The most scalable open-source MQTT broker for IoT, IIoT, and connected vehicles
#11725 Introduced the LDAP as a new authentication and authorization backend.
#11752 Change default RPC driver from 'gen_rpc' to 'rpc' for core-replica database sync.
This improves core-replica data replication latency.
#11785 Allow viewer to change their own passwords, viewer can't change other's password.
#11787 Improve emqx command performance.
Avoid loading EMQX application code in nodetool script unless necessary.
#11790 Added validation of Redis commands configured in Redis authorization source.
Also, improved Redis command parsing in authentication and authorization
so that it is redis-cli compatible and supports quoted arguments.
#11541 Introduced additional way of file transfer interactions. Now client may send file transfer commands to $file-async/... topic instead of $file/... and receive command execution results as messages to $file-response/{clientId} topic.
This simplifies file transfer feature usage in certain cases, for example, when a client uses MQTTv3 or when the broker is behind an MQTT bridge.
See the EIP-0021 for more details.
#11757 Fixed 500 error response when downloading non-existent trace files, now returns 404.
#11762 Fixed destruction of built_in_database authorization source. Now all the ACL records are removed when the authorization source is destroyed. Previosly, old records were left in the database, which could cause problems when creating authorization source back.
#11771 Fixed validation of Bcrypt salt rounds in authentication management through the API/Dashboard.
#11780 Fixed validation of the iterations field of the pbkdf2 password hashing algorithm. Now, iterations must be strictly positive. Previously, it could be set to 0, which led to a nonfunctional authenticator.
#11791 Fixed an issue that prevented heartbeats from correctly keeping the CoAP Gateway connections alive.
#11797 Modified HTTP API behavior for APIs managing the built_in_database authorization source: They will now return a 404 status code if built_in_database is not set as the authorization source, replacing the former 20X response.
#11955 Fix EMQX graceful stop when there is an unavailable MongoDB resource present.
#11975 Resolve redundant error logging on socket closure
Addressed a race condition causing duplicate error logs when a socket is closed by both a peer and the server. Dual socket close events from the OS and EMQX previously led to excessive error logging. The fix improves event handling to avoid redundant error-level logging.
#11987 Fix connection crash when trying to set TCP/SSL socket active_n option.
Prior to this fix, if a socket is already closed when connection process tries to set active_n option, it causes a case_clause crash.
#12044 Fix Redis authorization, authentication, and bridges. Previously connections to Redis servers could not be established because driver was not properly loaded.
#11731 Add file_transfer feature configs to hot-config schema.
#11754 Improved log formatting for Postgres bridge when there are unicode characters in the error messages returned by the driver.
#11725 Introduced the LDAP as a new authentication and authorization backend.
#11752 Change default RPC driver from 'gen_rpc' to 'rpc' for core-replica database sync.
This improves core-replica data replication latency.
#11785 Allow viewer to change their own passwords, viewer can't change other's password.
#11787 Improve emqx command performance.
Avoid loading EMQX application code in nodetool script unless necessary.
#11790 Added validation of Redis commands configured in Redis authorization source.
Also, improved Redis command parsing in authentication and authorization
so that it is redis-cli compatible and supports quoted arguments.
#11541 Introduced additional way of file transfer interactions. Now client may send file transfer commands to $file-async/... topic instead of $file/... and receive command execution results as messages to $file-response/{clientId} topic.
This simplifies file transfer feature usage in certain cases, for example, when a client uses MQTTv3 or when the broker is behind an MQTT bridge.
See the EIP-0021 for more details.
#11757 Fixed 500 error response when downloading non-existent trace files, now returns 404.
#11762 Fixed destruction of built_in_database authorization source. Now all the ACL records are removed when the authorization source is destroyed. Previosly, old records were left in the database, which could cause problems when creating authorization source back.
#11771 Fixed validation of Bcrypt salt rounds in authentication management through the API/Dashboard.
#11780 Fixed validation of the iterations field of the pbkdf2 password hashing algorithm. Now, iterations must be strictly positive. Previously, it could be set to 0, which led to a nonfunctional authenticator.
#11791 Fixed an issue that prevented heartbeats from correctly keeping the CoAP Gateway connections alive.
#11797 Modified HTTP API behavior for APIs managing the built_in_database authorization source: They will now return a 404 status code if built_in_database is not set as the authorization source, replacing the former 20X response.
#11955 Fix EMQX graceful stop when there is an unavailable MongoDB resource present.
#11975 Resolve redundant error logging on socket closure
Addressed a race condition causing duplicate error logs when a socket is closed by both a peer and the server. Dual socket close events from the OS and EMQX previously led to excessive error logging. The fix improves event handling to avoid redundant error-level logging.
#11987 Fix connection crash when trying to set TCP/SSL socket active_n option.
