RabbitMQ Release Notes

RabbitMQ 4.3.1 is a maintenance release in the 4.3.x release series.

It is strongly recommended that you read 4.3.0 release notes in detail if upgrading from a version prior to 4.3.0.

Minimum Supported Erlang Version

RabbitMQ and Erlang/OTP Compatibility Matrix has more details on Erlang version requirements for RabbitMQ.

Nodes will fail to start on older Erlang releases.

Changes Worth Mentioning

Release notes can be found on GitHub at rabbitmq-server/release-notes.

Core Server

Bug Fixes

If a queue was bound to a topic exchange using an empty binding key (""), messages published to any topic exchange with an empty routing key would be incorrectly routed to that queue.

To apply the fix, enable the new topic_binding_projection_v5 feature flag after upgrading all cluster nodes.

GitHub issue: #16271

A virtual host could be falsely considered to be deleted in certain metadata store error and timeout scenarios.

GitHub issue: #16422

Passive queue and exchange declarations are now allowed for users that have any permission on the virtual host (configure, write, or read), not only configure.

GitHub issues: #16272, #16085

Classic queue shared message store GC could fall behind other queue activity under heavy load

GitHub issues: #16142, #16141

Classic queue message store: garbage collection is now stopped cleanly during node shutdown.

GitHub issue: #15498

Quorum queues now gracefully handle negative priority values.

GitHub issue: #16280

Quorum queues: delayed retry-related policy keys are now accepted in policy definitions.

GitHub issues: #16395, #16398

Fixed a bug where quorum queue's at-least-once dead lettering could direct commands to the wrong member (replica).

GitHub issue: #16203

Quorum queues: reintroduced Raft WAL max entries default of 500K.

GitHub issue: #16382

A quorum queue could crash during recovery after an unclean shutdown

PR: rabbitmq/ra#629

Stream queue argument validation was improved.

GitHub issue: #16285

Enhancements

channel_max was renamed to max_channels in rabbitmq.conf. The original name is still supported as an alias.

GitHub issue: #16347

connection_max was renamed to max_connections in rabbitmq.conf. The original name is still supported as an alias.

GitHub issue: #16347

The per-node max_connections limit is now enforced for AMQP 1.0 connections as well as AMQP 0-9-1 ones.

GitHub issue: #16300

When a plain-text client connects to a TLS listener (or vice versa) for AMQP 0-9-1, MQTT, STOMP, and the Stream protocol, target node will log a more useful message.

GitHub issues: #16342, #16344

The permission cache is now traversed less often during AMQP 1.0 management and AMQP 0-9-1 channel checks.

GitHub issue: #16274

Stream Plugin

Bug Fixes

Stream protocol: an open frame with empty properties is now handled correctly.

GitHub issue: #16341

Enhancements

It is now possible to cap the maximum number of concurrent Stream Protocol client connections using the stream.max_connections configuration key in rabbitmq.conf.

GitHub issue: #16341

Management Plugin

Bug Fixes

HTTP API GET /api/connections could return a 500 response when STOMP connections were present.

GitHub issue: #16435

Enhancements

It is now possible to cap the maximum number of concurrent HTTP API connections using the management.tcp.max_connections, management.ssl.max_connections configuration keys in rabbitmq.conf.

GitHub issue: #16407

The peer (client) certificate serial number is now exposed in the management UI and select CLI commands.

GitHub issue: #16463

Prometheus Plugin

Enhancements

It is now possible to cap the maximum number of concurrent HTTP API connections using the prometheus.tcp.max_connections, prometheus.ssl.max_connections configuration keys in rabbitmq.conf.

GitHub issue: #16407

MQTT Plugin

Bug Fixes

The MQTT connection process no longer fails and logs an exception when keepalive checks encounter socket errors on an already-closed connection.

GitHub issue: #16391

Enhancements

It is now possible to cap the maximum number of concurrent MQTT client connections using the mqtt.max_connections configuration key in rabbitmq.conf.

GitHub issue: #16367

Federation Plugin

Bug Fixes

Federation links could fail to start during rolling cluster restarts.

GitHub issues: #16234, #16224

LDAP Plugin

Enhancements

New rabbitmq.conf configuration settings for TLS cipher suites: auth_ldap.ssl_options.ciphers.*.

GitHub issue: #16226

HTTP Auth Backend Plugin

Enhancements

New rabbitmq.conf configuration settings for TLS cipher suites: auth_http.ssl_options.ciphers.*.

GitHub issue: #16226

Auth Backend Cache Plugin

Bug Fixes

The cache was not effective for reconnecting clients.

GitHub issues: #16255, #16258

Trust Store Plugin

Bug Fixes

A user-provided fail_if_no_peer_cert value in the plugin's TLS options is now respected. Previously, an internal default could override the configured value.

GitHub issue: #16201

Enhancements

New rabbitmq.conf configuration settings for TLS cipher suites: trust_store.ssl_options.ciphers.*.

GitHub issue: #16226

Dependency Changes

ra was upgraded to 3.1.7

cuttlefish was upgraded to 3.7.0

cowboy was upgraded to 2.15.0

cowlib was upgraded to 2.16.1

gun was upgraded to 2.3.0

Original source

RabbitMQ 4.2.7 is a maintenance release in the 4.2.x release series.

It is strongly recommended that you read 4.2.0 release notes in detail if upgrading from a version prior to 4.2.0.

Minimum Supported Erlang Version

RabbitMQ and Erlang/OTP Compatibility Matrix has more details on Erlang version requirements for RabbitMQ.

Nodes will fail to start on older Erlang releases.

Changes Worth Mentioning

Release notes can be found on GitHub at rabbitmq-server/release-notes.

Core Server

Bug Fixes

A virtual host could be falsely considered to be deleted in certain metadata store error and timeout scenarios.

GitHub issue: #16422

Passive queue and exchange declarations are now allowed for users that have any permission on the virtual host (configure, write, or read), not only configure.

GitHub issue: #16272

Classic queue message store: garbage collection is now stopped cleanly during node shutdown.

GitHub issue: #15498

Fixed a bug where quorum queue's at-least-once dead lettering could direct commands to the wrong member (replica).

GitHub issue: #16203

Stream queue argument validation was improved.

GitHub issue: #16285

Enhancements

channel_max was renamed to max_channels in rabbitmq.conf. The original name is still supported as an alias.

GitHub issue: #16347

connection_max was renamed to max_connections in rabbitmq.conf. The original name is still supported as an alias.

GitHub issue: #16347

The per-node max_connections limit is now enforced for AMQP 1.0 connections as well as AMQP 0-9-1 ones.

GitHub issue: #16300

The permission cache is now traversed less often during AMQP 1.0 management and AMQP 0-9-1 channel checks.

GitHub issue: #16274

Stream Plugin

Bug Fixes

Stream protocol: an open frame with empty properties is now handled correctly.

GitHub issue: #16341

Enhancements

It is now possible to cap the maximum number of concurrent Stream Protocol client connections using the stream.max_connections configuration key in rabbitmq.conf.

GitHub issue: #16341

Management Plugin

Bug Fixes

HTTP API GET /api/connections could return a 500 response when STOMP connections were present.

GitHub issue: #16435

Enhancements

It is now possible to cap the maximum number of concurrent HTTP API connections using the management.tcp.max_connections, management.ssl.max_connections configuration keys in rabbitmq.conf.

GitHub issue: #16407

The peer (client) certificate serial number is now exposed in the management UI and select CLI commands.

GitHub issue: #16463

Prometheus Plugin

Enhancements

It is now possible to cap the maximum number of concurrent HTTP API connections using the prometheus.tcp.max_connections, prometheus.ssl.max_connections configuration keys in rabbitmq.conf.

GitHub issue: #16407

MQTT Plugin

Bug Fixes

The MQTT connection process no longer fails and logs an exception when keepalive checks encounter socket errors on an already-closed connection.

GitHub issue: #16391

Enhancements

It is now possible to cap the maximum number of concurrent MQTT client connections using the mqtt.max_connections configuration key in rabbitmq.conf.

GitHub issue: #16367

Federation Plugin

Bug Fixes

Federation links could fail to start during rolling cluster restarts.

GitHub issues: #16234, #16224

LDAP Plugin

Enhancements

New rabbitmq.conf configuration settings for TLS cipher suites: auth_ldap.ssl_options.ciphers.*.

GitHub issue: #16226

HTTP Auth Backend Plugin

Enhancements

New rabbitmq.conf configuration settings for TLS cipher suites: auth_http.ssl_options.ciphers.*.

GitHub issue: #16226

Auth Backend Cache Plugin

Bug Fixes

The cache was not effective for reconnecting clients.

GitHub issues: #16255, #16258

Trust Store Plugin

Bug Fixes

A user-provided fail_if_no_peer_cert value in the plugin's TLS options is now respected. Previously, an internal default could override the configured value.

GitHub issue: #16201

Enhancements

New rabbitmq.conf configuration settings for TLS cipher suites: trust_store.ssl_options.ciphers.*.

GitHub issue: #16226

Dependency Changes

ra was upgraded to 2.17.3

cuttlefish was upgraded to 3.7.0

cowboy was upgraded to 2.15.0

cowlib was upgraded to 2.16.1

gun was upgraded to 2.3.0

Original source

RabbitMQ 4.3.0 is a new feature release.

