemented Durable Sessions, which persists MQTT Persistent Sessions and their messages to disk, and continuously replicates session metadata and MQTT messages among multiple nodes in the EMQX cluster. This achieves effective failover and recovery mechanisms, ensuring service continuity and high availability, thereby enhancing system reliability. Added metrics related to EMQX durable storage to Prometheus:
-
emqx_ds_egress_batches
-
emqx_ds_egress_batches_retry
-
emqx_ds_egress_batches_failed
-
emqx_ds_egress_messages
-
emqx_ds_egress_bytes
-
emqx_ds_egress_flush_time
-
emqx_ds_store_batch_time
-
emqx_ds_builtin_next_time
-
emqx_ds_storage_bitfield_lts_counter_seek
-
emqx_ds_storage_bitfield_lts_counter_next
-
emqx_ds_storage_bitfield_lts_counter_collision
Note: these metrics are only visible when session persistence is enabled. The number of persisted messages has also been added to the Dashboard.
Security
-
#12947 For JWT authentication, support new
disconnect_after_expire
option. When enabled, the client will be disconnected after the JWT token expires.
Note: This is a breaking change. This option is enabled by default, so the default behavior is changed. Previously, the clients with actual JWTs could connect to the broker and stay connected even after the JWT token expired. Now, the client will be disconnected after the JWT token expires. To preserve the previous behavior, set disconnect_after_expire
to false
.
Data Processing and Integration
-
#12671 An
unescape
function has been added to the rule engine SQL language to handle the expansion of escape sequences in strings. This addition has been done because string literals in the SQL language don't support any escape codes (e.g.,\n
and\t
). This enhancement allows for more flexible string manipulation within SQL expressions.
Extensibility
-
#12872 Implemented Client Attributes feature. It allows setting additional properties for each client using key-value pairs. Property values can be generated from MQTT client connection information (such as username, client ID, TLS certificate) or set from data accompanying successful authentication returns. Properties can be used in EMQX for authentication, authorization, data integration, and MQTT extension functions. Compared to using static properties like client ID directly, client properties offer greater flexibility in various business scenarios, simplifying the development process and enhancing adaptability and efficiency in development work. Initialization of
client_attrs
Theclient_attrs
fields can be initially populated from one of the followingclientinfo
fields:-
cn
: The common name from the TLS client's certificate. -
dn
: The distinguished name from the TLS client's certificate, that is, the certificate "Subject". -
clientid
: The MQTT client ID provided by the client. -
username
: The username provided by the client. -
user_property
: Extract a property value from 'User-Property' of the MQTT CONNECT packet.
Extension through Authentication Responses Additional attributes may be merged into
client_attrs
from authentication responses. Supported authentication backends include:-
HTTP: Attributes can be included in the JSON object of the HTTP response body through a
client_attrs
field. -
JWT: Attributes can be included via a
client_attrs
claim within the JWT.
Usage in Authentication and Authorization If
client_attrs
is initialized before authentication, it can be used in external authentication requests. For instance,${client_attrs.property1}
can be used within request templates directed at an HTTP server for authenticity validation.- The
client_attrs
can be utilized in authorization configurations or request templates, enhancing flexibility and control. Examples include: Inacl.conf
, use{allow, all, all, ["${client_attrs.namespace}/#"]}
to apply permissions based on thenamespace
attribute. - In other authorization backends,
${client_attrs.namespace}
can be used within request templates to dynamically include client attributes.
-
-
#12910 Added plugin configuration management and schema validation. For EMQX enterprise edition, one can also annotate the schema with metadata to facilitate UI rendering in the Dashboard. See more details in the plugin template and plugin documentation.
Operations and Management
-
#12923 Provided more specific error when importing wrong format into builtin authenticate database.
-
#12940 Added
ignore_readonly
argument toPUT /configs
API. Before this change, EMQX would return 400 (BAD_REQUEST) if the raw config included read-only root keys (cluster
,rpc
, andnode
). After this enhancement it can be called asPUT /configs?ignore_readonly=true
, EMQX will in this case ignore readonly root config keys, and apply the rest. For observability purposes, an info level message is logged if any readonly keys are dropped. Also fixed an exception when config has bad HOCON syntax (returns 500). Now bad syntax will cause the API to return 400 (BAD_REQUEST). -
#12957 Started building packages for macOS 14 (Apple Silicon) and Ubuntu 24.04 Noble Numbat (LTS).
