nats-server

Changelog

Go Version

• 1.16.5: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Ability to get a stream last message by subject (#2313)
  • Ability to match based on last expected sequence per subject (#2322)

Improved

• JetStream:
  • Large number of R1 consumers per stream (#2324, #2326)

Fixed

• JetStream:
  • Max consumers was not enforced when set on a stream (#2316)
  • Clustered streams can become broken with sequence mismatch state on low level store failures (#2317)
  • Do not log at [ERR] level some "normal" store failures (such as max messages, bytes, etc..) (#2321)
• Race when generated random service reply subject (#2325)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.3.0...v2.3.1

Changelog

Go Version

• 1.16.5: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Richer API errors. JetStream errors now contain an ErrCode that uniquely describes the error. Thanks to @jon-whit and others for the suggestion (#2168, #2255, #2266)
  • Ability to send more advanced Stream purge requests (#2296, #2297, #2303, #2306)
  • Stream can now be configured with a per-subject message limit (#2284)
  • Encryption at rest (#2302)
• Monitoring:
  • JetStream information into statsz (#2269, #2276)
• OCSP support (#2240, #2263, #2277)

Changed

• CPU and memory usage report on macOS (removed dependency on ps) (#2260)
• Throttle the number of maximum subscriptions exceeded log statements per account, to 1 every 2 seconds (#2304)

Improved

• JetStream:
  • Setting initial pending and selecting starting sequence number of streams with multiple subjects (#2284)
  • Filestore memory usage (#2306)

Fixed

• Gateways:
  • Handling of subject rewrites for subjects to a globally routed subject (#2275)
  • Message headers were lost (passed in the message payload) from a response across a Gateway and through a route (#2278)
• JetStream:
  • Better support for multiple domains where the hub is JetStream enabled but the hub account is not, and the Leafnode is (#2261)
  • Orphaned consumers on sourced or mirrored streams keep trying to create new ones (#2279)
  • CPU spikes in some catch-up situations (#2280)
  • Dynamic account limits would be applied based on single server limits (#2281)
  • Error description missing in some requests (#2293, #2294, #2295)
• LeafNode:
  • Hanging connection when account can't be found (#2267, #2288)
  • Configuration reload could fail even if there were no changes to the Leafnode configuration (#2274)
  • Service export interest was not propagated correctly (#2288)
• MQTT:
  • Panic when subjects cross accounts with import/export. Thanks to @mullerch for the report (#2268)
• Websocket:
  • Compression/Decompression issues with continuation frames. Thanks to @luan007 for the report (#2300)
• Clients disconnected on configuration reload when only $SYS account is configured (#2301)
• Failed route TLS handshake would leave the failed connection's lock in a locked state (#2305)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.2.6...v2.3.0

Changelog

Go Version

• 1.16.4: Both release executables and Docker images are built with this Go release.

Changed

• pinned_certs is now also checked by servers initiating connections, not only when accepting them. Furthermore, connections whose certificate is no longer present in the pinned_cert list after a configuration reload, will be closed (#2247)

Fixed

• JetStream:
  • Possible message corruption with inbound messages that would have an existing header (#2241)
  • In cluster mode and with replicas greater than 1, after a valid "duplicate" error was returned (when using the Nats-Msg-Id header), the server would fail subsequent publish calls of non duplicate messages. It would take several attempts before the message would be accepted without error. Thanks to @krisdaniels for the report (#2245)
  • Messages would not be removed from the stream with WorkQueuePolicy and replicas greater than 1. Thanks to @danpoland for the report (#2246)
  • When using domains, cross domain transfers would stop working after updating the account JWT (#2248)
  • The monitoring endpoint /varz was showing total account usage instead of server usage. Thanks to @cjbottaro for the report (#2249)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.2.5...v2.2.6

Changelog

Go Version

• 1.16.4: Both release executables and Docker images are built with this Go release.