Breaking Changes and Compatibility Notes

Mnesia and Parition Handling Strategies are Removed

Since only 4.2.x clusters can upgrade to 4.3.0 in place, this won't be a breaking change for nearly all instalations but it will affect community plugins that use Mnesia.

All partition handling-related keys in rabbitmq.conf will be accepted by 4.3.0 nodes but won't have any effect:

• cluster_partition_handling
• cluster_partition_handling.pause_if_all_down.recover
• cluster_partition_handling.pause_if_all_down.nodes.$name

Team RabbitMQ recommends removing the above keys from rabbitmq.conf before or shortly after upgrading.

Deprecated Features are Now Disabled by Default

A number of deprecated features are now disabled by default and require the user to opt-in in order to use them.

This includes non-durable (transient) non-exclusive queues: attempts to declare a queue with such property combination will be rejected by default.

Use durable queues, transient exclusive queues, or durable queues with a queue TTL instead.

To explicitly allow transient non-exclusive queues, make sure that all nodes in the cluster include the following rabbitmq.conf key and were restarted so that all nodes have a consistent view of the deprecated feature settings:

# Enables deprecated non-durable (transient) non-exclusive queues
# (disabled by default as of RabbitMQ `4.3.0`, will be removed in a later version).
#
# Must be effective on all cluster nodes BEFORE
# the cluster is upgraded to `4.3.0`.
# If only some nodes have the setting configured, it will not have the desired effect.
deprecated_features.permit.transient_nonexcl_queues = true

If only some nodes have setting configured, it will not have the desired effect.

Classic Queues v1 Storage (CQv1) is Removed

This release removes the original classic queue storage implementation these days known as CQv1. A 2nd generation implementation called CQv2 has been adopted as the default starting with 4.2.0.

This means that attempts to declare a queue using the following optional queue arguments will fail:

• x-queue-mode set to any value
• x-queue-version set to 1

Existing classic queues upgraded to CQv2 during an earlier upgrade to 4.2.x will continue operating as usual.

Consumer Timeouts are No Longer Evaluated for Classic Queues and Streams

This release moves consumer timeout handling responsibility into the queues themselves. Also, all protocols (except for the stream protocol) now evaluate consumer timeout for queue types that support them. Classic queues and streams never evaluate consumer timeouts as their use cases largely avoid the need for such as feature.

Release Highlights

Khepri is Now The Only Metadata Store

As of this release, Khepri is the only metadata store supported by RabbitMQ: Mnesia was removed completely.

In practical operational terms, this means that

For a cluster to be available, a majority of nodes must be online at all times

Failure and partition recovery in a RabbitMQ cluster is now significantly simpler and uniform: all components that have replicated state (Khepri, quorum queues, streams) recover per Raft recovery semantics

Quorum Queues Enhancements

This release upgrades the Ra dependency to 3.x and introduces a new (8th) version of the quorum queue state machine with several new features and optimisations:

• Strict priority queues with per-priority message counts, correct redelivery ordering, and priority-aware message expiration
• Delayed retry for quorum queues: configurable increasing backoff when messages are returned
• Consumer timeout for quorum queues: configurable timeout for unacknowledged messages, with protocol-specific handling for AMQP 1.0 and MQTT
• Recovery snapshots and snapshot throttling to reduce recovery time and improve snapshotting decisions
• Memory optimisations including compact message references, optimised tuple storage for delayed keys, and removal of rabbit_fifo_index usage

Upgrading to 4.3.0

Documentation Guides on Upgrades

See the Upgrading guide for documentation on upgrades and GitHub releases for release notes of individual releases.

This release series supports upgrades from 4.2.x. Upgrades from earlier series are not supported: users must upgrade to the latest available 4.2.x patch release before upgrading to 4.3.0.

New Required Feature Flags

All feature flags introduced in 4.2.0 and earlier are required, including the following:

• rabbitmq_4.2.0
• rabbitmq_4.1.0
• rabbitmq_4.0.0
• khepri_db
• quorum_queue_non_voters
• message_containers_deaths_v2

Enable all required feature flags before upgrading to 4.3.0.

If your RabbitMQ cluster had plugin rabbitmq_amqp1_0 enabled in RabbitMQ 3.13.x (and your cluster still serves AMQP 1.0 client connections in 4.x), your cluster should do at least one rolling update after enabling feature flag rabbitmq_4.0.0 but before upgrading to 4.3.0.

Deprecated Features

In 4.3.0 the deprecation phase of the following features advanced from permitted_by_default to denied_by_default:

• amqp_address_v1
• amqp_filter_set_bug
• global_qos
• queue_master_locator
• transient_nonexcl_queues

And the deprecated feature ram_node_type has been removed.

Mixed Version Cluster Compatibility

RabbitMQ 4.3.0 nodes can run alongside 4.2.x in the same cluster.

Mixed version clusters are a mechanism that allows rolling upgrades and are not meant to be run for extended periods of time (no more than a few hours).

Recommended Post-upgrade Procedures

This version does not require any additional post-upgrade procedures compared to other versions.

Changes Worth Mentioning

Core Server

Enhancements

When a message is rejected by a queue, RabbitMQ now provides the queue name and rejection reason to AMQP 1.0 publishers in the Rejected outcome. This is particularly useful when multiple queues are bound to an exchange, as it allows publishers to identify which specific queue out of several target queues rejected the message and why (e.g., maximum queue length reached or queue unavailable). Previously, publishers had no way to determine which queue rejected their message or the reason for rejection.

The queue name and reason are included in the info field of the Rejected outcome's error field:

queue: <queue name>
reason: maxlen | unavailable

GitHub issue: #15075

Quorum queues now support strict priority queues with per-priority message counts, correct redelivery ordering across priorities, and priority-aware message expiration scans.

GitHub issue: #13885

Quorum queues now support delayed retry with configurable backoff based on delivery count. When messages are returned (via reject, nack, or modify), they can be held in a delayed state before becoming available again. The delay is based on delivery count: min(min_delay * delivery_count, max_delay).

Configuration is available via queue arguments (x-delayed-retry-type, x-delayed-retry-min, x-delayed-retry-max) or policy keys (delayed-retry-type, delayed-retry-min, delayed-retry-max). The retry type can be set to disabled, all, failed, or returned.

GitHub issue: #13885

Quorum queues now support a configurable consumer timeout. When a consumer holds unacknowledged messages beyond the timeout, the messages are returned to the queue. For AMQP 1.0 clients, timed-out deliveries are released via DISPOSITION(state=released) instead of detaching the link, allowing the consumer to recover without re-attaching. MQTT consumers are also supported.

The timeout can be set via the x-consumer-timeout consumer argument, queue argument, consumer-timeout policy key, or the global consumer_timeout setting in rabbitmq.conf.

GitHub issue: #13885

A new consumer_disconnected_timeout setting controls how long quorum queues wait before returning messages when a consumer's node becomes unreachable due to a network partition. The default is 60 seconds.

Configurable via consumer_disconnected_timeout in rabbitmq.conf, the consumer-disconnected-timeout policy key, or the x-consumer-disconnected-timeout queue argument.

GitHub issue: #13885

Quorum queue recovery snapshots reduce recovery time after a member restart by avoiding the need to replay all enqueue commands from the log.

GitHub issue: #13885

Quorum queue snapshot throttling now uses WAL fill ratio and reclaimable byte tracking to make smarter snapshotting decisions, yielding roughly one snapshot per queue per WAL cycle instead of excessive snapshots in shallow, fast-flowing queues.

GitHub issue: #13885

Quorum queue memory optimisations: message references now use a compact packed integer representation ("compact" means up to 59-bit) when possible, halving per-message memory overhead in many scenarios. The rabbit_fifo_index module is no longer used by the main state machine.

GitHub issue: #13885

Quorum queues now allow unlimited explicit message returns. The delivery limit is based on delivery-count rather than acquired-count, so messages can be explicitly returned to the queue without counting towards the delivery limit.

GitHub issue: #13885

The x-modulus-hash exchange type, previously provided by the sharding plugin, was moved into the core and reworked to provide stable message routing (distribution) assuming a stable set of bindings, including between node restarts.

GitHub issue: #15849

When quorum queue members (replicas) are deleted from a node, either manually via rabbitmq-queues shrink or as part of rabbitmqctl forget_cluster_node, the members are stopped in parallel.

GitHub issue: #15081

Purging a quorum queue now also removes at-least-once dead-lettered messages that were pending delivery.

GitHub issue: #13885

AMQP 0-9-1: when a connection's credentials are refreshed, the permissions cache is now cleared and consumer permissions are re-validated immediately

GitHub issue: #16092

Quorum queue delivery limit can now be changed via policy without queue redeclaration

GitHub issue: #16035

Khepri topic exchange routing projection (v4): replaced the internal representation with a trie backed by an ordered_set ETS table, significantly improving routing performance for topic exchanges with many bindings

GitHub issue: #15619

Quorum queues notify AMQP 1.0 clients of Single Active Consumer state changes

GitHub issue: #15736

More rabbitmq.conf keys now accept tagged values (e.g., encrypted:...)

