The next UH Message Broker upgrade will bring the following changes:
| Item | Previously | Changed to… | Comments |
|---|---|---|---|
| Software version | RabbitMQ 3.7.12 Erlang 21.2.6 | RabbitMQ 3.11.2 Erlang 25.1.1 | Going forward, RabbitMQ and Erlang will be updated to the most recent versions as part of our monthly patching. |
| SSL Certificate | 2048-bit cert | 4096-bit Subject Alternative Name (SAN) extension to support host name associated with our perceived IP address. | |
| TLS | Versions 1.1 and 1.2 only. No peer verification if your TLS client sends an optional client cert. Secure renegotiation allowed. | Versions 1.2 and 1.3 only. Peer verification performed if your TLS client sends an optional client cert. Secure renegotiation disabled. | |
| RabbitMQ Client | Java client 3.6.6 or higher | Although we expect older clients to work, we recommend that you upgrade to the latest client | Need sample Java code to perform SSL cert verification if Java client still shows this warning: WARN [localhost-startStop-1] com.rabbitmq.client.TrustEverythingTrustManager.<init> SECURITY ALERT: this trust manager trusts every certificate, effectively disabling peer verification. This is convenient for local development but offers no protection against man-in-the-middle attacks. Please see https://www.rabbitmq.com/ssl.html to learn more about peer certificate verification |
Queues | Classic queues which are mirrored and synchronized across all 3 nodes unless the queue name begins with an underscore. | All queues will be converted to quorum queues. | You do not need to change anything in your application. More on quorum queues: https://www.rabbitmq.com/quorum-queues.html |
Timeline
TBD