Added

• pinned_certs configuration in TLS blocks, which contains "fingerprint" of accepted certificates. If a connection presents a certificate with a fingerprint that is not in this list, the connection will be rejected (#2233)

Fixed

• JetStream:
  • Bad redelivered values on consumer state should not cause a panic (#2223)
  • Restoring snapshots would require access to /tmp directory, which is not available in docker images (#2227)
  • Ensure that removal of a peer is replicated (#2231)
  • Reject an invalid API prefix for source or mirror is used (#2237)
• MQTT:
  • Reduce replicas value when creating session streams if some servers in the cluster are not running (#2226)
• Monitoring:
  • Always initialize httpReqStats, which allows users embedding NATS Server to use the NATS server http handlers in their own http server, without producing a panic. Thanks to @BlizzTom for the contribution (#2224)
• Under double import scenarios, the server could possibly map to the wrong subject (#2225)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.2.4...v2.2.5

Changelog

Go Version

• 1.16.4: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • The information about an upstream stream source will now have an optional External stream information, which will allow to know the API Prefix (#2218)

Changed

• GetOpts() from ClientAuthentication interface will now returned *ClientOpts (instead of *clientOpts which was internal) (#2189)

Fixed

• JetStream:
  • Server was not checking for invalid de-duplication window specified in a stream mirror (#2204)
  • A store directory on disk without jetstream could appear to lose assets on restart (#2206, #2216)
  • Source stream does not import from another stream if that stream name is not unique within the importing stream sources (#2209)
  • Stream create (and others) responses do not return when the Leafnode is a cluster (#2212)
  • Single instance shows direct consumers when it shouldn't (#2214)
• Websocket:
  • Specifying same_origin or allowed_origins would prevent non web clients (that may not have the Origin header present) to connect, for instance Leafnodes. Thanks to @wutkemtt for the report (#2211)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.2.3...v2.2.4

Changelog

Go Version

• 1.16.4: Both release executables and Docker images are built with this Go release.

Security

• TLS default (secure) ciphers were not selected when configuring TLS from the command line as opposed to from the configuration file. Thanks to @DavidSimner for the report. See CVE-2021-32026 (#2167)

Added

• JetStream:
  • Support for multiple JetStream domains across Leafnodes. A new field called domain (a string) can be specified in the jetstream{} block (#2171, #2186, #2190, #2194)
• LeafNode:
  • dont_randomize configuration under a remote leaf configuration to restore original behavior that was no randomizing the list of URLs (#2156)
• Monitoring:
  • LeafNodes deny exports and imports in /varz (#2159)

Changed

• Server is now trying to send data from the producer's network loop only when both producers and consumers are user connections. Thanks to @shkim-will for the contribution (#2093)
• LeafNode:
  • Randomize remote URLs list by default. Thanks to @RudeDude for the suggestion (#2156)
• MQTT:
  • In order to support use of MQTT in some more complex setups, the server must enforce that its server_name configuration be explicitly defined (#2178)

Improved

• JetStream: stability for concurrent compact, purge, expiration and persisting of messages (#2180)

Fixed

• Panic on startup when using a NATS Resolver without having configured a system account. The server will now report the error instead of panic'ing (#2162)
• JetStream:
  • Pull based message delivery could drop responses in a super cluster configuration (#2166)
  • Under heavy load, a leader change could warn about not processing entry responses (#2173)
  • Stream bytes limit setting failed when account used dynamic limits. Also, file store implementation was not honoring block size (#2183)
  • Mirror/Source streams from work queues which could cause a deadlock on Interest policy streams (#2187)
  • Raft groups could continuously spin trying to catchup (#2191)
  • Check for more unwanted characters for the stream/consumer names, namely , \r, \n, \t and \f in addition to existing ., * and > (#2195)
• LeafNode:
  • A message loop could occur if a Leafnode, which has several members of a queue group, reconnects to a different server in a remote cluster. Thanks to @RudeDude for the report (#2163)
• Monitoring:
  • The http endpoint /varz would report increased subscriptions count every time it was inspected, even if no new subscription was added. Thanks to @cjbottaro and @harrisa1 for the report (#2172)
• MQTT:
  • JetStream assets would not be placed in the local LeafNode cluster (#2164)
  • A server would be forced to have JetStream enabled locally, which is not required if it is part of a cluster and JetStream is available in that cluster (#2164, #2178)
  • Several issues including connection timeouts, unexpected memory usage in QoS1 high publish message rate, etc... (#2178)
  • Retained message in cluster mode may not be delivered to starting matching subscription (#2179)
• The User.Username was not used when a custom authenticator was calling RegisterUser (#2165)
• Error parsing operator JWT on Windows (#2181)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.2.2...v2.2.3

Changelog

Go Version

• 1.16.3: Both release executables and Docker images are built with this Go release.

