RabbitMQ 3.6.9
RabbitMQ 3.6.9
RabbitMQ 3.6.9
is a security and maintenance release.
Upgrades and Compatibility
See the "Upgrading clusters" section of the documentation
for general documentation on upgrades.
This release has no incompatibilities with 3.6.7. See 3.6.7 release notes
upgrade and compatibility notes if upgrading from an earlier release.
Management and Management Agent Plugins
Security Vulnerability Patches
Details for the CVEs below are pending publication.
CVE-2017-4965
: XSS vulnerabilities in management UICVE-2017-4966
: authentication details are stored in browser-local storage without expirationCVE-2017-4967
: XSS vulnerabilities in management UI
As part of the patch addressing CVE-2017-4966
management UI sessions were limited to 8 hours.
Bug Fixes
-
Certain TCP and TLS listener configuration settings could break JSON serialisation of
GET /api/overview
responses.GitHub issues: rabbitmq-management-agent#39,
rabbitmq-management#364,
rabbitmq-management-agent#36
Federation Plugin
Bug Fixes
-
More numerical types are now handled for the "hops" property.
GitHub issue: rabbitmq-federation#56
.NET Client
Bug Fixes
-
Calling ExchangeBind more than once with the same arguments threw an exception.
GitHub issues: rabbitmq-dotnet-client#314,
rabbitmq-dotnet-client#317
Upgrading
To upgrade a non-clustered RabbitMQ simply install the new version. All configuration and persistent message data are retained. When upgrading using definitions export/import from versions earlier than 3.6.0, see http://rabbitmq.com/passwords.html.
To upgrade a RabbitMQ cluster, follow the instructions in RabbitMQ documentation.
Source code archives
Warning: The source code archive provided by GitHub only contains the source of the broker,
not the plugins or the client libraries. Please download the archive named rabbitmq-3.6.9.tar.gz
.