GitHub issue: #15808

Startup banner no longer includes the Erlang cookie hash

GitHub issue: #16087

Optimised AMQP 1.0 message container annotation handling during modify outcomes

GitHub issue: #15743

Bulk queue delete with Khepri has been optimized

GitHub issue: #14902

Optimised quorum queue message expiry scanning

GitHub issue: #15846

AMQP 0-9-1: configure permission checks now apply to passive queue and exchange declarations, matching the behavior of their regular counterparts

GitHub issue: #16085

Khepri snapshot interval is now configurable in rabbitmq.conf

GitHub issue: #16011

Quorum queue Raft settings: additional configuration settings are now exposed in rabbitmq.conf, including maximum segment size

GitHub issue: #15962

Bug Fixes

If a quorum queue with a large backlog terminated abnormally, node memory footprint could spike.

GitHub issue: #15837

rabbitmqctl forget_cluster_node now removes all quorum queue and stream members (replicas) before proceeding to leave the metadata store cluster. This order minimizes the risk of some replicas being left behind on the leaving node.

GitHub issue: #15729

Quorum queue at-most-once dead lettering for the overflow behaviour drop-head now happens in the correct order.

GitHub issue: #14926

Feature flag state in the registry and on disk were not consistent for a period of time during node boot.

GitHub issue: #14943

Classic queues now implement AMQP 1.0 delivery-count and first-acquirer headers properly.

GitHub issue: #15020

Quorum queues returned an incorrect consumer count in the response to a passive queue.declare operation

GitHub issue: #16185

Classic queue shared store could leave stale index entries after segment removal or rollover, causing unnecessary disk space usage

GitHub issue: #16142

Bindings targeting Direct Reply-to pseudo-queues are now rejected instead of being silently accepted without any functional effect

GitHub issue: #15935

AMQP 1.0 sessions could grant too many credits in certain failure and recovery scenarios

GitHub issue: #15883

Quorum queues: acquired-count is now correctly preserved when dead-lettering

GitHub issue: #16039

AMQP 1.0: attaching with a link handle already in use on the same session is now rejected with a handle-in-use session error, as required by the specification

GitHub issue: #16039

Quorum queues: Single Active Consumer could incorrectly report multiple active consumers in certain timing scenarios

GitHub issue: #15733

Quorum queues: consumer timeout could fail to trigger under certain conditions

GitHub issue: #15805

The channel limit exceeded error message now correctly identifies the per-user limit as the source of the constraint

GitHub issue: #15750

Stream Plugin

Bug Fixes

stream.read_ahead is a new setting that controls how much data is prefetched from disk for stream reads (consumption).

GitHub issue: #14948

Stream deletion is now more resilient and can handle certain mid-deletion failure scenarios.

GitHub issue: #14852

new_stream coordinator command is now idempotent. Previously, concurrent or retried stream declarations could produce spurious errors even though the stream was created successfully

GitHub issue: #15706

Prometheus Plugin

Enhancements

/metrics/detailed endpoint now supports filtering queue metrics by queue name

GitHub issue: #15689

Grafana Dashboards

Enhancements

The dashboards were updated for the most recent RabbitMQ release series.

Replaced explicit rate intervals with $__rate_interval for better compatibility across different scrape intervals

GitHub issue: #15978

Management Plugin

Enhancements

GET /api/queues/{vhost} requests no longer perform unnecessary virtual host permission checks and log less (at debug level) as a result.

GitHub issue: #14923

Quorum queue delayed retry configuration and status, per-priority message counts, and consumer timeout state are now displayed in the management UI.

GitHub issue: #13885

GET /users/{user}/queues has been added.

GitHub issue: #15074

HTTP API displays static connection info (peer address, TLS details, auth mechanism) even when stats collection is disabled via rabbitmq.conf

GitHub issue: #16009

Bug Fixes

effective_policy_definition in HTTP API responses now returns an empty JSON object (not an array or empty string) when no policy applies to a queue

GitHub issue: #16017

Management UI: OAuth 2 used side by side with Basic Auth could fail to reload provider configuration correctly

GitHub issue: #15793

Management UI: preference cookie expiry now respects the configured session timeout setting rather than using a hardcoded value

GitHub issue: #15814

Management UI: users were presented with a 401 error after changing their own password via the UI. The session is now refreshed automatically

GitHub issue: #15730

The deprecated, unused GET /api/auth endpoint was removed.

It has been out of use since 3.11 but never removed.

GitHub issue: #16083

POST /api/users/bulk-delete now respects the protected_users configuration, matching the behavior of the single-user DELETE /api/users/:name endpoint

GitHub issue: #16143

MQTT Plugin

Enhancements

For MQTT 5.0 publishers, when a message is rejected because the target queue's maximum length is exceeded, RabbitMQ now returns a Quota exceeded reason code in the PUBACK packet. This provides publishers with actionable information about why their message was rejected.

GitHub issue: #15075

MQTT QoS 0 queue type now reports member information in management API responses

GitHub issue: #15656

Web MQTT Plugin

Enhancements

A default max_frame_size is now set on WebSocket connections, bounding decompressed frame sizes. The limit starts at mqtt.max_packet_size_unauthenticated and is raised after successful CONNECT

GitHub issue: #16180

A login_timeout is now enforced for WebSocket connections, matching the TCP listener behavior

GitHub issue: #16120

WebSocket Origin header will be validated web_mqtt.allow_origins

GitHub issue: #16158

STOMP Plugin

Enhancements

For certain destinations that previously used non-durable (transient) queues, STOMP subscriptions now use exclusive queues, as non-exclusive transient queues are a deprecated property combination disabled by default as of this release

GitHub issue: #13016

Web STOMP Plugin

Enhancements

WebSocket Origin header validation is now available via web_stomp.allow_origins

GitHub issue: #16158

Federation Plugin

Enhancements

Federation links and their connections are now stopped in parallel. This significantly improves shutdown time for nodes with many (into thousands) federation links.

GitHub issue: #15271

Federation links no longer restart during plugin or node shutdown. For nodes with hundreds or thousands of federation links, link recovery could significantly delay node shutdown.

GitHub issue: #15258

Federation Management Plugin

Bug Fixes

Federation link restart operations now require the policymaker tag

GitHub issue: #16051

Shovel Plugin

Enhancements

An optional src-consumer-name property can be specified to define the consumer tag (amqp091 and local src-protocol) or link identifier (amqp10 protocol)

Bug Fixes

Improved target node resource alarm handling for AMQP 1.0 and local shovels.

GitHub issue: #14886

Local shovels could run into an exception that would cause a shovel restart.

GitHub issue: #14872

AMQP 1.0 shovels ignored the sasl URI parameter.

GitHub issue: #14867

Shovel Management Plugin

Bug Fixes

Shovel management: DELETE operations now require the policymaker tag, matching the federation plugin counterpart

GitHub issue: #16051

OAuth 2 Plugin

Bug Fixes

A usability improvement allows the plugin to automatically load the trusted system x.509 (TLS) certificates.

GitHub issue: #14927

The auth cache backend now correctly delegates token expiry timestamps to the wrapped backend, ensuring connections are closed when tokens expire

GitHub issue: #16100

LDAP Plugin

Enhancements

LDAP queries, including multi-line ones, can now be specified in rabbitmq.conf.

GitHub issue: #14868

Bug Fixes

A usability improvement allows the plugin to automatically load the trusted system certificates when the user only enables TLS for the LDAP client but does not configure any other settings.

GitHub issue: #14937

DN values are now handled per RFC 4514

GitHub issue: #16101

HTTP Auth Backend Plugin

Enhancements

The HTTP Auth Backend can now optionally provide a custom authorization denial reason to AMQP clients. To opt in, return deny <Reason> (instead of only deny) in the HTTP response body of your HTTP auth backend and set the following in your rabbitmq.conf file:

auth_http.authorization_failure_disclosure = true

See the README for more information.

GitHub issue: #14641

Sharding Plugin

Enhancements

The x-modulus-hash exchange type, previously provided by the sharding plugin, was moved into the core and reworked to provide stable message routing (distribution) assuming a stable set of bindings, including between node restarts.

GitHub issue: #15849

Trust Store Plugin

Enhancements

Refactored certificate identification to avoid (unlikely) conflicts

GitHub issue: #16116

The plugin now provides CLI commands for trust store certificate management have been introduced

GitHub issue: #15746

Rejected certificates are now logged with additional diagnostic details

GitHub issue: #15889

Tracing Plugin

Bug Fixes

Trace file downloads now set the charset to UTF-8 when serving trace files.

GitHub issue: #13952

Dependency Changes

• ra was upgraded to 3.1.6
• khepri was upgraded to 0.18.0
• osiris was upgraded to 1.3.1
• gen_batch_server was upgraded to 0.9.2
• cuttlefish was upgraded to 3.6.0

Source Code Archives

To obtain source code of the entire distribution, please download the archive named rabbitmq-server-4.3.0.tar.xz instead of the source tarball produced by GitHub.

Original source

RabbitMQ 4.2.6

RabbitMQ 4.2.6 is a maintenance release in the 4.2.x release series.

It is strongly recommended that you read 4.2.0 release notes in detail if upgrading from a version prior to 4.2.0.

Minimum Supported Erlang Version

RabbitMQ and Erlang/OTP Compatibility Matrix has more details on Erlang version requirements for RabbitMQ.

