RabbitMQ v3.7.28 Release Notes
Release Date: 2020-08-17 // over 3 years ago-
RabbitMQ 3.7.28
๐ RabbitMQ
3.7.28
is a security patch release.๐ RabbitMQ
3.7.x
series are out of general support and covered by the limited extended support policy
through October 1st, 2020.
โฌ๏ธ Please consider upgrading to RabbitMQ3.8.x
.๐ RabbitMQ Core team would like to thank Ofir Hamam and Tomer Hadad at Ernst & Young's Hacktics Advanced Security Center
๐ for researching and responsibly disclosing the vulnerability addressed in this release.Erlang/OTP Compatibility Notes
๐ This release no longer supports Erlang/OTP 20.3.
Erlang21.3+
is now a hard requirement checked on node startup.โฌ๏ธ Make sure a supported Erlang version is used before upgrading.
๐ Provisioning Latest Erlang Releases explains
๐ฆ what package repositories and tools can be used to provision latest patch versions of Erlang21.3.x
and22.x
.Compatibility Notes
โฌ๏ธ Upgrading to Erlang 21.x or Later Versions
โฌ๏ธ When upgrading to this release and upgrading Erlang to 21.x or later at the same time, extra care has to be taken.
๐ Since CLI tools from RabbitMQ releases older than 3.7.7 will fail on Erlang 21 or later,
โฌ๏ธ RabbitMQ must be upgraded before Erlang.โฌ๏ธ Upgrade Doc Guides and Change Log
๐ See 3.7.0 release notes upgrade
๐ and compatibility notes first if upgrading from an earlier release.๐ See the Upgrading guide for general documentation on upgrades
๐ and RabbitMQ change log for release notes of other releases.Getting Help
๐ Any questions about this release, upgrades or RabbitMQ in general are welcome on the
RabbitMQ mailing list.๐ Changes
Core Server
๐ Bug Fixes
โ Addressed a Windows-specific binary planting security vulnerability CVE-2020-5419 that allowed for arbitrary code execution.
The vulnerability requires the attacker to have local access and elevated privileges,
and cannot be executed remotely.๐ป CVSS score:
6.7
(medium severity).๐ This vulnerability was researched and responsibly disclosed by
๐ Ofir Hamam and Tomer Hadad at Ernst & Young's Hacktics Advanced Security Center.Source code archives
โ Warning : The source code archive provided by GitHub only contains the source of the broker,
๐ not the plugins or the client libraries. Please download the archive namedrabbitmq-server-3.7.28.tar.xz
.