Prior to this fix, if a socket is already closed when connection process tries to set active_n option, it causes a case_clause crash.
#11731 Add file_transfer feature configs to hot-config schema.
#11754 Improved log formatting for Postgres bridge when there are unicode characters in the error messages returned by the driver.
ekka has been upgraded to version 0.15.15, and mria to version 0.6.4.#11565 Upgraded jq library from v0.3.10 to v0.3.11. In this version, jq_port programs are initiated on-demand and will not appear in users' processes unless the jq function in EMQX is used. Additionally, idle jq_port programs will auto-terminate after a set period. Note: Most EMQX users are running jq in NIF mode and will not be affected by this update.
#11676 Hid a few pieces of sensitive information from debug-level logs.
#11697 Disabled outdated TLS versions and cipher suites in the EMQX backplane network (gen_rpc). Added support for tlsv1.3 on the backplane and introduced new configuration parameters: EMQX_RPC__TLS_VERSIONS and EMQX_RPC__CIPHERS.
The corresponding gen_rpc PR: https://github.com/emqx/gen_rpc/pull/36
#11734 Fixed clustering in IPv6 network. Added new configurations rpc.listen_address and rpc.ipv6_only to allow EMQX cluster RPC server and client to use IPv6.
#11747 Updated QUIC stack to msquic 2.2.3.
#11796 Fixed rpc schema to ensure that client/server uses same transport driver.
#11798 Fixed the issue where the node could not start after executing ./bin/emqx data import [FILE].
The connection between apikey_key and apikey_name is also enhanced for better consistency and unique identification.
apikey_key: When generating an API key via the dashboard, apikey_key will now create a unique value derived from the provided human-readable apikey_name.apikey_name Conversely, when using a bootstrap file to generate an API key, apikey_name will be generated as a unique value based on the associated apikey_key.#11813 Fixed the schema to ensure that RPC client SSL port aligns with the configured server port. This fix also guarantees that the RPC ports are correctly opened in the Helm chart.
#11819 Upgraded opentelemetry library to v1.3.1-emqx. This opentelemetry release fixes invalid metrics timestamps in the exported metrics.
#11861 Fixed excessive warning message printed in remote console shell.
#11733 Resolved an incompatibility issue that caused crashes during session takeover or channel eviction when the session was located on a remote node running EMQX v5.2.x or an earlier version.
#11750 Eliminated logging and tracing of HTTP request bodies in HTTP authentification and HTTP bridges.
#11886 Fixed backward plugin compatibility. Currently, EMQX validates hook point names, and invalid hook points cannot be used for hook registration. However, some older versions of plugin templates used misspelled hook points, and actual plugins in use may also have this issue. To maintain compatibility with these older plugins, we allow the use of the old hook points for hook registration, but we issue deprecated warnings for them. As before, these hooks will not be called.
#11897 Fixed the issue of waiting for a loop race condition during node configuration synchronization when cluster nodes are started approximately at the same time.
#11637 Added extra diagnostic checks to help debug issues when mnesia is stuck waiting for tables. Library Updates: ekka has been upgraded to version 0.15.15, and mria to version 0.6.4.
#11581 Feature Preview: Planned for EMQX v5.4.0, introducing the concepts of Connector and Action base on data bridge. The existing data bridge will be gradually migrated to Connector and Action. Connector are designed to manage the integration with external systems, while Actions are solely used to configure the data processing methods. Connector can be reused across multiple Actions, providing greater flexibility and scalability. Currently, the migration has been completed for Kafka producer and Azure Event Hub producer.
The Dashboard now supports MQTT 5.0 publish attribute settings for the rule engine's message republish action, allowing users more flexibility in publishing messages.
#11565 Upgraded jq library from v0.3.10 to v0.3.11. In this version, jq_port programs are initiated on-demand and will not appear in users' processes unless the jq function in EMQX is used. Additionally, idle jq_port programs will auto-terminate after a set period. Note: Most EMQX users are running jq in NIF mode and will not be affected by this update.
#11676 Hid a few pieces of sensitive information from debug-level logs.
#11697 Disabled outdated TLS versions and cipher suites in the EMQX backplane network (gen_rpc). Added support for tlsv1.3 on the backplane and introduced new configuration parameters: EMQX_RPC__TLS_VERSIONS and EMQX_RPC__CIPHERS.
The corresponding gen_rpc PR: https://github.com/emqx/gen_rpc/pull/36
#11734 Fixed clustering in IPv6 network. Added new configurations rpc.listen_address and rpc.ipv6_only to allow EMQX cluster RPC server and client to use IPv6.
#11747 Updated QUIC stack to msquic 2.2.3.
#11796 Fixed rpc schema to ensure that client/server uses same transport driver.
#11798 Fixed the issue where the node could not start after executing ./bin/emqx data import [FILE].