Added

• Kind() to the ClientAuthentication interface so that applications can know what type of connection they are dealing with (#2084)

Improved

• Some code cleanup. Thanks to @alexpantyukhin for the contributions (#2064, #2065)
• JetStream:
  • Startup for filtered consumers on large streams (#2075)
  • When running in mixed mode (some of clustered servers having JetStream enabled, some not) (#2095)
  • Setup with a remote Leafnode cluster extending a cluster or super-cluster and the JetStream domain. The Leafnode will not be elected as a leader and placement will by default be in the Leafnode's cluster (#2108)
• MQTT:
  • Error message when clients try to connect using Websocket protocol, which is currently not supported. Thanks to @LLLLimbo for the report (#2151)

Changed

• JetStream:
  • The StreamInfo response contained an array of sequences of deleted messages. It will now return the number of deleted messages and the request needs to set boolean deleted_details to true to get back the array of sequences of deleted messages (#2109)

Fixed

• JetStream:
  • Report the possible account loading failure when creating a stream (#2076)
  • Possible panic when a mirror was removed or its configuration changes (#2078)
  • Possible panic and file corruption during a file store compact (#2080)
  • Stream expired messages were not removed from consumer pending ack list (#2085)
  • Memory store should take length of message header into consideration to check for max bytes, similar to the file store implementation. Thanks to @alexpantyukhin for the contribution (#2086)
  • Issue with cached messages when server exits abruptly. Thanks to @GuangchaoDeng for the report (#2099, #2104)
  • Messages not properly removed from a stream with interest retention when a pull consumer was deleted. Thanks to @GuangchaoDeng for the report (#2105)
  • Mirrors failed when upstream messages had expired (#2110)
  • Make sure to stop unneeded retries for mirror consumers (#2113)
  • Subscription leak on failure when creating source consumers (#2118)
  • Files handles not closed on store close. Only impacting tests or applications embedding the server (#2121)
  • Inability to add some nodes to the group if they were not known prior to the meta group leader being elected (#2119)
  • General updates and stability improvements (#2131)
  • Prevent possible stall when shutting down a high traffic server or stream (#2146)
  • Errors deleting streams on Windows (#2152)
• LeafNode:
  • Incorrect loop detection when cluster of leaf nodes reconnect to a server in another cluster (#2066)
  • Subscriptions not properly removed during a route disconnect and information not properly forwarded to leaf nodes, resulting in possible unnecessary message flow (#2066)
  • Possible failure for a solicited leaf node connection to authenticate in extremely rare timing conditions (#2088)
  • Permission negotiation between two servers that could result in authorization failures causing connection to be closed (#2091, #2101)
  • Loss of subscription interest or closed connection could cause incorrect suppression of interest in a local cluster (#2124)
  • Possible panic due to concurrent access of unlocked map when permissions are set on a leaf node (#2136)
• Websocket:
  • TLS configuration changes were not reflected after a configuration reload (#2072)
• Monitoring:
  • Ensure /varz subscriptions count is for all accounts (#2074)
• Issue with concurrent fetching of an account that could result in message flow disruption (#2067)
• On TERM signal, the server would exit with code 0, while it should have been 1 (#2103)
• GetTLSConnectionState() was not using proper locking, resulting on some DATA RACE reports (#2122)
• Do not propagate service import interest across gateways and routes (#2123)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.2.1...v2.2.2

Changelog

Go Version

• 1.16.3: Both release executables and Docker images are built with this Go release.

Added

• Ability to set a timeout to NATS resolver (#2057)

Changed

• JetStreamVarz fields from structures to pointers so they can be omitted if empty. This is may affect users that embed the NATS Server in their code (#2009)

Improved

• Error log statement when an account registration fails (#2016)
• JetStream:
  • Durable consumers performance with Replicas > 1 (#2039, #2049)
  • Report error when mirror/sources stream prefix overlaps/collides with stream subjects (#2041)

