Headline
CVE-2022-28357: Releases · nats-io/nats-server
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.
Release v2.9.22
Changelog****Go Version
- 1.20.8 (updated out-of-cycle since Go 1.19 is now EOL)
Dependencies
- github.com/nats-io/jwt/v2 v2.5.0
- golang.org/x/crypto v0.12.0
- golang.org/x/sys v0.11.0
Improved
Monitoring
- CORS Allow-Origin passthrough for monitoring server (#4423) Thanks to @mdawar for the contribution!
JetStream
- Improve consumer scaling reliability with filters and cluster restart (#4404)
- Send event on lame duck mode (LDM) to avoid placing assets on shutting down nodes (#4405)
- Skip filestore tombstones if downgrade from 2.10 occurs (#4452)
- Adjust delivered and waiting count when consumer message delivery fails (#4472)
Fixed
Config
- Allow empty configs and fix JSON compatibility (#4394, #4418)
- Remove TLS OCSP debug log on reload (#4453)
Monitoring
- Fix Content-Type header when /healthz is not 200 OK (#4437) Thanks to @mdawar for the contribution!
- Fix server /connz idle time sorting (#4463) Thanks to @mdawar for the contribution!
- Interface conversion bug which could cause a panic when calling /ipqueuesz endpoint (#4477)
Leafnode
- Fix race condition which could affect propagating interest over leafnode connections (#4464)
JetStream
- Fix possible deadlock in checking for drift in the usage reporting when storing a message (#4411)
- Durable pull consumers could get cleaned up incorrectly on leader change (#4412)
- Moving an R1 stream could sometimes lose all messages (#4413)
- Prevent peer-remove of an R1 stream which could result in the stream becoming orphaned (#4420)
- Ensure consumer ack pending is less than max ack pending on state restore (#4427)
- Ensure to reset election timer when catching up (#4428) Thanks to @yuzhou-nj for the report!
- Auto step-down Raft leader if an entry is missing on a catchup request (#4432)
- Fix PurgeEx with keep having deletes in blocks (#4431)
- Update global subject index when message blocks expire (#4439)
- Ensure max messages per subject is respected after update (#4446) Thanks to @anthonyjacques20 for the report!
- Ignore and remove empty message blocks on rebuild (#4447)
- Fix possible accounting discrepancy on message write (#4455)
- Fix potential message duplication from stream sources when downgrading from 2.10 (#4454)
- Check for checksum violations for all records before sequence processing (#4465)
- Fix message block accounting (#4473)
Complete Changes
v2.9.21…v2.9.22
Release v2.9.21
Changelog****Go Version
- 1.19.12
Dependencies
- github.com/klauspost/compress v1.16.7
- github.com/nats-io/nats.go v1.28.0
- go.uber.org/automaxprocs v1.5.3
- golang.org/x/crypto v0.11.0
- golang.org/x/sys v0.10.0
Added
OCSP
- Add fetch, cache, and verification of client CA’s OCSP Response for NATS, WebSocket, and MQTT client mTLS connections (#4362, backported from 2.10)
- Add bi-directional fetch, cache, and verification of CA OCSP Response for LEAF connections (#4362, backported from 2.10)
See ADR-38 OCSP Peer Verification
General
- Add UTC log timestamp option (#4331, backported from 2.10)
Improved
JetStream
- Don’t error to server logs if message was deleted for consumer (#4328)
- Improve publish performance for zero-interest subjects (#4359) Thanks to @antlad for reporting the issue!
- Sync and reset message rejected count to ensure replicas don’t incorrectly discard messages (#4365, #4366)
Fixed
General
- Leaking memory on usage of getHash() (#4329) Thanks to @VuongUranus for reporting the issue!
- Server reload with highly active accounts and service imports could cause panic or dataloss (#4327)
- Fix detection of an unusable configuration file (#4358)
- NOTE: as a side effect of this fix, the server will no longer startup with an empty config file
- Fix a few system service imports going missing after configuration reload (#4360)
OCSP
- Fix local-determination of issuer CA at startup (#4362)
- Remove constraint that all (super)cluster node peers must be issued by the same CA (#4362)
Embedded
- Don’t require TLS for in-process client connection (#4323)
JetStream
- Fix serializability guarantee for concurrent publish when using expected-last-subject-sequence (#4319)
- Report correct consumer count in paged list response (#4339)
- Fix not validating single token filtered consumer (#4338)
- Fix stream recovery of message block with sequence gaps (#4344)
- Fix panic when re-calculating first sequence of SimpleState info (#4346)
- Fix stream store accounting drift (#4357)
Complete Changes
v2.9.20…v2.9.21
Release v2.9.20
Changelog****Go Version
- 1.19.11
Added
Windows
- Backport 2.10 support for native Windows certificate store (#4268)
Improved
Accounts
- Allow advisories to be exported/imported across accounts (#4302)
JetStream
- Optimize consumer create time on streams with a large number of blocks (#4269)
Fixed
Gateways
- Protect possible data race when reloading accounts (#4274)
Leafnodes
- Prevent zombie subscriptions which could lead to silent data loss when using queue subscriptions (#4299)
WebSocket
- Prevent reporting tls_required when tls_available is not set (#4264)
JetStream
- Prevent corrupting streams actively being restored during health check (#4277) Thank you @vitush93 for the report!