The connection between apikey_key and apikey_name is also enhanced for better consistency and unique identification.
apikey_key: When generating an API key via the dashboard, apikey_key will now create a unique value derived from the provided human-readable apikey_name.apikey_name Conversely, when using a bootstrap file to generate an API key, apikey_name will be generated as a unique value based on the associated apikey_key.#11813 Fixed the schema to ensure that RPC client SSL port aligns with the configured server port. This fix also guarantees that the RPC ports are correctly opened in the Helm chart.
#11819 Upgraded opentelemetry library to v1.3.1-emqx. This opentelemetry release fixes invalid metrics timestamps in the exported metrics.
#11861 Fixed excessive warning message printed in remote console shell.
#11722 Fixed an issue where a Kafka Producer bridge with sync query mode would not buffer messages when in the connecting state.
#11724 Fixed a metrics-related issue where messages sent to Kafka would be counted as failed even when they were successfully transmitted afterward due to internal buffering.
#11728 Enhanced the LDAP filter string parser with the following improvements:
dn as a filter value.#11733 Resolved an incompatibility issue that caused crashes during session takeover or channel eviction when the session was located on a remote node running EMQX v5.2.x or an earlier version.
#11750 Eliminated logging and tracing of HTTP request bodies in HTTP authentification and HTTP bridges.
#11760 Simplified the CQL query used for the Cassandra bridge health check, which was previously generating warnings in the Cassandra server logs.
#11886 Fixed backward plugin compatibility.
Currently, EMQX validates hook point names, and invalid hook points cannot be used for hook registration. However, some older versions of plugin templates used misspelled hook points, and actual plugins in use may also have this issue. To maintain compatibility with these older plugins, we allow the use of the old hook points for hook registration, but we issue deprecated warnings for them. As before, these hooks will not be called.
#11897 Fixed the issue of waiting for a loop race condition during node configuration synchronization when cluster nodes are started approximately at the same time.
#11637 Added an extra diagnostic to help debug issues when mnesia is waiting for tables.
Updated libraries: ekka -> 0.15.15, mria -> 0.6.4.
#11676 Hide few pieces of sensitive information from debug-level logs.
#11697 Disable outdated TLS versions and ciphersuites in the EMQX backplane network (gen_rpc).
Allow using tlsv1.3 on the backplane.
Add new configuration parameters: EMQX_RPC__TLS_VERSIONS and EMQX_RPC__CIPHERS.
The corresponding gen_rpc PR: https://github.com/emqx/gen_rpc/pull/36
#11734 Fix clustering in IPv6 network.
Added new configurations rpc.listen_address and rpc.ipv6_only to allow EMQX cluster RPC server and client to use IPv6.
#11722 Fixed an issue where a Kafka Producer bridge with sync query mode would not buffer messages when in the connecting state.
#11728 Improved the LDAP filter string parser:
dn.#11637 Added an extra diagnostic to help debug issues when mnesia is waiting for tables.
Updated libraries: ekka -> 0.15.15, mria -> 0.6.4.
#11676 Hide few pieces of sensitive information from debug-level logs.
#11697 Disable outdated TLS versions and ciphersuites in the EMQX backplane network (gen_rpc).
Allow using tlsv1.3 on the backplane.
Add new configuration parameters: EMQX_RPC__TLS_VERSIONS and EMQX_RPC__CIPHERS.
The corresponding gen_rpc PR: https://github.com/emqx/gen_rpc/pull/36
#11734 Fix clustering in IPv6 network.
Added new configurations rpc.listen_address and rpc.ipv6_only to allow EMQX cluster RPC server and client to use IPv6.
#11610 Implemented a preliminary Role-Based Access Control for the Dashboard.
In this version, there are two predefined roles:
Administrator: This role could access all resources.
Viewer: This role can only view resources and data, corresponding to all GET requests in the REST API.
#11631 Added Single Sign-On (SSO) feature and integrated with LDAP.
#11656 Integrated the SAML 2.0 Support for SSO.
#11599 Supported audit logs to record operations from CLI, REST API, and Dashboard in separate log files.
node.default_bootstrap_batch_size option to EMQX configuration.
Increasing the value of this option can greatly reduce a replicant node startup time, especially when the EMQX cluster interconnect network latency is high and the EMQX built-in database holds a large amount of data, e.g. when the number of subscriptions is high.bytesize to get the size of a byte-string. e.g. SELECT * FROM "t/#" WHERE bytesize(payload) > 10.infinity on file log handlers.emqx stop command):
esockd from 5.9.6 to 5.9.7. This upgrade included:
ssl_error exceptions to info-level logging. esockd pr#180
error to info.emqx ctl listeners output, the shutdown_count counter is incremented
when TLS handshake failure (ssl_error) or Malformed packet (frame_error) happens.logout endpoint for HTTP clients using API Keys to authenticate, as this endpoint is for the Dashboard only.