Fixed

• JetStream:
  • Possible panic when consumers are stopped (#2008)
  • Panic on 32bit systems due to unaligned 64-bit atomic operations. Thanks to @GuangchaoDeng for the report (#2012)
  • Check for filter subject correctness of an upstream stream's mirror or source (#2013)
  • Reduce memory pressure and protect against some nil dereferences (#2015)
  • Mirror streams were not properly retrying after failures to create their internal consumer (#2017)
  • Prevent suppression of idle heartbeats for a filtered consumer on a busy stream (#2018)
  • Some updates for direct consumers (used for mirrors and sources streams) (#2021)
  • Possible double adds under reload or restart scenarios (#2023)
  • In operator mode, JetStream accounts were not all loaded on startup (#2024)
  • Consumer interest dropping and coming back across gateways (#2024)
  • Leaked subscriptions when retrying to create streams' source consumers (#2024)
  • Idle heartbeats were unnecessarily sent when a consumer was known to be active (#2024)
  • Performance degradation for mirrors and sources in presence of gaps (#2025)
  • Reworked sources and mirrors on missed data (#2026)
  • Reduce sliding window for direct consumers and catchup stream windows (#2027)
  • Flow control with multiple sources streams (#2028)
  • Chaining of sources and mirrors with filtered consumers (#2028)
  • General stability improvements (#2033)
  • Possible deadlock (#2034)
  • Panic when WAL was corrupted (#2045)
  • Prevent bad stream updates from deleting the stream (#2045)
  • When a request to get a message fails, returns code 404, instead of 500 (#2053)
  • Possible deadlock caused by an account lookup failure when processing a consumer assignment (#2054)
  • Consumer state (ack floor/pending or number of pending messages) could be skewed after server restarts (#2058)
• LeafNode:
  • verify_and_map was not honored (#2038)
  • When using Websocket connections, in some cases corruption could prevent messages to flow properly between nodes (#2040)
  • Subscriptions leak for subscriptions when hitting the "auto-unsubscribe" limit (#2059)
• MQTT:
  • Fix a possible subscription leak in setup failure conditions (#2061)
• Websocket:
  • Possible empty frames sent to webbrowser clients (#2040)
• Account connection events were not sent when using custom authentication (#2020)
• Disconnect clients for account JWT that has been disabled (#2048)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.2.0...v2.2.1

Changelog

Go Version

• 1.16.2: Both release executables and Docker images are built with this Go release.

Added

• JetStream, our new persistence offering (https://docs.nats.io/jetstream/jetstream)
• Websocket support (https://docs.nats.io/nats-server/configuration/websocket) (#1309)
  • Websocket Leafnode connections (#1858)
  • Cookie JWT authentication for Websocket. Thanks to #pas2k for the contribution (#1477)
• MQTT Support (https://docs.nats.io/nats-server/configuration/mqtt) (#1754)
  • Allow BearerToken as MQTT authentication method. Thanks to @angiglesias for the contribution (#1840)
• Monitoring:
  • New Endpoint: jsz for JetStream (#1881)
  • New Endpoint /accountz (#1611)
  • Value of GOMAXPROCS in /varz endpoint (#1304)
  • Ability to include subscription details in monitoring responses (#1318)
  • Endpoints now available via system services (#1362)
  • Base path for monitoring endpoints. Thanks to @guilherme-santos for the contribution (#1392)
  • Filtering by account for /leafz and exposing this as per account subject (#1612)
  • Support for tags and filter PING monitoring requests by tags (#1832)
  • JWT/IssuerKey/NameTag/Tags to monitoring and event endpoints (#1830)
  • tls_required, tls_verify and tls_timeout to Cluster/Gateway/Leafnode sections under /varz (#1854)
  • Operator JWT to /varz (#1862)
  • system_account to /varz (#1898)
• Options
  • lame_duck_grace_period (#1460)
  • sys_trace or --sys_trace command line to trace the system account (#1295)
  • resolver_tls to specify TLS configuration for account resolver. Thanks to @JnMik for the report (#1272)
  • allowed_connection_types to restrict which type connections (STANDARD, WEBSOCKET, etc..) can authenticate with a specific user (#1594)
  • verify_cert_and_check_known_urls to tie subject ALT name to URL in configuration (#1727)
  • account_token_position to simplify the securing of imports without requiring a token (#1874)
• Support for JWT BearerToken (#1226)
• Accounts default permissions (#1398)
• Printing of the configuration file being used in the startup banner. Thanks to @rmoriz for the report (#1473)
• Checks for CIDR blocks and connect time ranges specified in JWTs (#1567)
• Support for route hostname resolution. Thanks to @israellot for the report (#1590)
• Account name checks for Leafnodes in operator mode (#1739)
• User JWT payload and subscriber limits (#1570)
• Ability to use JWT latency sampling properties "headers" and "share" (#1776)
• Support for wildcard services and import remapping by JWT (#1790)
• Support for JWT export response threshold (#1793)
• Enforcement and usage of scoped signing keys (#1805)
• Support for StrictSigningKeyUsage (#1845)
• Support for JWT based account mappings (#1897)
• Build for mips64le platform. Thanks to @duchuanLX for the contribution (#1885)