Nodes will fail to start on older Erlang releases.

Changes Worth Mentioning

Release notes can be found on GitHub at rabbitmq-server/release-notes.

Core Server

Bug Fixes

Quorum queues: get_checked_out aux command could return messages in incorrect order

GitHub issue: #16008

rabbitmqctl forget_cluster_node now removes all quorum queue and stream members (replicas) before proceeding to leave the metadata store cluster.

This order minimizes the risk of some replicas being left behind on the leaving node.

GitHub issue: #15729

The channel limit exceeded error message now correctly identifies the per-user limit as the reason

GitHub issue: #15750

AMQP 0-9-1: configure permission checks now apply to passive queue and exchange declarations, matching the behavior of their regular counterparts

Khepri: missing keys are now correctly distinguished from errors in certain internal operations, avoiding spurious error-level log messages

GitHub issue: #15942

Bindings targeting Direct Reply-to pseudo-queues are now rejected instead of being silently accepted without any functional effect

GitHub issue: #15935

Enhancements

More rabbitmq.conf keys now accept tagged values (e.g., encrypted:...)

GitHub issue: #15808

When quorum queue members (replicas) are deleted from a node, either manually via rabbitmq-queues shrink or as part of rabbitmqctl forget_cluster_node, the members are stopped in parallel

GitHub issue: #15081

AMQP 0-9-1: configure permission checks now apply to passive queue and exchange declarations, matching the behavior of their regular counterparts

GitHub issue: #16085

AMQP 0-9-1: when a connection's credentials are refreshed, the permissions cache is now cleared and consumer permissions are re-validated immediately

GitHub issue: #16092

Management Plugin

Bug Fixes

effective_policy_definition in HTTP API responses now returns an empty JSON object (not an array or empty string) when no policy applies to a queue

GitHub issue: #16017

Management UI: OAuth 2 combined with basic_auth could fail to reload provider configuration correctly

GitHub issue: #15858

Management UI: preference cookie expiry now respects the configured session timeout setting rather than using a hardcoded value

GitHub issue: #15814

Management UI: users were presented with a 401 error after changing their own password via the UI. The session is now refreshed automatically

GitHub issue: #15730

The deprecated, unused GET /api/auth endpoint was removed

It has been out of use since 3.11 but never removed.

GitHub issue: #16083

POST /api/users/bulk-delete now respects the protected_users configuration, matching the behavior of the single-user DELETE /api/users/:name endpoint

GitHub issue: #16143

Quorum queue status and stream tracking endpoints now enforce virtual host access checks, consistent with all other vhost-scoped endpoints

GitHub issue: #16104

Enhancements

HTTP API displays static connection info (peer address, TLS details, auth mechanism) even when stats collection is disabled via rabbitmq.conf

GitHub issue: #16009

Super stream creation via HTTP API now verifies configure permission, matching the stream protocol code path

GitHub issue: #16099

Management API regex filters (?name=...&use_regex=true) now enforce match limits, preventing pathological patterns from consuming excessive CPU time

GitHub issue: #16074

MQTT Plugin

Bug Fixes

Fixed a timing-sensitive issue around Last Will message delivery and session expiration

GitHub issue: #15999

Enhancements

MQTT QoS 0 queue type now reports member information in management API responses

GitHub issue: #15656

Web MQTT Plugin

Enhancements

A default max_frame_size is now set on WebSocket connections, bounding decompressed frame sizes. The limit starts at mqtt.max_packet_size_unauthenticated and is raised after successful CONNECT

GitHub issue: #16180

A login_timeout is now enforced for WebSocket connections, matching the TCP listener behavior

GitHub issue: #16120

WebSocket Origin header validation is now available via web_mqtt.allow_origins

GitHub issue: #16158

Web STOMP Plugin

Enhancements

A default max_frame_size is now set on WebSocket connections. A smaller pre-authentication limit is raised after successful STOMP CONNECT, matching the Web MQTT pattern

GitHub issue: #16180

A login_timeout is now enforced for WebSocket connections, matching the TCP listener behavior

GitHub issue: #16120

WebSocket Origin header validation is now available via web_stomp.allow_origins

GitHub issue: #16158

Shovel Plugin

Bug Fixes

AMQP 1.0 shovels now properly detach links when closing connections, preventing spurious error log entries during shutdown

GitHub issue: #15603

AMQP 1.0 shovel status no longer includes full connection URIs in API responses and CLI output

GitHub issue: #16108

Shovel Management Plugin

Bug Fixes

DELETE operations now require the policymaker tag, matching the federation plugin counterpart

GitHub issue: #16051

Federation Management Plugin

Bug Fixes

Federation link restart operations now require the policymaker tag

GitHub issue: #16051

OAuth 2 Plugin

Bug Fixes

The auth cache backend now correctly delegates token expiry timestamps to the wrapped backend, ensuring connections are closed when tokens expire

GitHub issue: #16100

OAuth 2 management UI: improved provider configuration loading and rendering

GitHub issue: #15858

LDAP Plugin

Bug Fixes

DN values are now handled per RFC 4514

GitHub issue: #16101

Trust Store Plugin

Enhancements

Refactored certificate identification to avoid (unlikely) conflicts

GitHub issue: #16116

Proper CLI commands for trust store certificate management have been introduced

GitHub issue: #15746

Rejected certificates are now logged with additional diagnostic details

GitHub issue: #15889

Consistent Hashing Exchange Plugin

Bug Fixes

Binding weights above 10,000 are now rejected. Previously, extremely large weights could cause excessive memory allocation

GitHub issue: #16118

Dependency Changes

khepri was upgraded to 0.17.7

gen_batch_server was upgraded to 0.9.1

Original source

RabbitMQ 4.3.0-rc.1

RabbitMQ 4.3.0-rc.1 is a new feature release candidate.

Breaking Changes and Compatibility Notes

Mnesia and Parition Handling Strategies are Removed

Since only 4.2.x clusters can upgrade to 4.3.0 in place, this won't be a breaking change for nearly all instalations but it will affect community plugins that use Mnesia.

All partition handling-related keys in rabbitmq.conf will be accepted by 4.3.0 nodes but won't have any effect:

• cluster_partition_handling
• cluster_partition_handling.pause_if_all_down.recover
• cluster_partition_handling.pause_if_all_down.nodes.$name

Team RabbitMQ recommends removing the above keys from rabbitmq.conf before or shortly after upgrading.

Deprecated Features are Now Disabled by Default

A number of deprecated features are now disabled by default and require the user to opt-in in order to use them.

This includes non-durable (transient) non-exclusive queues: attempts to declare a queue with such property combination will be rejected by default.

Use durable queues or transient exclusive queues instead.

Classic Queues v1 Storage (CQv1) is Removed

This release removes the original classic queue storage implementation these days known as CQv1. A 2nd generation implementation called CQv2 has been adopted as the default starting with 4.2.0.

This means that attempts to declare a queue using the following optional queue arguments will fail:

• x-queue-mode set to any value
• x-queue-version set to 1

Existing classic queues upgraded to CQv2 during an earlier upgrade to 4.2.x will continue operating as usual.

Consumer Timeouts are No Longer Evaluated for Classic Queues and Streams

This release moves consumer timeout handling responsibility into the queues themselves. Also, all protocols (except for the stream protocol) now evaluate consumer timeout for queue types that support them. Classic queues and streams never evaluate consumer timeouts as their use cases largely avoid the need for such as feature.

Release Highlights

Khepri is Now The Only Metadata Store

As of this release, Khepri is the only metadata store supported by RabbitMQ: Mnesia was removed completely.

In practical operational terms, this means that

• For a cluster to be available, a majority of nodes must be online at all times
• Failure and partition recovery in a RabbitMQ cluster is now significantly simpler and uniform: all components that have replicated state (Khepri, quorum queues, streams) recover per Raft recovery semantics

Quorum Queues Enhancements

This release upgrades the Ra dependency to 3.x and introduces a new (8th) version of the quorum queue state machine with several new features and optimisations:

• Strict priority queues with per-priority message counts, correct redelivery ordering, and priority-aware message expiration
• Delayed retry for quorum queues: configurable increasing backoff when messages are returned
• Consumer timeout for quorum queues: configurable timeout for unacknowledged messages, with protocol-specific handling for AMQP 1.0 and MQTT
• Recovery snapshots and snapshot throttling to reduce recovery time and improve snapshotting decisions
• Memory optimisations including compact message references, optimised tuple storage for delayed keys, and removal of rabbit_fifo_index usage

Upgrading to 4.3.0

Documentation Guides on Upgrades

See the Upgrading guide for documentation on upgrades and GitHub releases for release notes of individual releases.

This release series supports upgrades from 4.2.x. Upgrades from earlier series are not supported: users must upgrade to the latest available 4.2.x patch release before upgrading to 4.3.0.

New Required Feature Flags

All feature flags introduced in 4.2.0 and earlier are required, including the following:

• rabbitmq_4.2.0
• rabbitmq_4.1.0
• rabbitmq_4.0.0
• khepri_db
• quorum_queue_non_voters
• message_containers_deaths_v2

Enable all required feature flags before upgrading to 4.3.0.

