Solace PubSub+ Event Broker (Software & Appliance) new versions are released

hong
hong Guest Posts: 480 ✭✭✭✭✭
edited August 2020 in Release Notes #1

The following Solace PubSub+ Platform products have been released and are available for download:

  • Solace PubSub+ Event Broker: Software version 9.6.0.27
  • Solace PubSub+ Event Broker: Appliance version 9.6.0.27

Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

Release Summary: Product Releases

PubSub+ Event Brokers version 9.6.0.27: This release of PubSub+ Event Broker introduces the following features:
• DMR - support replication / DR: Enables the use of Dynamic Message Routing (DMR) to create a mesh of PubSub+ Event Brokers, while using Replication to backup guaranteed messages to a disaster recovery (DR) site.
• IPv6
• IPv6 support in SMF and Solace APIs: SMF clients can now connect via IPv6.
• IPv6 for AMQP Clients: AMQP clients can now connect via IPv6.
• IPv6 Support for MQTT Client and REST Producers and Consumers on the Software Broker: MQTT clients and REST producers and consumers can now connect using IPv6 on the PubSub+ Software Broker. This was previously only supported on the PubSub+ Appliance.
• SEMPv2
• SEMPv2 Method of Transfer for Write-only Configuration: A new SEMPv2 query parameter to enable the transfer of write-only configuration.
• SEMPv2: For use cases such as monitoring or dashboarding, introduces a new message count property for an easier and pollable way to get a list of queues or topic endpoints and their message count (see the SEMP-API for optimization recommendations) - as well as message count for the replay log. Please note: the redundant private attributes, currentSpooledMsgCount, for queues and topic endpoints, and MsgsLogged, for the replay log, will be deleted in our next release.
• Common port for all AMQP connections: A common port for all message VPNs may be configured for AMQP clients connecting over TLS. Also required is for the user to configure a virtual host mapping from the SNI field from the TLS handshake to the message VPN name.
• REST Delivery Points (RDP)
• RDP support for alternate HTTP method (POST vs PUT): REST Delivery Points will allow PUT as an alternative to POST as the HTTP method used for the outgoing REST request. Application developers can now leverage additional use cases in which the "PUT" HTTP method is preferred. Note: The HTTP method defined on the REST consumer will not be used in gateway mode
• Verification of hostnames for outgoing TLS on RDPs: For setting up outgoing RDP connections using TLS, support for server name validation using SNI is now available. Application developers can take advantage of SNI and SubjectAltName in TLS to verify the identity of the remote REST consumers Server name validation will be done with SubjectAltName instead of the outdated Trusted Common Names. This feature makes it easier and more reliable to configure secure TLS connections for RDPs.
• Manager: remove credentials from browser local storage: We have introduced a more secure way to locally manage credentials used to authenticate PubSub+ Manager with the broker.

Access

  • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
  • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
  • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

Get the new versions now and share with the Community how you use them!

Comments

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following Solace PubSub+ Platform product maintenance releases are available for download:

    • Solace PubSub+ Event Broker: Software version 9.6.0.32
    • Solace PubSub+ Event Broker: Appliance version 9.6.0.32

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Release Summary

    In the PubSub+ Even Broker maintenance releases, the following issues have been resolved:

    • Web browsers may report "Cookie has an invalid value" when attempting to login to the Solace broker's PubSub+ Manager web management interface. Workarounds include clearing cookies, using incognito/private browsing mode, or using a different web browser. (SOL-38906)
    • In rare cases, if both of the messaging nodes in a software broker high availability (HA) triplet become active at the same time, spool files and thus messages may be deleted. This issue does not impact appliances. (SOL-38908)

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.
  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following Solace PubSub+ Platform product maintenance release is available for download:

    • Solace PubSub+ Event Broker: Software version 9.6.0.38
    • Solace PubSub+ Event Broker: Appliance version 9.6.0.38

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Release Summary

    In this PubSub+ Event Broker maintenance release, the following issues have been resolved:

    • If using the Message Priority feature on a non-exclusive queue by enabling the respect-message-priority property, delivery of some messages may be delayed or stalled indefinitely. The work around is to restart the consumer applications or, if using an API or application that can handle rebinding to the queue after receiving an unsolicited unbind, the queue's egress can be shut down and re-enabled. (SOL-39945)
    • Support for the deprecated format of Queue Network Names (#P2P/QUE/v:/) has been re-introduced. Note that this format is still deprecated and can be removed in a future release. (SOL-40165)

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/.
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/.
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.
  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following Solace PubSub+ Platform products have been released and are available for download:

    • Solace PubSub+ Event Broker: Software version 9.7.0.29
    • Solace PubSub+ Event Broker: Appliance version 9.7.0.29

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Release Summary

    This release of PubSub+ Event Broker introduces the following features:

    • Option to set max-redeliveries to zero: A configuration option for guaranteed endpoints to support application that don’t ever want message redeliveries. When redelivery is disabled, and a consuming application rolls back a transaction or does not acknowledge receipt of a message, the broker will discard the message or move it to the DMQ rather than attempting to redeliver the message to the application.
    • Broker log file rotation based on number of days: Customers can now setup rotation of log files in compliance with regulation, based on number of days to keep log files for different regions’ needs.
    • Display when and why the defrag process stops: New events, stats and info on fragmentation and defragmentation activity and results help you with defragmentation decisions and troubleshooting.
    • Replay Increase max message spool on the software broker: PubSub+ Enterprise now support up to 3B messages queued and up to 6TB of spooled messages. This is in support of applications that require large numbers of messages to be available for replay. Increasing the number of queued messages will require additional resources; see documentation for details.
    • Verification of hostnames for outgoing TLS on bridges: To better secure and improve broker’s outgoing TLS connections (VPN bridges, DMR, Config-sync) where currently we do not verify the requested hostname against the certificate returned by the server. A NEW option to check Subject Alternative Name (SAN) against the hostname of the target server instead of CN, maintains backward compatibility.

    Manager:

    • Guaranteed Messaging (Spool) Configuration: Enable and configure Guaranteed Messaging for a broker faster and easier via PubSub+ Broker Manager. This step increases the configuration and management breadth and coverage for PubSub+ Broker Manager. More to come!
    • Wizards – API Token option for Manager Interface Authentication to Solace Cloud: Now leverage click-to-connect wizards when you have SSO enabled for your Solace Cloud Services. The wizards can now use your Cloud API Token when creating bridges and clusters.

    SEMPv2:

    • Remove version information from SEMPv2 and NAB HTTP responses: Removing reference to SolOS version number from the response header to eliminate as a low risk security vulnerability
    • Remove private-API message counts: As indicated in the 9.6 Product Notification: the redundant private attributes, currentSpooledMsgCount, for queues and topic endpoints, and MsgsLogged, for the replay log, have been deleted.

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
      • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
      • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.
  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following Solace PubSub+ Platform products have been released and are available for download:

    • Solace PubSub+ Event Broker: Software version 9.6.0.46
    • Solace PubSub+ Event Broker: Appliance version 9.6.0.46

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Release Summary:

    This release of PubSub+ Event Broker addresses issues in the following areas. Please refer to the release notes for more details:

    • Bug fixes and stability improvements related to AMQP messaging and Subscription Exception Matching

    Documentation:

    Access:

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.
  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following Solace PubSub+ Platform products have been released and are available for download:

    • Solace PubSub+ Event Broker: Software version 9.7.0.42
    • Solace PubSub+ Event Broker: Appliance version 9.7.0.42

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Release Summary:

    This release of PubSub+ Event Broker addresses issues in the following areas. Please refer to the release notes for more details:

    • Bug fixes and stability improvements related to AMQP messaging and Subscription Exception Matching
    • The broker could misinterpret the content type of HTTP messages from REST producers

    Documentation:

    Access:

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/.
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/.
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.
  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following Solace PubSub+ Platform products have been released and are available for download:

    • Solace PubSub+ Event Broker: Software version 9.8.0.12
    • Solace PubSub+ Event Broker: Appliance version 9.8.0.12

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Release Summary:

    This release of PubSub+ Event Broker introduces new features and functionality. Please refer to the release notes for more details:

    • Queue message resend counter (JMSXDeliveryCount)
    • Support keep-alive detection in brokers to detect and disconnect unresponsive clients
    • Include standard trusted root certificates for TLS validation with Servers
    • REST Delivery Point - Ability to forward credentials (basic authentication) in Gateway mode for your next endpoint
    • REST Delivery Points: OAuth2 client credentials authentication for Azure services (Event Hubs, Service Bus and Functions)
    • New "Click-to-Connect" wizard in PubSub+ Broker Manager to create REST Connectors to Cloud Native Services
    • Support larger TLS certificate files on the broker

    Documentation:

    Access:

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.
  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download

    • Solace PubSub+ Event Broker 9.8.1.29

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Release Summary:

    • Increase the max number of messages in a transaction
    • DMR - support horizontal scaling & inter-cluster simultaneously (also known as Internal + External links)

    Download:

    Files can be retrieved from the Solace Products site using your account name and password.

    Documentation:

    Solace product documentation can be found at https://docs.solace.com

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download

    • Solace PubSub+ Event Broker 9.8.1.33

    Release Summary:

    This release resolves the following issue:

    • SOL-48756 - In a broker network using DMR and HA, when an HA switchover occurs, there is a small window of time
      where messages may not be delivered to DMR mates correctly. This issue exists only in SolOS TR Version 9.8.1.19 and 9.8.1.29.

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Access:

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/.
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/.
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    Documentation:

    Solace product documentation can be found at: https://docs.solace.com.

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download

    • Solace PubSub+ Event Broker 9.9.0.23

    Release Summary:

    This release introduces the following new features:

    • Replay after Replication Group Message ID
    • MQTT 5.0 Support
    • Provide a message ID unique within a replication group in all guaranteed messages sent to clients
    • Controlling when the Broker Requests a Client Certificate
    • New default max-sizes and alert thresholds for guaranteed endpoints to reduce risk of head-of-line blocking on DMR and bridge links
    • Verification of Hostnames for outgoing TLS for MNR
    • RDP: OAuth2 authentication - RFC 7523 and OpenID Connect (for Google Functions)
    • Client Certificates Add Thumbprint and UID as Sources of Username
    • PubSub+ Manager Wizards for connecting to Google Functions through RDPs

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Access:

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/.
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/.
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    Documentation:

    Solace product documentation can be found at: https://docs.solace.com.

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download

    • Solace PubSub+ Event Broker 9.9.0.28

    Release Summary

    This release introduces the following new features:

    • Fix for issue SOL-49793 - Solace brokers may not correctly expire messages to a Dead Message Queue (DMQ) if the DMQ was provisioned using a client messaging API. Expired messages may be deleted instead of moving to the API-provisioned DMQ. This issue does not impact DMQs created using CLI, SEMP, SolAdmin or PubSub+ Manager.
    • Updates to address the following vulnerabilities:
    1. CentOS 7: bind (CESA-2021:1469) (https://www.tenable.com/plugins/nessus/149205) ; CVSS v3 Severity: High (7.5) ; CVE: CVE-2021-25215
    2. Oracle Java SE 1.7.0_301 / 1.8.0_291 / 1.11.0_11 / 1.16.0_1 Multiple Vulnerabilities (Unix Apr 2021 CPU) (https://www.tenable.com/plugins/nessus/148961); CVSS v3 Severity: Medium (5.9); CVE: CVE-2021-2161, CVE-2021-2163

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/.
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/.
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    Documentation

    Solace product documentation can be found at: https://docs.solace.com.

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download

    • Solace PubSub+ Event Broker 9.8.1.35
    • Solace PubSub+ Event Broker 9.6.0.52

    Release Summary

    Solace PubSub+ Event Broker Appliance and Software 9.8.1.35 introduces the following product updates:

    • Fix for issue SOL-50254/SOL-49793 - Solace brokers may not correctly expire messages to a Dead Message Queue (DMQ) if the DMQ was provisioned using a client messaging API. Expired messages may be deleted instead of moving to the API-provisioned DMQ. This issue does not impact DMQs created using CLI, SEMP, SolAdmin or PubSub+ Manager.
    • Updates to address the following vulnerabilities (this update applies to the Software Machine Image only, see Release Notes for more details):
    1. CentOS 7: bind (CESA-2021:1469) (https://www.tenable.com/plugins/nessus/149205)
    2. CVSS v3 Severity: High (7.5)
    3. CVE: CVE-2021-25215

    Solace PubSub+ Event Broker Appliance and Software 9.6.0.52 introduces the following product updates:

    • Fix for issue SOL-50255/SOL-49793 - Solace brokers may not correctly expire messages to a Dead Message Queue (DMQ) if the DMQ was provisioned using a client messaging API. Expired messages may be deleted instead of moving to the API-provisioned DMQ. This issue does not impact DMQs created using CLI, SEMP, SolAdmin or PubSub+ Manager.