Changed

• nats.io resources from HTTP to HTTPS. Thanks to @DavidSimner for the contribution (#1596)
• Default TLS and Authentication timeouts, to 2 seconds and TLS timeout + 1 second respectively (#1633)
• Gateways:
  • Connections now always send PINGs (the server otherwise will sometime suppress PINGs) (#1692)
  • Log statements regarding Interest-only mode switch is now DBG instead of INF (#2002)
• Enforce max_control_line for client connections only. The enforcement was previously happening only in case of handling of a partial protocol (#1850)

Improved

• Better support for distinguishedNameMatch in TLS authentication (#1577)

Updated

• Various dependencies, notably JWT and NKeys (#2004)

Fixed

• Log file size limit not honored after re-open signal (#1438)
• Leafnode issues
  • Unsubscribe may not be propagated correctly (#1455)
  • TLSMap authentication override (#1470)
  • Solicit failure race could leave the connection registered (#1475)
  • Loop detection may prevent early reconnect (#1607)
  • Possible panic when server accepts TLS Leafnode connection (#1652)
  • Duplicate queue messages in complex routing setup (#1725)
  • Reject duplicate remote (#1738)
  • Route parser error. Thanks to @wuddl6 for the report (#1745)
  • Configuration reload for remote TLS configurations (#1771)
  • Connection issues if scheme was not tls:// in some instances (#1846)
• Gateway issues:
  • Implicit reconnection (#1785)
  • Implicit connection not using global username/password. Thanks to @DavidSimner for the report (#1915)
  • System account incorrect tracking of gateways routed replies (#1749)
  • Configuration reload for remote TLS configurations (#1771)
• Connection name in log statement for some IPv6 addresses (#1506)
• Handling of real duplicate subscriptions (same subscription ID sent by clients) (#1507)
• Handling of gossiped URLs (#1517)
• Queue subscriptions not able to receive system events (#1530)
• JWT:
  • Revocation checks (#1632, #1645)
  • Validation of private imports (tokens) did return a warning instead of an error (#2004)
• Detect service import cycles (#1731)
• Syslog warning trace as a "INF" instead of "WRN". Thanks to @paoloteti for the contribution (#1788)
• Monitoring endpoint /connz may report incorrect user. Thanks to @nqd for the report (#1800)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.1.9...v2.2.0

Changelog

Go Version

• 1.14.10: Both release executables and Docker images are built with this Go release.

Fixed

• Possible panic if server receives a maliciously crafted JWT CVE-2020-26521 (#1624)
• User and claims activation revocation checks CVE-2020-26892 (#1632, #1635, #1645)
• Panic on shutdown while accepting TLS client connections (6900905b0ac41b1d080db610438d4037c654aced)
• Added defensive code for handling of Leafnode connections (d99d0eb06983c3fc07617412019e03ecb1d68a38)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.1.8...v2.1.9

Changelog

Go Version

• 1.14.8: Both release executables and Docker images are built with this Go release.

Fixed

• Allow response permissions to work across accounts (#1487)
• Race condition during implicit Gateway reconnection (#1412)
• Possible stall on shutdown with leafnode setup. Thanks to @HeavyHorst for the report (#1414)
• Possible removal of interest on queue subs with leaf nodes (#1424)
• Unsubscribe may not be propagated through a leaf node (#1455)
• LeafNode solicit failure race could leave conn registered (#1475)
• Handling or real duplicate subscription (#1507)
• Log file size limit not honored after re-open signal (#1438)
• Connection name in log statement for some IPv6 addresses (#1506)
• Better support for distinguishedNameMatch in TLS Auth. Thanks to @nagukothapalli for the report (#1577)
• Error when importing an account results in an error (#1578)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.1.7...v2.1.8

Changelog

Go Version

• 1.13.10: Both release executables and Docker images are built with this Go release.