Bug Fixes
Security
-
#12887 Fixed MQTT enhanced auth with sasl scram.
-
#12962 TLS clients can now verify server hostname against wildcard certificate. For example, if a certificate is issued for host
*.example.com
, TLS clients is able to verify server hostnames likesrv1.example.com
.
MQTT
-
#12996 Fixed process leak in
emqx_retainer
application. Previously, client disconnection while receiving retained messages could cause a process leak.
Data Processing and Integration
-
#12653 The rule engine function
bin2hexstr
now supports bitstring inputs with a bit size that is not divisible by 8. Such bitstrings can be returned by the rule engine functionsubbits
. -
#12657 The rule engine SQL-based language previously did not allow putting any expressions as array elements in array literals (only constants and variable references were allowed). This has now been fixed so that one can use any expressions as array elements. The following is now permitted, for example:
select [21 + 21, abs(-abs(-2)), [1 + 1], 4] as my_array from "t/#"
-
#12932 Previously, if a HTTP action request received a 503 (Service Unavailable) status, it was marked as a failure and the request was not retried. This has now been fixed so that the request is retried a configurable number of times.
-
#12948 Fixed an issue where sensitive HTTP header values like
Authorization
would be substituted by******
after updating a connector. -
#13118 Fix a performance issue in the rule engine template rendering.
Observability
-
#12765 Make sure stats
subscribers.count
subscribers.max
contains shared-subscribers. It only contains non-shared subscribers previously.
Operations and Management
-
#12812 Made resource health checks non-blocking operations. This means that operations such as updating or removing a resource won't be blocked by a lengthy running health check.
-
#12830 Made channel (action/source) health checks non-blocking operations. This means that operations such as updating or removing an action/source data integration won't be blocked by a lengthy running health check.
-
#12993 Fixed listener config update API when handling an unknown zone. Before this fix, when a listener config is updated with an unknown zone, for example
{"zone": "unknown"}
, the change would be accepted, causing all clients to crash whens connected. After this fix, updating the listener with an unknown zone name will get a "Bad request" response. -
#13012 The MQTT listerners config option
access_rules
has been improved in the following ways:- The listener no longer crash with an incomprehensible error message if a non-valid access rule is configured. Instead a configuration error is generated.
- One can now add several rules in a single string by separating them by comma (for example, "allow 10.0.1.0/24, deny all").
-
#13041 Improved HTTP authentication error log message. If HTTP content-type header is missing for POST method, it now emits a meaningful error message instead of a less readable exception with stack trace.
-
#13077 This fix makes EMQX only read action configurations from the global configuration when the connector starts or restarts, and instead stores the latest configurations for the actions in the connector. Previously, updates to action configurations would sometimes not take effect without disabling and enabling the action. This means that an action could sometimes run with the old (previous) configuration even though it would look like the action configuration has been updated successfully.
-
#13090 Attempting to start an action or source whose connector is disabled will no longer attempt to start the connector itself.
Gateways
-
#12909 Fixed UDP listener process handling on errors or closure, The fix ensures the UDP listener is cleanly stopped and restarted as needed if these error conditions occur.
-
#13001 Fixed an issue where the syskeeper forwarder would never reconnect when the connection was lost.
-
#13010 Fixed the issue where the JT/T 808 gateway could not correctly reply to the REGISTER_ACK message when requesting authentication from the registration service failed.
Breaking Changes
-
#12947 For JWT authentication, a new boolean option
disconnect_after_expire
has been added with default value set totrue
. When enabled, the client will be disconnected after the JWT token expires.Previously, the clients with actual JWTs could connect to the broker and stay connected even after the JWT token expired. Now, the client will be disconnected after the JWT token expires. To preserve the previous behavior, set
disconnect_after_expire
tofalse
. -
#12957 Stopped building packages for macOS 12.