If your RabbitMQ cluster had plugin rabbitmq_amqp1_0 enabled in RabbitMQ 3.13.x (and your cluster still serves AMQP 1.0 client connections in 4.x), your cluster should do at least one rolling update after enabling feature flag rabbitmq_4.0.0 but before upgrading to 4.3.0.

Deprecated Features

In 4.3.0 the deprecation phase of the following features advanced from permitted_by_default to denied_by_default:

• amqp_address_v1
• amqp_filter_set_bug
• global_qos
• queue_master_locator
• transient_nonexcl_queues

And the deprecated feature ram_node_type has been removed.

Mixed Version Cluster Compatibility

RabbitMQ 4.3.0 nodes can run alongside 4.2.x in the same cluster.

Mixed version clusters are a mechanism that allows rolling upgrades and are not meant to be run for extended periods of time (no more than a few hours).

Recommended Post-upgrade Procedures

This version does not require any additional post-upgrade procedures compared to other versions.

Changes Worth Mentioning

Core Server

Enhancements

When a message is rejected by a queue, RabbitMQ now provides the queue name and rejection reason to AMQP 1.0 publishers in the Rejected outcome. This is particularly useful when multiple queues are bound to an exchange, as it allows publishers to identify which specific queue out of several target queues rejected the message and why (e.g., maximum queue length reached or queue unavailable). Previously, publishers had no way to determine which queue rejected their message or the reason for rejection.

The queue name and reason are included in the info field of the Rejected outcome's error field:

queue: <queue name>
reason: maxlen | unavailable

GitHub issue: #15075

Quorum queues now support strict priority queues with per-priority message counts, correct redelivery ordering across priorities, and priority-aware message expiration scans.

GitHub issue: #13885

Quorum queues now support delayed retry with configurable backoff based on delivery count. When messages are returned (via reject, nack, or modify), they can be held in a delayed state before becoming available again. The delay is based on delivery count: min(min_delay * delivery_count, max_delay).

Configuration is available via queue arguments (x-delayed-retry-type, x-delayed-retry-min, x-delayed-retry-max) or policy keys (delayed-retry-type, delayed-retry-min, delayed-retry-max). The retry type can be set to disabled, all, failed, or returned.

GitHub issue: #13885

Quorum queues now support a configurable consumer timeout. When a consumer holds unacknowledged messages beyond the timeout, the messages are returned to the queue. For AMQP 1.0 clients, timed-out deliveries are released via DISPOSITION(state=released) instead of detaching the link, allowing the consumer to recover without re-attaching. MQTT consumers are also supported.

The timeout can be set via the x-consumer-timeout consumer argument, queue argument, consumer-timeout policy key, or the global consumer_timeout setting in rabbitmq.conf.

GitHub issue: #13885

A new consumer_disconnected_timeout setting controls how long quorum queues wait before returning messages when a consumer's node becomes unreachable due to a network partition. The default is 60 seconds.

Configurable via consumer_disconnected_timeout in rabbitmq.conf, the consumer-disconnected-timeout policy key, or the x-consumer-disconnected-timeout queue argument.

GitHub issue: #13885

Quorum queue recovery snapshots reduce recovery time after a member restart by avoiding the need to replay all enqueue commands from the log.

GitHub issue: #13885

Quorum queue snapshot throttling now uses WAL fill ratio and reclaimable byte tracking to make smarter snapshotting decisions, yielding roughly one snapshot per queue per WAL cycle instead of excessive snapshots in shallow, fast-flowing queues.

GitHub issue: #13885

Quorum queue memory optimisations: message references now use a compact packed integer representation ("compact" means up to 59-bit) when possible, halving per-message memory overhead in many scenarios. The rabbit_fifo_index module is no longer used by the main state machine.

GitHub issue: #13885

Quorum queues now allow unlimited explicit message returns. The delivery limit is based on delivery-count rather than acquired-count, so messages can be explicitly returned to the queue without counting towards the delivery limit.

GitHub issue: #13885

The x-modulus-hash exchange type, previously provided by the sharding plugin, was moved into the core and reworked to provide stable message routing (distribution) assuming a stable set of bindings, including between node restarts.

GitHub issue: #15849

When quorum queue members (replicas) are deleted from a node, either manually via rabbitmq-queues shrink or as part of rabbitmqctl forget_cluster_node, the members are stopped in parallel.

GitHub issue: #15081

Purging a quorum queue now also removes at-least-once dead-lettered messages that were pending delivery.

GitHub issue: #13885

AMQP 0-9-1: when a connection's credentials are refreshed, the permissions cache is now cleared and consumer permissions are re-validated immediately

GitHub issue: #16092

Quorum queue delivery limit can now be changed via policy without queue redeclaration

GitHub issue: #16035

Khepri topic exchange routing projection (v4): replaced the internal representation with a trie backed by an ordered_set ETS table, significantly improving routing performance for topic exchanges with many bindings

GitHub commit: 8929bc5ab4

Quorum queues notify AMQP 1.0 clients of Single Active Consumer state changes

GitHub commit: 817a4d4351

More rabbitmq.conf keys now accept tagged values (e.g., encrypted:...)

GitHub issue: #15808

Startup banner no longer includes the Erlang cookie hash

GitHub issue: #16087

Optimised AMQP 1.0 message container annotation handling during modify outcomes

GitHub issue: #15743

Bulk queue delete with Khepri has been optimized

GitHub issue: #14902

Optimised quorum queue message expiry scanning

GitHub issue: #15846

AMQP 0-9-1: configure permission checks now apply to passive queue and exchange declarations, matching the behavior of their regular counterparts

GitHub issue: #16085

Khepri snapshot interval is now configurable in rabbitmq.conf

GitHub issue: #16011

Quorum queue Raft settings: additional configuration settings are now exposed in rabbitmq.conf, including maximum segment size

GitHub issue: #15962

Bug Fixes

If a quorum queue with a large backlog terminated abnormally, node memory footprint could spike.

GitHub issue: #15837

rabbitmqctl forget_cluster_node now removes all quorum queue and stream members (replicas) before proceeding to leave the metadata store cluster. This order minimizes the risk of some replicas being left behind on the leaving node.

GitHub issue: #15729

Quorum queue at-most-once dead lettering for the overflow behaviour drop-head now happens in the correct order.

GitHub issue: #14926

Feature flag state in the registry and on disk were not consistent for a period of time during node boot.

GitHub issue: #14943

Classic queues now implement AMQP 1.0 delivery-count and first-acquirer headers properly.

GitHub issue: #15020

Quorum queues returned an incorrect consumer count in the response to a passive queue.declare operation

GitHub issue: #16185

Classic queue shared store could leave stale index entries after segment removal or rollover, causing unnecessary disk space usage

GitHub issue: #16142

Bindings targeting Direct Reply-to pseudo-queues are now rejected instead of being silently accepted without any functional effect

GitHub issue: #15935

AMQP 1.0 sessions could grant too many credits in certain failure and recovery scenarios

GitHub commit: 1898ac1f3f

Quorum queues: acquired-count is now correctly preserved when dead-lettering

GitHub commit: 8a9cd3ee24

AMQP 1.0: attaching with a link handle already in use on the same session is now rejected with a handle-in-use session error, as required by the specification

GitHub commit: 4b59c19641

Quorum queues: Single Active Consumer could incorrectly report multiple active consumers in certain timing scenarios

GitHub issue: #15733

Quorum queues: consumer timeout could fail to trigger under certain conditions

GitHub issue: #15805

The channel limit exceeded error message now correctly identifies the per-user limit as the source of the constraint

GitHub issue: #15750

Stream Plugin

Bug Fixes

stream.read_ahead is a new setting that controls how much data is prefetched from disk for stream reads (consumption).

GitHub issue: #14948

Stream deletion is now more resilient and can handle certain mid-deletion failure scenarios.

GitHub issue: #14852

new_stream coordinator command is now idempotent. Previously, concurrent or retried stream declarations could produce spurious errors even though the stream was created successfully

GitHub issue: #15706

Prometheus Plugin

Enhancements

/metrics/detailed endpoint now supports filtering queue metrics by queue name

GitHub issue: #15689

Grafana Dashboards

Enhancements

The dashboards were updated for the most recent RabbitMQ release series.

Replaced explicit rate intervals with $__rate_interval for better compatibility across different scrape intervals

GitHub issue: #15978

Management Plugin

Enhancements

GET /api/queues/{vhost} requests no longer perform unnecessary virtual host permission checks and log less (at debug level) as a result.

GitHub issue: #14923

Quorum queue delayed retry configuration and status, per-priority message counts, and consumer timeout state are now displayed in the management UI.

GitHub issue: #13885

GET /users/{user}/queues has been added.

GitHub issue: #15074

HTTP API displays static connection info (peer address, TLS details, auth mechanism) even when stats collection is disabled via rabbitmq.conf

GitHub issue: #16009

Bug Fixes

effective_policy_definition in HTTP API responses now returns an empty JSON object (not an array or empty string) when no policy applies to a queue

GitHub issue: #16017

Management UI: OAuth 2 used side by side with Basic Auth could fail to reload provider configuration correctly

GitHub issue: #15793

Management UI: preference cookie expiry now respects the configured session timeout setting rather than using a hardcoded value

GitHub issue: #15814

Management UI: users were presented with a 401 error after changing their own password via the UI. The session is now refreshed automatically

GitHub issue: #15730

The deprecated, unused GET /api/auth endpoint was removed. It has been out of use since 3.11 but never removed.