Added

• Monitoring endpoints available via system services (#1362)
• Configuration no_auth_user allows to refer to a configured user/account when no credentials are provided (#1363)
• Support to match domainComponent (DC) in RDNSequence with TLS authentication (#1386)
• Configuration http_base_path for monitoring endpoints. Thanks to @guilherme-santos for the contribution (#1392)

Improved

• Added close reason in the connection close statement (#1348)

Fixed

• Switch gateways to interest-only mode for Leafnode accounts (#1327)
• Leafnode loop detection fixes (#1331, #1338)
• Service reply interest propagation in some Leafnode scenario (#1334)
• Inconsistent subscription propagation behavior across accounts and Leafnodes (#1335)
• Service across account and Leafnodes (#1337)
• Service responses not delivered after Leafnode restart (#1345)
• Update remote gateway URLs when node goes away in cluster (#1352)
• Monitoring endpoint /subsz support for accounts (#1377)
• Validate options on configuration reload (#1381)
• Closed connection early in connect handshake may linger in the server (including monitoring /connz) (#1385)
• Account unnecessarily reloaded in some cases during configuration reload (#1387)
• default_permissions was not applied to NKey users (#1391)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.1.6...v2.1.7

Changelog

Go Version

• 1.13.9: Both release executables and Docker images are built with this Go release.

Added

• Ability to specify TLS configuration for the account resolver. Thanks to @JnMik for the report (#1272):

resolver_tls {
  cert_file: ...
  key_file: ...
  ca_file: ...
}

• Client IP (client_ip) in the server's INFO sent to clients. Client libraries may expose that in the future (#1293)
• Option trace_verbose and command line parameters -VV and -DVV to increase trace and debug verbosity. By default system account messages will not be traced unless this option is enabled (#1295)
• Value of GOMAXPROCS in /varz monitoring output (#1304)
• Option to include subscription details in monitoring endpoints /routez and /connz. For instance /connz?subs=detail will now return not only the subjects of the subscription, but the queue name (if applicable) and some other details (#1318)

Improved

• Recover from panics during configuration parsing and instead issue errors (#1274)
• Parse ping_interval as a duration. If not a duration, falls back to interpret as the number of seconds (#1281)
• Error trace in case protocol exceeds the max control line value (#1286)
• TLS version 1.3 and cipher names in log/monitoring. Thanks to @burner-account for the report (#1316)

Updated

• Include port on the "Connected leafnode" INF notice in the server log (#1303)
• Some dependencies. This covers the golang crypto package CVE. Note that the CVE mentions the ssh package, which NATS Server does not use, so it should not be affected. Thanks to @KauzClay for the contribution (#1320)

Fixed

• Server did not exit after receiving the lame duck mode signal. This is a regression introduced in v2.1.2 (#1276)
• Use configured ping interval for clients that have not yet sent the CONNECT protocol. When the CONNECT protocol is received, a ping will be sent to the client in a short period of time to establish the initial TTL for this client (#1289)
• A configuration producing a warning causes -DV to be ignored (#1291)
• Incorrect buffer reuse in case of partial connection write (#1298)
• Configuration reload of debug/trace option was not applied to existing clients (#1300)
• Loop detection for LeafNodes (#1308)
• Use account resolver URL from the operator JWT if one is specified. Note that if one is explicitly configured with the "resolver" option, it will take precedence (#1318)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.1.4...v2.1.6

Changelog

Go Version

• 1.13.7: Both release executables and Docker images are built with this Go release.

Added

• LogSizeLimit option to automatically rotate logs. Thanks to @xzzh999 for the report (#1202)

Updated

• Handling of slow consumer for non client connections (#1233)

Fixed

• Prevent "Account no-interest" for account that has service reply subscription (#1204)
• Closing of Gateway or Route TLS connection may hang (#1209)
• Messages to queue subscriptions are not distributed evenly. Thanks to @harrisa1 for the report (#1215)
• Allow multiple stream imports on the same subject (#1220)
• Do not check URL account resolver reachability on configuration reload (#1239)
• More than expected switch to Interest-Only mode for given account (#1242)
• Possible panic when handling bad subjects (#1249)
• Display of connections IPv6 addresses (#1260)
• LeafNode TLS issues with mixed IP/Hostnames. Thanks to @rbboulton for the report (#1261, #1264)
• Fail and report if LeafNode attempt to connect to wrong listen port (#1265)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.1.2...v2.1.4

Changelog

Go Version

• 1.12.13: Both release executables and Docker images are built with this Go release.