1、 emqx-5.7.0-amzn2-amd64.rpm 58.76MB
2、 emqx-5.7.0-amzn2-amd64.rpm.sha256 64B
3、 emqx-5.7.0-amzn2-amd64.tar.gz 86.55MB
4、 emqx-5.7.0-amzn2-amd64.tar.gz.sha256 64B
5、 emqx-5.7.0-amzn2-arm64.rpm 57.77MB
6、 emqx-5.7.0-amzn2-arm64.rpm.sha256 64B
7、 emqx-5.7.0-amzn2-arm64.tar.gz 84.12MB
8、 emqx-5.7.0-amzn2-arm64.tar.gz.sha256 64B
9、 emqx-5.7.0-amzn2023-amd64.rpm 44.25MB
10、 emqx-5.7.0-amzn2023-amd64.rpm.sha256 64B
11、 emqx-5.7.0-amzn2023-amd64.tar.gz 88.76MB
12、 emqx-5.7.0-amzn2023-amd64.tar.gz.sha256 64B
13、 emqx-5.7.0-amzn2023-arm64.rpm 44.01MB
14、 emqx-5.7.0-amzn2023-arm64.rpm.sha256 64B
15、 emqx-5.7.0-amzn2023-arm64.tar.gz 85.75MB
16、 emqx-5.7.0-amzn2023-arm64.tar.gz.sha256 64B
17、 emqx-5.7.0-debian10-amd64.deb 42.26MB
18、 emqx-5.7.0-debian10-amd64.deb.sha256 64B
19、 emqx-5.7.0-debian10-amd64.tar.gz 90.55MB
20、 emqx-5.7.0-debian10-amd64.tar.gz.sha256 64B
21、 emqx-5.7.0-debian10-arm64.deb 41.02MB
22、 emqx-5.7.0-debian10-arm64.deb.sha256 64B
23、 emqx-5.7.0-debian10-arm64.tar.gz 87.52MB
24、 emqx-5.7.0-debian10-arm64.tar.gz.sha256 64B
25、 emqx-5.7.0-debian11-amd64.deb 42.32MB
26、 emqx-5.7.0-debian11-amd64.deb.sha256 64B
27、 emqx-5.7.0-debian11-amd64.tar.gz 88.78MB
28、 emqx-5.7.0-debian11-amd64.tar.gz.sha256 64B
29、 emqx-5.7.0-debian11-arm64.deb 41.09MB
30、 emqx-5.7.0-debian11-arm64.deb.sha256 64B
31、 emqx-5.7.0-debian11-arm64.tar.gz 85.74MB
32、 emqx-5.7.0-debian11-arm64.tar.gz.sha256 64B
33、 emqx-5.7.0-debian12-amd64.deb 42.36MB
34、 emqx-5.7.0-debian12-amd64.deb.sha256 64B
35、 emqx-5.7.0-debian12-amd64.tar.gz 88.88MB
36、 emqx-5.7.0-debian12-amd64.tar.gz.sha256 64B
37、 emqx-5.7.0-debian12-arm64.deb 41.13MB
38、 emqx-5.7.0-debian12-arm64.deb.sha256 64B
39、 emqx-5.7.0-debian12-arm64.tar.gz 85.67MB
40、 emqx-5.7.0-debian12-arm64.tar.gz.sha256 64B
41、 emqx-5.7.0-el7-amd64.rpm 58.71MB
42、 emqx-5.7.0-el7-amd64.rpm.sha256 64B
43、 emqx-5.7.0-el7-amd64.tar.gz 78.75MB
44、 emqx-5.7.0-el7-amd64.tar.gz.sha256 64B
45、 emqx-5.7.0-el7-arm64.rpm 57.49MB
46、 emqx-5.7.0-el7-arm64.rpm.sha256 64B
47、 emqx-5.7.0-el7-arm64.tar.gz 77.23MB
48、 emqx-5.7.0-el7-arm64.tar.gz.sha256 64B
49、 emqx-5.7.0-el8-amd64.rpm 52.98MB
50、 emqx-5.7.0-el8-amd64.rpm.sha256 64B
51、 emqx-5.7.0-el8-amd64.tar.gz 90.63MB
52、 emqx-5.7.0-el8-amd64.tar.gz.sha256 64B