GitHub issue: #16083

POST /api/users/bulk-delete now respects the protected_users configuration, matching the behavior of the single-user DELETE /api/users/:name endpoint

GitHub issue: #16143

MQTT Plugin

Enhancements

For MQTT 5.0 publishers, when a message is rejected because the target queue's maximum length is exceeded, RabbitMQ now returns a Quota exceeded reason code in the PUBACK packet. This provides publishers with actionable information about why their message was rejected.

GitHub issue: #15075

MQTT QoS 0 queue type now reports member information in management API responses

GitHub issue: #15656

Web MQTT Plugin

Enhancements

A default max_frame_size is now set on WebSocket connections, bounding decompressed frame sizes. The limit starts at mqtt.max_packet_size_unauthenticated and is raised after successful CONNECT

GitHub issue: #16180

A login_timeout is now enforced for WebSocket connections, matching the TCP listener behavior

GitHub issue: #16120

WebSocket Origin header will be validated web_mqtt.allow_origins

GitHub issue: #16158

STOMP Plugin

Enhancements

For certain destinations that previously used non-durable (transient) queues, STOMP subscriptions now use exclusive queues, as non-exclusive transient queues are a deprecated property combination disabled by default as of this release

GitHub issue: #13016

Web STOMP Plugin

Enhancements

WebSocket Origin header validation is now available via web_stomp.allow_origins

GitHub issue: #16158

Federation Plugin

Enhancements

Federation links and their connections are now stopped in parallel. This significantly improves shutdown time for nodes with many (into thousands) federation links.

GitHub issue: #15271

Federation links no longer restart during plugin or node shutdown. For nodes with hundreds or thousands of federation links, link recovery could significantly delay node shutdown.

GitHub issue: #15258

Federation Management Plugin

Bug Fixes

Federation link restart operations now require the policymaker tag

GitHub issue: #16051

Shovel Plugin

Enhancements

An optional src-consumer-name property can be specified to define the consumer tag (amqp091 and local src-protocol) or link identifier (amqp10 protocol)

Bug Fixes

Improved target node resource alarm handling for AMQP 1.0 and local shovels.

GitHub issue: #14886

Local shovels could run into an exception that would cause a shovel restart.

GitHub issue: #14872

AMQP 1.0 shovels ignored the sasl URI parameter.

GitHub issue: #14867

Shovel Management Plugin

Bug Fixes

Shovel management: DELETE operations now require the policymaker tag, matching the federation plugin counterpart

GitHub issue: #16051

OAuth 2 Plugin

Bug Fixes

A usability improvement allows the plugin to automatically load the trusted system x.509 (TLS) certificates.

GitHub issue: #14927

The auth cache backend now correctly delegates token expiry timestamps to the wrapped backend, ensuring connections are closed when tokens expire

GitHub issue: #16100

LDAP Plugin

Enhancements

LDAP queries, including multi-line ones, can now be specified in rabbitmq.conf.

GitHub issue: #14868

Bug Fixes

A usability improvement allows the plugin to automatically load the trusted system certificates when the user only enables TLS for the LDAP client but does not configure any other settings.

GitHub issue: #14937

DN values are now handled per RFC 4514

GitHub issue: #16101

HTTP Auth Backend Plugin

Enhancements

The HTTP Auth Backend can now optionally provide a custom authorization denial reason to AMQP clients. To opt in, return deny <Reason> (instead of only deny) in the HTTP response body of your HTTP auth backend and set the following in your rabbitmq.conf file:

auth_http.authorization_failure_disclosure = true

See the README for more information.

GitHub issue: #14641

Sharding Plugin

Enhancements

The x-modulus-hash exchange type, previously provided by the sharding plugin, was moved into the core and reworked to provide stable message routing (distribution) assuming a stable set of bindings, including between node restarts.

GitHub issue: #15849

Trust Store Plugin

Enhancements

Refactored certificate identification to avoid (unlikely) conflicts

GitHub issue: #16116

The plugin now provides CLI commands for trust store certificate management have been introduced

GitHub issue: #15746

Rejected certificates are now logged with additional diagnostic details

GitHub issue: #15889

Tracing Plugin

Bug Fixes

Trace file downloads now set the charset to UTF-8 when serving trace files.

GitHub issue: #13952

Dependency Changes

• ra was upgraded to 3.1.5
• khepri was upgraded to 0.18.0
• osiris was upgraded to 1.3.1
• gen_batch_server was upgraded to 0.9.2
• cuttlefish was upgraded to 3.6.0

Source Code Archives

To obtain source code of the entire distribution, please download the archive named rabbitmq-server-4.3.0.tar.xz instead of the source tarball produced by GitHub.

Original source

RabbitMQ 4.3.0-rc.0 is a preview of a new feature release.

Breaking Changes and Compatibility Notes

Mnesia and Parition Handling Strategies are Removed

Since only 4.2.x clusters can upgrade to 4.3.0 in place, this
won't be a breaking change for nearly all instalations but it will affect community
plugins that use Mnesia.

All partition handling-related keys in rabbitmq.conf will be
accepted by 4.3.0 nodes but won't have any effect:

cluster_partition_handling
cluster_partition_handling.pause_if_all_down.recover
cluster_partition_handling.pause_if_all_down.nodes.$name

Still, Team RabbitMQ recommends removing the above keys from rabbitmq.conf before or shortly
after upgrading.

Classic Queues v1 Storage (CQv1) is Removed

This release removes the original classic queue storage implementation these days
known as CQv1. A 2nd generation implementation called CQv2 has been adopted
as the default starting with 4.2.0.

This means that attempts to declare a queue using the following optional queue arguments will fail:

x-queue-mode set to any value
x-queue-version set to 1

Existing classic queues upgraded to CQv2 during an earlier upgrade to 4.2.x will continue
operating as usual.

Consumer Timeouts are No Longer Evaluated for Classic Queues and Streams

This release moves consumer timeout handling responsibility into the queues
themselves. Also, all protocols (except the stream protocol) now evaluate
consumer timeout for queue types that support them. Classic queues and streams
never evaluate consumer timeouts as their use cases cause less demand for it.

Release Highlights

Khepri is Now The Only Metadata Store

As of this release, Khepri is the only metadata store supported
by RabbitMQ: Mnesia was removed completely.

In practical operational terms, this means that
For a cluster to be available, a majority of nodes must be online at all times
Failure and partition recovery in a RabbitMQ cluster is now significantly
simpler and uniform: all components that have replicated state (Khepri, quorum queues, streams)
recover per Raft recovery semantics

Quorum Queues Enhancements

This release upgrades the Ra dependency to 3.x and introduces
a new (8th) version of the quorum queue state machine with several new features and optimisations:

Strict priority queues with per-priority message counts, correct
redelivery ordering, and priority-aware message expiration

Delayed retry for quorum queues: configurable increasing backoff when
messages are returned

Consumer timeout for quorum queues: configurable timeout for
unacknowledged messages, with protocol-specific handling for AMQP 1.0 and
MQTT

Recovery snapshots and snapshot throttling to reduce recovery time
and improve snapshotting decisions

Memory optimisations including compact message references, optimised
tuple storage for delayed keys, and removal of rabbit_fifo_index usage

Upgrading to 4.3.0

Documentation guides on upgrades

See the Upgrading guide for documentation on upgrades and GitHub releases
for release notes of individual releases.

This release series supports upgrades from 4.2.x. Upgrades from earlier series are not supported:
users must upgrade to the latest available 4.2.x patch release before upgrading to 4.3.0.

New Required Feature Flags

All feature flags introduced in 4.2.0 and earlier are required, including the following:

rabbitmq_4.2.0
rabbitmq_4.1.0
rabbitmq_4.0.0
khepri_db
quorum_queue_non_voters
message_containers_deaths_v2

Enable all required feature flags before upgrading to 4.3.0.

If your RabbitMQ cluster had plugin rabbitmq_amqp1_0 enabled in RabbitMQ 3.13.x (and your cluster still serves AMQP 1.0 client connections in 4.x), your cluster should do at least one rolling update after enabling feature flag rabbitmq_4.0.0 but before upgrading to 4.3.0.

Deprecated Features

In 4.3.0 the deprecation phase of the following features advanced from permitted_by_default to denied_by_default:

amqp_address_v1
amqp_filter_set_bug
global_qos
queue_master_locator
transient_nonexcl_queues

And the deprecated feature ram_node_type has been removed.

Mixed version cluster compatibility

RabbitMQ 4.3.0 nodes can run alongside 4.2.x in the same cluster.

Mixed version clusters are a mechanism that allows rolling upgrades and are not meant to be run for extended
periods of time (no more than a few hours).

Recommended Post-upgrade Procedures

This version does not require any additional post-upgrade procedures
compared to other versions.

Changes Worth Mentioning

Core Server

Enhancements

When a message is rejected by a queue, RabbitMQ now provides the queue name and rejection reason to AMQP 1.0 publishers
in the Rejected outcome. This is particularly useful when multiple queues are bound to an exchange, as it allows
publishers to identify which specific queue out of several target queues rejected the message and why
(e.g., maximum queue length reached or queue unavailable). Previously, publishers had no way to determine which queue
rejected their message or the reason for rejection.