Added

• QueueSubscribe permissions (#1143)
• Use of single/multiple users for authentication of Leafnodes (#1147, #1168)
• ~ support for Leafnode credentials (#1148)
• Account support in /connz (#1154)
• server_name configuration option to help better identify a server through /varz or system events (#1158, #1166)

Updated

• In monitor home page, the help link now points to the monitoring page in our new documentation website (#1169)
• Handling of replies (including service replies) across Gateways (#1183, #1184, #1190, #1195)
• Server performs actual shutdown procedure (closing client connections, etc..) when signaled to exit (#1186)

Fixed

• Reject duplicate service import "to" subject (#1140)
• String trim in function getting the process name on Windows. Thanks to @beautytiger for the contribution (#1157)
• Panic when incorrectly using a wildcard for a stream import prefix. Thanks to @lucj for the report (#1160)
• Explicit gateway not using discovered URLs (#1165)
• Leafnode loop detection (#1170, #1172)
• Prevent server from sending a PING to measure RTT until the client has finished the connect process (#1175)
• Requestor RTT was often reported as 0 when tracking latency (#1179)
• Leaking of service imports and subscriptions on routes (#1185)
• Possible panic when processing route subscription interest (#1189)
• Some account locking issues and race that could cause clients to not receive messages (#1191)
• Server was fetching unknown account when tracking remote connections (#1192)
• Handling of missing account when processing a remote latency update (#1194)
• Ability to daisy chain Leafnode servers (#1196)
• Handling of split buffers for Leafnodes. Thanks to Bfox for the report (#1198, #1199)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.1.0...v2.1.2

Changelog

Go Version

• 1.12.9: Both release executables and Docker images are built with this Go release.

Added

• RTT in /routez details (#1101)
• New /leafz monitoring endpoint (#1108)
• Latency tracking for exported services (BETA) (#1111, #1112, #1122, #1125, #1130, #1132, #1136, #1137)
• System level services for debugging (BETA). Exported services to the system account for debugging of blackbox systems. Ability to get the number fo subscribers for a given subject and optionally queue group (#1127)

Fixed

• Some typos in code. Thanks to @beautytiger for the contribution (#1105)
• Some Leafnode issues (#1106)
• Issue when there is a circular dependency in account server import (#1119)
• MaxPending configured to more than 2GB. Thanks to @cv711 for the report (#1121)
• Some internal locking issues related to accounts lookup and updates (#1126, #1131)
• Ability to pass to the command line -cluster nets://<host>:-1 for a random port, which is used in some NATS libraries for testing. This was broken due to changes in Golang (#1128)
• Ensure server uses default if ResponsesPermissions's values are set to 0 (#1135)

Improved

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.0.4...v2.1.0

Changelog

Go Version

• 1.12.8: Both release executables and Docker images are built with this Go release.

Added

• Use of GoReleaser. Thanks to @caarlos0 for this tool! (#1095)
• Deb and RPM packages (#1095)
• Publish permissions based on reply subjects of received messages (#1081)
• Support for user and activation token revocation (#1086)
• Leafnode connections to /varz (#1088)
• Ability to cross account import services to return streams as well as singletons (#1090)
• Support for service response types (#1091, #1093)

Fixed

• Leafnode user JWT with signer fails to authenticate (#1078)
• Leaked subscriptions from queue group across routes. Thanks to @ripienaar for the report (#1079)
• Shadow subscriptions can be leaked on stream import and connection close (#1090)
• Connection could be closed twice resulting in duplicate reconnect mainly affecting Gateways and Leafnodes (#1092)
• Some typos in code. Thanks to @ethan-daocloud for the contribution (#1098)

Improved

• Reduce memory usage on routes. Thanks to @ripienaar for the report (#1087)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.0.2...v2.0.4

Changelog

Go Version

• 1.11.12: Both release executables and Docker images are built with this Go release.

Changed

• Default TLS Timeout bumped to 2 seconds (as opposed to 0.5s) (#1042)

Added

• Support to extend leafnodes remote TLS timeout (#1042)
• Allow operator to be inline JWT (#1045)
• Made ReadOperatorJWT public for embedded use cases. Thanks to @ripienaar for the report (#1052)
• Ability to disable sublist cache globally for all accounts. Thanks to @azrle for the report (#1055)
• Ability to set a limit to the trace of the payload of a message. Thanks to @andyxning for the contribution (#1057)

Improved

• Add default port (7422) for Leafnode remote connections (#1049)
• Reduce server PINGs when data is flowing (#1048)
• Allow remotes leafnode to specify an array of URLs. Thanks to @ripienaar for the report (#1069)