- Prevent encrypted data attempting to be decrypted with an empty key (#4301)
MQTT
- Ensure republished messages from streams are received by MQTT subscriptions (#4303)
Complete Changes
v2.9.19…v2.9.20
Release v2.9.19
Changelog****Go Version
- 1.19.10
Improved
JetStream
- Improve resource utilization when creating mirrors on very high-sequence streams (#4249)
Fixed
WebSocket
- Ensure INFO properties are populated based on the WebSocket listener when enabled (#4255) Thanks to @Envek for reporting the issue!
Complete Changes
v2.9.18…v2.9.19
Release v2.9.18
Changelog****Go Version
- 1.19.10
Dependency Updates
- golang.org/x/crypto v0.9.0 (#4236)
- golang.org/x/sys v0.8.0 (#4236)
- github.com/nats-io/nats.go v1.27.0 (#4239)
Improved
Monitoring
- Optimize /statsz locking and sending in standalone mode (#4235)
JetStream
- Apply ack floor check only for interest-based streams (#4206)
- Improved efficiency and reduced CPU usage of the consumer ack floor check, particularly when the stream first sequence is a large number (#4226)
- Improve clean-up phase of R1 consumers on server restart for name reuse (#4216)
- Optimize “last message lookups” by subject (KV get operations) for small messages (#4232) Thanks to @jjthiessen for reporting the issue!
- Only enable JetStream account updates in clustered mode (#4233) Thanks to @tpihl for reporting the issue!
Fixed
General
- Fix a variety of potential panic scenarios (#4214) Thanks to @Zamony and @artemseleznev for the contribution!
Leadnode
- Daisy chained leafnodes could have unreliable interest propagation (#4207)
- Properly distribute requests to queue groups across leafnodes (#4231)
JetStream
- Killed server on restart could render encrypted stream unrecoverable (#4210) Thanks to @BhatheyBalaji for the report!
- Fix a few data races detected internal testing (#4211)
- Process extended purge operations correctly when being replayed (#4212, #4213) Thanks to @MauriceVanVeen for the report and contribution!
Complete Changes
v2.9.17…v2.9.18
Release v2.9.17
Changelog****Go Version
- 1.19.9
Dependency Updates
- github.com/klauspost/compress v1.16.5 (#4088)
Improved
Core
- Additional optimizations to outbound queues, reducing memory footprint (#4084, #4093, #4139)
- Use faster flate compression library for WebSocket transport compression (#4087)
Leafnodes
- Optimize subscription interest propagation for large leafnode fleet (#4117, #4135)
Monitoring
- Support sorting by RTT for /connz (#4157)
Resolver
- Improve signaling for missing account lookups (#4151)
JetStream
- Optimized determining if a stream snapshot is required (#4074)
- Run periodic check for consumer “ack floor” drift on leader (#4086)
- Optimize leadership transfer during a stream migration (#4104)
- Improve how clustered consumer state is hydrated on startup (#4107)
- Add operation type to panic messages for improved debugging (#4108)
- Improve health check to repair stalled assets periodically (#4116, #4172)
- Remove unnecessary filestore lock to improve I/O performance (#4123)
- Various Raft leadership improvements (#4126, #4142, #4143, #4145)
- Improve accuracy of account usage (#4131)
- Clean up old Raft groups when streams are reset (#4177)
Fixed
General
- Fix various names in comments (#4099) Thanks to @cuishuang for the contribution!
- Fix various typos in comments (#4169) Thanks to @savion1024 for the contribution!
- Update tests to reflect the server.Start() call no longer blocks (#4111) Thanks to @lheiskan for reporting the issue!
- Fix race condition in config reload with gateway sublist check (#4127)
- Track all remote servers in a NATS system with different domains (#4159)
Core
- Fix premature closing in WebSocket transport due to outbound queue changes (#4084)
- Fix subscription interest for config-based accounts during config reload (#4130)
- Use monotonic time for measuring durations internally (#4132, #4154, #4163)
Monitoring
- Service import reporting for /accountz when mapping to local subjects (#4158)
JetStream
- Fix formatting of Raft debug log (#4090)
- Prevent failure of /healthz in single server mode on failed snapshot restore (#4100)
- Ensure a stream Raft node has fully stopped and resources freed (#4118)
- Fix case where R1 streams are orphaned and can’t scale up (#4146)
- Protect against out of bounds access on usage updates (#4164)
- Fix state rebuild where the first block is truncated and missing index info (#4166)
- Avoid stale KV reads on server restarted for replicated stores (#4171) Thanks to @yixinin for reporting the issue!