The queue name and reason are included in the info field of the Rejected outcome's error field:

queue: <queue name>
reason: maxlen | unavailable

GitHub issue: #15075

Quorum queues now support strict priority queues with per-priority message counts,
correct redelivery ordering across priorities, and priority-aware message expiration scans.

GitHub issue: #13885

Quorum queues now support delayed retry with configurable backoff based on delivery count. When messages
are returned (via reject, nack, or modify), they can be held in a delayed state before becoming
available again. The delay is based on delivery count: min(min_delay * delivery_count, max_delay).
Configuration is available via queue arguments (x-delayed-retry-type, x-delayed-retry-min,
x-delayed-retry-max) or policy keys (delayed-retry-type, delayed-retry-min,
delayed-retry-max). The retry type can be set to disabled, all, failed, or returned.

GitHub issue: #13885

Quorum queues now support a configurable consumer timeout. When a consumer holds unacknowledged
messages beyond the timeout, the messages are returned to the queue. For AMQP 1.0 clients,
timed-out deliveries are released via DISPOSITION(state=released) instead of detaching the link,
allowing the consumer to recover without re-attaching. MQTT consumers are also supported.
The timeout can be set via the x-consumer-timeout consumer argument, queue argument, consumer-timeout
policy key, or the global consumer_timeout setting in rabbitmq.conf.

GitHub issue: #13885

A new consumer_disconnected_timeout setting controls how long quorum queues wait before returning
messages when a consumer's node becomes unreachable due to a network partition. The default is 60 seconds.
Configurable via consumer_disconnected_timeout in rabbitmq.conf, the consumer-disconnected-timeout
policy key, or the x-consumer-disconnected-timeout queue argument.

GitHub issue: #13885

Quorum queue recovery snapshots reduce recovery time after a member restart by avoiding
the need to replay all enqueue commands from the log.

GitHub issue: #13885

Quorum queue snapshot throttling now uses WAL fill ratio and reclaimable byte tracking
to make smarter snapshotting decisions, yielding roughly one snapshot per queue per WAL cycle
instead of excessive snapshots in shallow, fast-flowing queues.

GitHub issue: #13885

Quorum queue memory optimisations: message references now use a compact packed integer
representation ("compact" means up to 59-bit) when possible, halving per-message
memory overhead in many scenarios. The rabbit_fifo_index module is no longer used by the
main state machine.

GitHub issue: #13885

Quorum queues now allow unlimited explicit message returns. The delivery limit is based on
delivery-count rather than acquired-count, so messages can be explicitly returned to the
queue without counting towards the delivery limit.

GitHub issue: #13885

When quorum queue members (replicas) are deleted from a node, either manually
via rabbitmq-queues shrink or as part of rabbitmqctl forget_cluster_node,
the members are stopped in parallel.

GitHub issue: #15081

Purging a quorum queue now also removes at-least-once dead-lettered messages that were pending delivery.

GitHub issue: #13885

Bug Fixes

If a quorum queue with a large backlog terminated abnormally, node memory
footprint could spike.

GitHub issue: #15837

rabbitmqctl forget_cluster_node now removes all quorum queue and stream members (replicas)
before proceeding to leave the metadata store cluster.
This order minimizes the risk of some replicas being left behind on the leaving node.

GitHub issue: #15729

Quorum queue at-most-once dead lettering for the overflow behaviour drop-head now happens in the correct order.

GitHub issue: #14926

Feature flag state in the registry and on disk were not consistent for a period of time during node boot.

GitHub issue: #14943

Classic queues now implement AMQP 1.0 delivery-count and first-acquirer headers properly.

GitHub issue: #15020

Stream Plugin

Bug Fixes

stream.read_ahead is a new setting that controls how much data is prefetched from disk
for stream reads (consumption).

GitHub issue: #14948/

Stream deletion is now more resilient and can handle certain mid-deletion failure scenarios.

GitHub issue: #14852

Grafana Dashboards

Enhancements

The dashboards were updated for the most recent RabbitMQ release series.

Management Plugin

Enhancements

GET /api/queues/{vhost} requests no longer perform unnecessary virtual host permission checks
and log less (at debug level) as a result.

GitHub issue: #14923

Quorum queue delayed retry configuration and status, per-priority message counts, and consumer
timeout state are now displayed in the management UI.

GitHub issue: #13885

GET /users/{user}/queues has been added.

GitHub issue: #15074

MQTT Plugin

Enhancements

For MQTT 5.0 publishers, when a message is rejected because the target queue's maximum length is exceeded,
RabbitMQ now returns a Quota exceeded reason code in the PUBACK packet. This provides publishers with
actionable information about why their message was rejected.

GitHub issue: #15075

Federation Plugin

Enhancements

Federation links and their connections are now stopped in parallel.
This significantly improves shutdown time for nodes with many (into thousands) federation links.

GitHub issue: #15271

Federation links no longer restart during plugin or node shutdown.
For nodes with hundreds or thousands of federation links, link recovery could
significantly delay node shutdown.

GitHub issue: #15258

Shovel Plugin

Enhancements

An optional src-consumer-name property can be specified to define the consumer tag
(amqp091 and local src-protocol) or link identifier (amqp10 protocol)

Bug Fixes

Improved target node resource alarm handling for AMQP 1.0 and local shovels.

GitHub issue: #14886

Local shovels could run into an exception that would cause a shovel restart.

GitHub issue: #14872

AMQP 1.0 shovels ignored the sasl URI parameter.

GitHub issue: #14867

OAuth 2 Plugin

Bug Fixes

A usability improvement allows the plugin to automatically load the trusted system x.509 (TLS) certificates.

GitHub issue: #14927

LDAP Plugin

Enhancements

LDAP queries, including multi-line ones, can now be specified in rabbitmq.conf.

GitHub issue: #14868

Bug Fixes

A usability improvement allows the plugin to automatically load the trusted system certificates
when the user only enables TLS for the LDAP client but does not configure any other settings.

GitHub issue: #14937

HTTP Auth Backend Plugin

Enhancements

The HTTP Auth Backend can now optionally provide a custom authorization denial reason to AMQP clients.
To opt in, return deny <Reason> (instead of only deny) in the HTTP response body of your HTTP auth backend and set the following in your rabbitmq.conf file:

auth_http.authorization_failure_disclosure = true

See the README for more information.

GitHub issue: #14641

Tracing Plugin

Bug Fixes

Trace file downloads now set the charset to UTF-8 when serving trace files.

GitHub issue: #13952

Dependency Changes

ra was upgraded from 2.17.2 to 3.1.2
osiris was upgraded to 1.3.0
cuttlefish was upgraded to 3.6.0
gen_batch_server was upgraded to 0.9.2

Source Code Archives

To obtain source code of the entire distribution, please download the archive named rabbitmq-server-4.3.0.tar.xz
instead of the source tarball produced by GitHub.

Original source

RabbitMQ 4.2.5 is a maintenance release in the 4.2.x release series.

It is strongly recommended that you read 4.2.0 release notes in detail if upgrading from a version prior to 4.2.0.

Minimum Supported Erlang Version

RabbitMQ and Erlang/OTP Compatibility Matrix has more details on Erlang version requirements for RabbitMQ.

Nodes will fail to start on older Erlang releases.

Changes Worth Mentioning

Release notes can be found on GitHub at rabbitmq-server/release-notes.

Core Server

Bug Fixes

Classic queues could terminate and restart during recovery in certain rare conditions.

GitHub issue: #15595

Quorum queues could incorrectly reject messages during deletion.

GitHub issue: #15554

Peer discovery could run into a crash when rabbit_nodes:list_members/0 returned an empty list due to an error or a timeout.

GitHub issue: #15568

Definition import now strips a leading UTF-8 BOM if the input file has one.

GitHub issues: #13748, #15550

Exceptions thrown by decorator callbacks (such as those used by federation) during policy change notifications were silently suppressed. They are now logged.

GitHub issue: #15525

Enhancements

Improved Mnesia-to-Khepri migration throughput.

GitHub issue: #15480

Additional aten settings are now exposed in rabbitmq.conf.

Previously only the poll interval was configurable.

GitHub issue: #15564

Stream Plugin

Bug Fixes

parse_command/1 crashed with a function_clause error when receiving a zero-size frame, such as those sent by load balancer probes or port scanners.

GitHub issue: #15703

rabbit_stream_manager could crash with a case_clause error when a stream declaration failed due to a metadata store timeout.

GitHub issue: #15699

Enhancements

Less log noise from load balancer and port scanner probes (that do not perform an AMQP 1.0 or AMQP 0-9-1 handshake)

GitHub issue: #15715

Management Plugin

Bug Fixes

Request bodies above the configured maximum limit are now rejected earlier.

GitHub issue: #15712

Validation improvements for several API endpoints.

They now ignore node names that do not refer to existing cluster members, reject unknown fields, etc.

GitHub issues: #15622, #15623, #15625, #15627

Queue API responses now include policy-related fields (policy, operator_policy, effective_policy_definition) and delivery_limit when management stats collection is disabled via rabbitmq.conf.