Fixed

• Messages not distributed evenly when sourced from leafnode (#1040)
• Help link in top level monitoring (#1043)
• Check of max payload could be bypassed if size overruns an int 32. Note that the client would first have to be authorized to connect. This fix is for CVE-2019-13126. Thanks to Aviv Sasson and Ariel Zelivansky from Twistlock for the security report (#1053)
• Sending to client libraries an updated MaxPayload through INFO protocol when a bound account's MaxPayload is not the same as the server the client is connected to (#1059)
• Routing of responses across leafnodes (#1060)
• Subscriptions were not propagated correctly upon new leafnode joining the network. Thanks to @antmanler for the report and fix! (#1067)
• Prevent multiple solicited leafnodes from forming cycles. Thanks to @ripienaar for the report (#1070)
• Report possible error starting the monitoring port. Thanks to @andyxning for the contribution (#1064)
• Allow use of insecure for remote leafnode and gateways again. Thanks to @ripienaar for the report (#1071, #1073)
• Report authorization error and use TLS hostname for IPs on leafnodes (#1072)
• Leafnode URLs may be missing in INFO protocol sent to Leafnodes connections (#1074)
• Server now read pending data on closed connection to be able to report error (for instance in case of an authorization error sent by remote server) (#1075)

Complete Changes

https://github.com/nats-io/nats-server/compare/v2.0.0...v2.0.2

Changelog

Go Version

• 1.11.10: Both release executables and Docker images are built with this Go release.

Backward incompatibility

• The routing protocol has been dramatically improved and adds support for accounts and multi-tenancy. The new protocol is not backward compatible with servers <2.0.0.
• For users embedding NATS Server and using Varz() to get server statistics should be aware of some changes described in #989

Changed

• Repository and server name have changed: gnatsd becomes nats-server (#985)
• With go.mod, users embedding NATS Server should change their import path to include /v2. For instance:

import (

    natsd     "github.com/nats-io/nats-server/v2/server" 
)

• Cluster permissions moved out of cluster's authorization section (#747)
• The utility mkpasswd.go file was moved to its own directory util/mkpasswd to enable go get to install this tool (#996)

Added

• NKey support (#743)
• Accounts support (#755)
• JWT Support (#804)
• Gateways (#808)
• Leaf Nodes (#928)
• System events (#823)
• Support of TLS certificate subject for users authentication (#896, #909)
• Support of SANs in TLS certificate for user permissions. Thanks to @twrobel3 for the report (#966)
• Ability to disable TLS server name verification for routes. Thanks to @softkot for the contribution (#921)
• Ability to explicitly set server name for TLS in Gateways. Thanks to @danielsdeleo for the contribution (#922)
• Configuration check with -t command line parameter (#745)
• Support for route permissions configuration reload (#753)
• Lame duck mode (#780)
• Support for path as argument to --signal. Thanks to @pires for the contribution (#838)
• Expose connection remote address in ClientAuthentication. Thanks to @ripienaar for the contribution (#837)
• ntp.service dependency to the systemd service file. Thanks to @andyxning for the contribution (#880)
• Configuration parameter to select the frequency at which failed route, gateways and leaf nodes connections are reported. Thanks to @santo74 for the feedback (#1000, #1001)
• List or route URLs in cluster{} from /varz endpoint (#1012)
• Ability to ignore top-level unknown configuration field (#1024)

Improved

• New route protocol (#786)
• Fan in/out scenarios (#876)
• Various optimizations (#897)
• Utility mkpasswd's help output. Thanks to @andyxning for the contribution (#881)
• You can now have unquoted strings that start with number (#893)
• Use of https for README's links. Thanks to @huynq0911 for the contribution (#914)
• Warning on plaintext password in configuration and redact them from log statements (#743, #776)

Fixed

• Misleading "Slow Consumer" error message during a TLS Handshake (#836)
• Report "Slow Consumer" only for clients that do complete the connect process (#861)
• Configuration reload of boolean flags. Thanks to @sazo for the report (#879)
• Runaway process when parsing a configuration file with missing a } or ) (#887)
• Don't allow overruns for message payloads. Thanks to @valichek for the report (#889)
• Possible delays in delivering messages (#895)
• Possible slow consumer when routes exchange their subscriptions list (#912)
• Protocol Parser type safety. Thanks to @nmiculinic for the contribution (#908)
• Use of custom authentication with configuration reload. Thanks to @Will2817 for the report (#924)
• Issue with utility mkpasswd on Windows platform. Thanks to @Ryner51 for the report (#935)
• Some typos. Thanks to @huynq0911, @JensRantil for their contributions.
• Changes to Varz content and fixed race conditions (#989)

Complete Changes

https://github.com/nats-io/gnatsd/compare/v1.4.1...v2.0.0

Do not use, v2.0.0 is now released: https://github.com/nats-io/nats-server/releases/tag/v2.0.0