- Prevent deadlock with usage report for accounts (#4176)
Complete Changes
v2.9.16…v2.9.17
Release v2.9.16
Changelog****Go Version
- 1.19.8
Dependency Updates
- github.com/klauspost/compress v1.16.4
- github.com/nats-io/jwt/v2 v2.4.1
- github.com/nats-io/nkeys v0.4.4
- golang.org/x/crypto v0.8.0
- golang.org/x/sys v0.7.0
Added
Build
- Nightly build of the “main” branch as a Docker image: synadia/nats-server:nightly-main (#3961, #3962, #3963, #3972, #4019, #4063)
- Version control SHA in the Goreleaser build of the server (#3993). Thanks for the report @jzhoucliqr!
Monitoring - Add server name and route remote server name to /routez (#4054)
Resolver
- Add “hard_delete” option for stored JWTs (#3783). Thanks for the contribution @JulienVdG!
Improved
JetStream
- Storage and Raft layer improvements to decrease p99 latency variance and memory pressure in high load environments (#3956, #3952, #3965, #3981, #3999, #4018, #4020, #4021, #4022, #4026, #4027, #4028, #4029, #4030, #4038, #4045, #4050, #4053)
- Don’t show Raft warning for node that is closed (#3968)
- Use pooled buffer for flushing encrypted message blocks (#3975)
- Remove snapshotting of cores and maxprocs (#3979)
- Improvements to interest-based streams to optimize when messages are deleted (#4006, #4007, #4012)
- Better handling of concurrent stream and consumer creation of the same name (#4013)
- Finer-grain locking during asset checking to reduce contention in the /healthz endpoint (#4031)
- Encrypted file stores will now limit block sizes to improve performance (#4046)
- Improve performance on storing messages with varying subjects and limits are imposed (#4048, #4057). Thanks for the report @kung-foo!
Fixed
Subjects
- Ensure subjects containing percent (%) are escaped (#4040)
Accounts
- Fix data race when setting up service import subscriptions (#4068)
Leaf
- Fix leaf client connection failing on OCSP setups (#3964)
- Fix case when allow/deny permissions on leaf connection could block legitimate interest (#4032)
Cluster
- Route disconnect not detected by ping/pong (#4016). Thanks for the contribution @sandykellagher!
JetStream
- Pull consumer not sending timeout error to clients for expired requests (#3942)
- Prevent meta leader deadlock during deletion of orphaned streams during server startup (#3945)
- Clear ack’ed messages when scaling workqueue or interest-based streams (#3960) Thanks for the report @Kaarel!
- Remove messages from interest-based stream on consumer snapshot (#3970)
- Fix potential panic in message block buffer pool (#3978)
- Fixed an issue with consumer states growing and causing instability (#3980)
- Improve handling of out-of-storage condition (#3985)
- Address memory leak of unreachable Raft groups when JetStream becomes disabled (#3986)
- Prevent Raft leader from being placed on server in lame-duck mode (#4002)
- Remove potential race condition on sysRequest (#4017)
- Fix FirstSeq not being updated with filestore when purging subject (#4041). Thanks for the contribution @MauriceVanVeen!
- Fix Raft log debug reloading (#4047)
- Ensure consumer recovers fully on restart before being eligible for leader (#4049)
- Fix incorrect check between stream source/mirror with external streams (#4052)
- Fix various conditions during Raft group recovery (#4056, #4058)
Complete Changes
v2.9.15…v2.9.16
Release v2.9.15
Changelog****Go Version
- 1.19.6: Both the release executables and Docker images are built with this Go release
Added
- Monitoring
- Add raft query parameter to /jsz to include group info (#3915)
- Update /leafz to include leaf node remove server name and “spoke” flag (#3923, #3925)
Changed
- Lower default value of jetstream.max_outstanding_catchup to prevent slow consumers between routes (#3922)
- Note: The new value is now 64MB from 128MB. This is better optimized for 1 Gbit links, however if your links are 10 Gbit or higher, this value can be set back to 128MB if slow consumers were not previously observed.