53、 emqx-5.7.0-el8-arm64.rpm 51.68MB
54、 emqx-5.7.0-el8-arm64.rpm.sha256 64B
55、 emqx-5.7.0-el8-arm64.tar.gz 87.6MB
56、 emqx-5.7.0-el8-arm64.tar.gz.sha256 64B
57、 emqx-5.7.0-el9-amd64.rpm 44.29MB
58、 emqx-5.7.0-el9-amd64.rpm.sha256 64B
59、 emqx-5.7.0-el9-amd64.tar.gz 88.75MB
60、 emqx-5.7.0-el9-amd64.tar.gz.sha256 64B
61、 emqx-5.7.0-el9-arm64.rpm 43.93MB
62、 emqx-5.7.0-el9-arm64.rpm.sha256 64B
63、 emqx-5.7.0-el9-arm64.tar.gz 85.75MB
64、 emqx-5.7.0-el9-arm64.tar.gz.sha256 64B
65、 emqx-5.7.0-elixir-ubuntu22.04-amd64.tar.gz 96.98MB
66、 emqx-5.7.0-elixir-ubuntu22.04-amd64.tar.gz.sha256 64B
67、 emqx-5.7.0-macos13-amd64.zip 54.48MB
68、 emqx-5.7.0-macos13-amd64.zip.sha256 65B
69、 emqx-5.7.0-macos14-arm64.zip 53.76MB
70、 emqx-5.7.0-macos14-arm64.zip.sha256 65B
71、 emqx-5.7.0-ubuntu18.04-amd64.deb 42.64MB
72、 emqx-5.7.0-ubuntu18.04-amd64.deb.sha256 64B
73、 emqx-5.7.0-ubuntu18.04-amd64.tar.gz 86.78MB
74、 emqx-5.7.0-ubuntu18.04-amd64.tar.gz.sha256 64B
75、 emqx-5.7.0-ubuntu18.04-arm64.deb 41.07MB
76、 emqx-5.7.0-ubuntu18.04-arm64.deb.sha256 64B
77、 emqx-5.7.0-ubuntu18.04-arm64.tar.gz 83.47MB
78、 emqx-5.7.0-ubuntu18.04-arm64.tar.gz.sha256 64B
79、 emqx-5.7.0-ubuntu20.04-amd64.deb 42.56MB
80、 emqx-5.7.0-ubuntu20.04-amd64.deb.sha256 64B
81、 emqx-5.7.0-ubuntu20.04-amd64.tar.gz 91.78MB
82、 emqx-5.7.0-ubuntu20.04-amd64.tar.gz.sha256 64B
83、 emqx-5.7.0-ubuntu20.04-arm64.deb 41.18MB
84、 emqx-5.7.0-ubuntu20.04-arm64.deb.sha256 64B
85、 emqx-5.7.0-ubuntu20.04-arm64.tar.gz 88.64MB
86、 emqx-5.7.0-ubuntu20.04-arm64.tar.gz.sha256 64B
87、 emqx-5.7.0-ubuntu22.04-amd64.deb 43.73MB
88、 emqx-5.7.0-ubuntu22.04-amd64.deb.sha256 64B
89、 emqx-5.7.0-ubuntu22.04-amd64.tar.gz 89.31MB
90、 emqx-5.7.0-ubuntu22.04-amd64.tar.gz.sha256 64B
91、 emqx-5.7.0-ubuntu22.04-arm64.deb 43.61MB
92、 emqx-5.7.0-ubuntu22.04-arm64.deb.sha256 64B
93、 emqx-5.7.0-ubuntu22.04-arm64.tar.gz 86.24MB
94、 emqx-5.7.0-ubuntu22.04-arm64.tar.gz.sha256 64B
95、 emqx-5.7.0-ubuntu24.04-amd64.deb 43.62MB
96、 emqx-5.7.0-ubuntu24.04-amd64.deb.sha256 64B
97、 emqx-5.7.0-ubuntu24.04-amd64.tar.gz 89.31MB
98、 emqx-5.7.0-ubuntu24.04-amd64.tar.gz.sha256 64B
99、 emqx-5.7.0-ubuntu24.04-arm64.deb 43.35MB
100、 emqx-5.7.0-ubuntu24.04-arm64.deb.sha256 64B
101、 emqx-5.7.0-ubuntu24.04-arm64.tar.gz 86.31MB