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Download

    Files can be retrieved from the Solace Products site using your account name and password.

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    If you need access to AWS for Solace PubSub+ Event Broker: Software downloads, please contact Solace at support@solace.com. Access to products.solace.com requires your account name and password.

    Documentation

    Solace product documentation can be found at: https://docs.solace.com.

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download:

    • Solace PubSub+ Event Broker 9.9.0.34

    Release Summary:

    This release introduces the following product updates:

    • Fix for issue SOL-50749 - Brokers with the message replay feature enabled may incorrectly stop trimming the replay log. Once the replay log grows to 110% of its configured size, the broker will stop processing newly published guaranteed messages on that VPN.
    • Updates to address the following vulnerabilities (see Release Notes for more details):
    1. nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE (https://www.tenable.com/plugins/nessus/150154)
      CVSS v3 Score: 9.8 (Critical)
      CVE: CVE-2021-23017, CVE-2020-25692
    2. CentOS 7: glib2 (CESA-2021:2147) (https://www.tenable.com/plugins/nessus/150773)
      CVSS v3 Score: 7.5 (High)
      CVE: CVE-2021-27219
    3. CentOS 7: dhcp (CESA-2021:2357) (https://www.tenable.com/plugins/nessus/150763)
      CVSS v3 Score: 7.7 (High)
      CVE: CVE-2021-25217
    4. CentOS 7: kernel (CESA-2021:2314) (https://www.tenable.com/plugins/nessus/150770)
      CVSS v3 Score: 7.8 (High)
      CBE: CVE-2021-3347
    5. CVE vulnerability in urllib3-1.26.4-py2.py3-none-any.whl
      CVSS v3 Score: 7.5 (High)
      CVE: CVE-2021-33503
    6. Various AWS AMI Security Vulnerabilities
      CVSS v3 Score: 7.5 (High)
      CVE: CVE-2020-29374, CVE-2021-23133, CVE-2021-29155, CVE-2021-31829, CVE-2020-25692, CVE-2021-23336, CVE-2021-3426, CVE-2019-20916

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Download:

    Files can be retrieved from the Solace Products site using your account name and password.

    Access:

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    Documentation:

    Solace product documentation can be found at: https://docs.solace.com

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download:

    • Solace PubSub+ Event Broker 9.6.0.57

    Release Summary:

    This release introduces the following product updates:

    • Fix for issue SOL-50749 - Brokers with the message replay feature enabled may incorrectly stop trimming the replay log. Once the replay log grows to 110% of its configured size, the broker will stop processing newly published guaranteed messages on that VPN.

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Download:

    Files can be retrieved from the Solace Products site using your account name and password.

    Access:

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    Documentation:

    Solace product documentation can be found at: https://docs.solace.com

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download:

    • Solace PubSub+ Event Broker 9.8.1.40

    Release Summary:

    Fix for issue SOL-50749 - Brokers with the message replay feature enabled may incorrectly stop trimming the replay log. Once the replay log grows to 110% of its configured size, the broker will stop processing newly published guaranteed messages on that VPN.

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Download:

    Files can be retrieved from the Solace Products site using your account name and password.

    Access:

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    Documentation:

    Solace product documentation can be found at: https://docs.solace.com.