Improved
- Refactor intra-process queue to reduce allocations (#3894)
- JetStream
- Better system stability and recovery from corrupt metadata due to hard forced restarts (#3934)
- Optimize on-disk, per-subject info update (#3867)
- Limit concurrent blocking IO to improve stability under heavy IO loads (#3867)
- Improve message expiry calculation for large numbers of messages (#3867)
- Optimize when and how consumer num pending is calculated, significantly speeding up consumer info requests (#3877)
- Improve parallel consumer creation to prevent dropped messages (#3880)
- Properly warn on consumer state update state failures (#3892)
- Performance of consumer creation for certain configurations (#3901)
- Send current snapshot to followers when becoming meta-leader (#3904)
- Ensure preferred peer during stepdown is healthy (#3905)
- Optimized various store calls on stream state (#3910)
- Various performance and stability under heavy IO loads (#3922) (Thank you @matkam and @davidzhao for the report and the test harness!)
Fixed
- Fix stack overflow panic in reverse entry check when inbox ends with wildcard (#3862)
- Check if client connection name was already set when storing, preventing recursive memory growth (#3886)
- Fix check for count of wildcard tokens in “partition” subject transform (#3887) (Thank you @MauriceVanVeen for the contribution!)
- Fix panic if service export is nil (#3917) (Thank you @MauriceVanVeen for the report!)
- JetStream
- Ensure per-subject info is updated when doing stream compact (#3860)
- Ensure account usage is updated in the filestore when extended version purge occurs (#3876)
- Prevent consumer deletes on restart, with non-fatal errors (#3881)
- Do not warn if consumer replicas is zero since it will be inherited from the stream (#3882)
- Named push consumers with inactive thresholds deleted when still active (#3884)
- Prevent spurious “Error storing entry to WAL” log messages (#3893, #3891)
- Clean up consumer redelivery state on stream purge (#3892)
- Clean up consumer ack pending if below stream ack floor (#3892)
- Update ack floors on messages being expired (#3892)
- Fix lost ack pending consumer state on partial stream purge (#3892)
- Snapshot and compact the consumer RAFT WAL, even when state changes do not occur, to prevent excessive disk usage (#3898)
- Fix KV accounting errors under heavy concurrent usage (#3900)
- Ensure new replicas respect MaxAge when a stream is scaled up (#3861)
- Snapshots would not compact after being applied (#3907)
- Fix filtered pending state calculation (#3910)
- Recover from a failed truncate on raft WAL (#3911)
- Fix JWT claims update if headers are passed (#3918)
- MQTT
- Prevent use of wildcard characters with topics beginning with $, per the MQTT spec violation 4.7.2-1 (#3926) (Thank you @dominikh for the report!)
Dependency Updates
- klauspost/compress - v1.16.0
- nats-io/nats.go - v1.24.0
- golang.org/x/crypto - v0.6.0
- golang.org/x/sys - v0.5.0
Complete Changes
v2.9.14…v2.9.15
Release v2.9.14
Changelog****Go Version
- 1.19.5: Both the release executables and Docker images are built with this Go release
Fixed
- JetStream
- Fix circumstance when an empty snapshot could be written (#3844)
- Fix possible panic and deadlock during a consumer filter subject update (#3845)
- Fix consumer snapshot logic (#3846)
Complete Changes
v2.9.12…v2.9.14
Release v2.9.12
Changelog
NOTE: regressions were found in this release. Please skip this and go directly to the v2.9.14 release.
Go Version
- 1.19.5: Both the release executables and Docker images are built with this Go release
Added
- OS/Arch
- Add support for dragonfly BSD (#3804)
Improved
- JetStream
- Use highwayhash to optimize difference tracking for stream, consumer, and cluster snapshots (#3780)
- Add small tolerance in lag for stream and consumer health checks (#3794)
- Various optimizations related to snapshots and memory usage (#3828, #3831, #3837) Thanks to @MauriceVanVeen for the collaboration on this issue.
Fixed
- JetStream
- Update numCores and maxProcs if altered by container limits (#3796)
- Fix filtered state for all subjects when the first sequences are deleted (#3801)
- Updating a stream to direct gets would fail direct gets (#3806)
- Force consumer replicas to match for interest-based policy streams (#3817)
- Assign signal subscription to consumer when created (#3808)
- Properly process updates on a stream on restart (#3818)
- Select consumer peer(s) from active/online peers only on creation (#3821)
- Sourced streams that do not overlap subjects were incorrectly reported as a cycle (#3825)
- Fix for isGroupLeaderless when JS not available due to shutdown (#3830)
- Deadlock on data loss when holding mb lock (#3832)
- Fix consumer not getting messages after filter update (#3829)
- Fix current consumers not getting messages after purge (#3838) Thanks to @pcsegal for the report!
Updated Dependencies
- github.com/klauspost/compress - v1.15.15
- github.com/nats-io/nats.go - v1.23.0
- golang.org/x/time - v0.3.0
Complete Changes
v2.9.11…v2.9.12
Related news
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.