GitHub issues: #15182, #15651

CLI Tools

Bug Fixes

rabbitmq-diagnostics status and rabbitmqctl status crashed when targeting a node in maintenance mode because vm_memory_high_watermark was nil (the vm_memory_monitor process does not run in that state).

GitHub issues: #15678, #15680

Enhancements

rabbitmq-plugins now produces a clearer error message when run by a non-root user.

GitHub issue: #15701

Federation Management Plugin

Bug Fixes

The x-internal-purpose and consumer_timeout argument values are now correctly escaped.

GitHub issues: #15606, #15708

Prometheus Plugin

Bug Fixes

Per-object metrics endpoint (/metrics/per-object) no longer emits duplicate HELP and TYPE metadata lines for Raft metrics when both quorum queues and Khepri are in use, which caused scraper parser errors.

GitHub issues: #15600, #15610

Grafana Dashboards

Enhancements

The Overview dashboard's "TCP sockets available" panel was replaced with a "File descriptors available" panel that uses two modern metrics, rabbitmq_process_max_fds and rabbitmq_process_open_fds.

GitHub issues: #12673, #15618

Shovel Plugin

Bug Fixes

An attempt to declare a dynamic shovel with multiple src-queue-args or dest-queue-args values configured could run into an exception during validation.

GitHub issues: #8323, #8356

Web STOMP Plugin

Bug Fixes

A terminated heartbeat monitor process could cause a crash during connection shutdown.

GitHub issue: #15607

Dependency Changes

None in this release.

Original source

RabbitMQ 4.2.4 is a maintenance release in the 4.2.x release series.

It is strongly recommended that you read 4.2.0 release notes in detail if upgrading from a version prior to 4.2.0.

Minimum Supported Erlang Version

RabbitMQ and Erlang/OTP Compatibility Matrix has more details on Erlang version requirements for RabbitMQ.

Nodes will fail to start on older Erlang releases.

Changes Worth Mentioning

Release notes can be found on GitHub at rabbitmq-server/release-notes.

Core Server

Bug Fixes

Classic queue message store could run into an exception when a file was concurrently deleted by a compaction operation.

GitHub issue: #15411

rabbit_quorum_queue:stat/2 could fail when the quorum queue leader was undefined.

GitHub issues: #15400, #15423

The amq.rabbitmq.log exchange is now declared unconditionally at node boot, avoiding a potential deadlock between feature flag enablement and logging to the exchange sink.

GitHub issue: #15320

MQTT Plugin

Bug Fixes

Variable interpolation in topic permissions now escapes the special regular expression characters before interpolation.

GitHub issue: #15442

Stream Plugin

Bug Fixes

Single Active Consumer coordinator could deadlock when a consumer being deactivated would lose its connection, leaving the consumer group without an active consumer.

GitHub issue: #15353

Management Plugin

Bug Fixes

The Policies page in the management UI incorrectly displayed quorum queue arguments twice on the declaration form in place of stream queue arguments.

GitHub issue: #15335

The clustering listener now correctly reports its TLS enablement status.

GitHub issue: #15399

Enhancements

GET /api/overview and GET /api/nodes now report crypto library (such as OpenSSL) version.

GitHub issue: #15468

RabbitMQ and Erlang/OTP versions are now included in GET /api/nodes responses.

GitHub issue: #15454

Login page usability improvements: autofocus on the username field and autocomplete attributes for browser password manager integration.

GitHub issue: #15398

CLI Tools

Enhancements

rabbitmq-upgrade has_reached_target_cluster_size is a new command that checks whether the cluster has reached its target size, as provided in rabbitmq.conf.

This is useful for automating rolling upgrades, particularly on Kubernetes.

GitHub issue: #15404

Shovel Plugin

Bug Fixes

Stopping and deleting a shovel could fail with a badmatch exception when the underlying worker process no longer existed.

GitHub issue: #15408

Trust Store Plugin

Enhancements

HTTPS endpoint requests now have a configurable timeout (20 seconds by default), preventing the plugin from hanging indefinitely when a provider fails to respond.

GitHub issues: #15308, #15310

AWS Peer Discovery Plugin

Bug Fixes

Nodes on EC2 instances in non-running states (stopping, stopped, shutting-down, terminated) are now filtered out from peer discovery results.

GitHub issue: #15388

Enhancements

Multiple hostname resolution paths can now be configured. This is an upgrade pathway for scenarios where resolution hostnames have to change.

GitHub issue: #14705

Tracing Plugin

Bug Fixes

The plugin now uses UTF-8 encoding for traced messages.

GitHub issue: #15439

Dependency Changes

ra was upgraded to 2.17.2

Original source

RabbitMQ 4.2.3

RabbitMQ 4.2.3 is a maintenance release in the 4.2.x release series.
It is strongly recommended that you read 4.2.0 release notes
in detail if upgrading from a version prior to 4.2.0.

Minimum Supported Erlang Version

RabbitMQ and Erlang/OTP Compatibility Matrix has more details on Erlang version requirements for RabbitMQ.
Nodes will fail to start on older Erlang releases.

Changes Worth Mentioning

Release notes can be found on GitHub at rabbitmq-server/release-notes.

Core Server

Bug Fixes

Default queue type handling is now more defensive, avoiding an issue where
attempts to declare a queue in a virtual host without any DQT set would result
in a PRECONDITION_FAILED exception instead of falling back to the classic queue type
for DQT.

GitHub issues: #11541, #12109, #12821, #13837

Classic queue recovery on Windows could fail due to an OS-specific file locking behavior.
Such failures are now retried in two more contexts.

GitHub issue: #15136

Certain exchange update operations in Khepri could cause severe contention.

GitHub issue: #15236

Topic exchange binding deletions could leave orphaned trie edges in the Khepri projection,
potentially causing a slowly creeping memory leak.

GitHub issue: #15025

When a client that owns an exclusive queue disconnects and immediately reconnects and redeclares the same queue
(under the same name), RabbitMQ node could delete the new queue depending on the timing of events.
Previously the only workaround was to use exclusive server-named queues for clients that exhibited
this behavior. Now RabbitMQ nodes take internal owner identity into account and will remove
the original queue but not the new one.

GitHub issue: #15276

"Other ETS" and "Other system" memory metrics could end up being reported as negative values
due to concurrent ETS table updates, deletion and creation on the node.

GitHub issue: #15289

mirrored_supervisor:child/2 could fail with a badmatch exception
when a significant enough number of shovels (or federation links) was removed.

GitHub issue: #15229

Quorum queue could run into a logging exception during node drain.

GitHub issue: #15212

Enhancements

Topic binding deletion in Khepri is now significantly more efficient.
Deleting 100k topic bindings could previously take up to 30 minutes and now takes
some 3-4 seconds.

GitHub issue: #15214

It is now possible to rabbitmq-queues shrink only a subset of quorum queues on
a node using a pattern (a regex).

GitHub issue: #15021

CRL (Certificate Revocation List) cache can now be configured via rabbitmq.conf.

GitHub issues: #2338, #15160

Federation Plugins

Bug Fixes

Restored exchange federation compatibility in mixed 4.2.x/4.1.x multi-node clusters.

GitHub issue: #15252

Enhancements

Federation links and their connections are now stopped in parallel.
This significantly improves shutdown time for nodes with many (into thousands) federation links.

GitHub issue: #15271

Federation links no longer restart during plugin or node shutdown.
For nodes with hundreds or thousands of federation links, link recovery could
significantly delay node shutdown.

GitHub issue: #15258

Federation links use AMQP 0-9-1 connections to remote nodes (clusters).
Previously the timeout used when those connections are closed was fixed to 10 seconds.
Now it is configurable via rabbitmq.conf in milliseconds:

# 3 seconds for exchange federation
federation.exchanges.connection_close_timeout = 3000
# 3 seconds for queue federation
federation.queues.connection_close_timeout = 3000

The maximum supported value is 5 seconds (5000 ms).

GitHub issue: #15268

CLI Tools

Enhancements

rabbitmq-streams grow and rabbitmq-streams shrink are new commands that mirror existing
rabbitmq-queues grow and rabbitmq-queues shrink functionality for streams.

GitHub issue: #15189

MQTT Plugin

Enhancements

A new configuration option, mqtt.disconnect_on_unauthorized, controls whether
MQTT connections are closed upon authorization failures (for example, an attempt to
consume from a topic the client has no permission for).
When set to false, the connection remains open and an appropriate protocol-level
response is sent to the client instead.
The default value is true, same as RabbitMQ MQTT implementation's historic behavior.

GitHub issue: #15201

Management Plugin

Bug Fixes

OAuth 2: preferred_auth_mechanism and strict_auth_mechanism are no longer validated
when not used (configured).

GitHub issue: #15148

etcd Peer Discovery Plugin

Bug Fixes

When credentials were provided, the password was double-encrypted, resulting in
etcd authentication failures.

GitHub issue: #15191

HTTP Auth Backend Plugin

Bug Fixes

The customize_hostname_check TLS option was unintentionally ignored.

GitHub issue: #15184

Dependency Changes

khepri was upgraded to 0.17.4
khepri_mnesia_migration was upgraded to 0.8.1
osiris was upgraded to 1.10.3

Original source