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following products have been released and are available for download:

    • Solace PubSub+ Event Broker 9.10.0.12

    Release Summary

    The following new features has been added to Solace PubSub+ Event Broker Appliance and Software 9.10.0:

    • Enable tcp keepalives for syslog connections
    • Delayed Delivery Queue
    • Add Certificate Expiry to CLIENT_CLIENT_CONNECT Event
    • Broker Manager: Support for Config-Sync

    Vulnerability Notice

    The following vulnerabilities have been addressed in Solace PubSub+ Event Broker Appliance and Software 9.10.0 (see Release Notes for details):

    • Various Kernel Vulnerabilities
      CVSS v3 Severity: 7.8 (High)
      CVE: CVE-2021-26930, CVE-2021-26931, CVE-2021-26932, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-28038, CVE-2021-30002, CVE-2019-19060, CVE-2021-28660, CVE-2021-29265, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-28688, CVE-2021-29647, CVE-2021-3483, CVE-2021-29154, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672

    • Amazon Linux 2 : systemd (ALAS-2021-1643)
      CVSS v3 Score: 9.8 (Critical)
      CVE: CVE-2018-15686, CVE-2018-16864, CVE-2018-16866, CVE-2018-16888, CVE-2019-20386, CVE-2019-3815, CVE-2019-6454
      *CentOS 7 : linuxptp (CESA-2021:2658)
      CVSS v3 Score: 9.1 (Critical)
      CVE: CVE-2021-3570

    • Amazon Linux 2 : kernel (ALAS-2021-1675)
      CVSS v3 Score: 7.8 (High)
      CVE: CVE-2021-33200

    Deprecation Notice

    • Support for Cut-Through Persistence in Solace PubSub+ Event Broker has been deprecated.

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone through the Solace dev portal at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    Documentation

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following products have been released and are available for download:

    • Solace PubSub+ Event Broker 9.1.1.36
    • Solace PubSub+ Event Broker 9.2.0.33
    • Solace PubSub+ Event Broker 9.3.1.33

    Release Summary

    The following vulnerabilities have been addressed in this release (see Release Notes for details):

    CVE: CVE-2021-26930, CVE-2021-26931, CVE-2021-26932, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-28038, CVE-2021-30002, CVE-2019-19060, CVE-2021-28660, CVE-2021-29265, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-28688, CVE-2021-29647, CVE-2021-3483, CVE-2021-29154, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672

    Download

    Files can be retrieved from the Solace Products site using your account name and password.

    Documentation

    Solace product documentation can be found at: https://docs.solace.com

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download:

    • Solace PubSub+ Event Broker 9.6.0.58

    Release Summary

    The following vulnerabilities have been addressed in this release (see Release Notes for details):

    Download

    Please contact Solace at support@solace.com. Access to http://products.solace.com requires your account name and password.

    Documentation

    Solace product documentation can be found at: https://docs.solace.com.

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download:

    • Solace PubSub+ Event Broker 9.10.0.15

    Release Summary

    This release introduces the following product updates:

    • Updates to address the following vulnerabilities (see Release Notes for more details):

    o Amazon Linux 2 : python-urllib3 (ALAS-2021-1688) (https://nvd.nist.gov/vuln/detail/CVE-2021-33503)
    CVSS v3 Score: 7.5 (High)
    CVE: CVE-2021-33503

    o Amazon Linux 2 : kernel (ALAS-2021-1685) (https://www.tenable.com/plugins/nessus/151793)
    CVSS v3 Score: 4.7 (Medium)
    CVE: CVE-2020-26558, CVE-2021-0129, CVE-2021-29650, CVE-2021-32399, CVE-2021-33034, CVE-2021-33624, CVE-2021-3564, CVE-2021-3573

    o Amazon Linux 2 : rpm (ALAS-2021-1689) (https://www.tenable.com/plugins/nessus/151796)
    CVSS v3 Score: 7.0 (High)
    CVE: CVE-2021-20271, CVE-2021-3421

    o Amazon Linux 2 : grub2 (ALAS-2021-1684) (https://www.tenable.com/plugins/nessus/151799)
    CVSS v3 Score: 8.2 (High)
    CVE: CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233

    o Amazon Linux 2 : kernel (ALAS-2021-1691) (https://nvd.nist.gov/vuln/detail/CVE-2021-33909)
    CVSS v3 Score: 7.8 (High)
    CVE: CVE-2021-33909

    o CentOS 7 : kernel (CESA-2021:2725) (https://www.tenable.com/plugins/nessus/151979)
    CVSS v3 Score: 7.8 (High)
    CVE: CVE-2019-20934, CVE-2020-11668, CVE-2021-33033, CVE-2021-33034, CVE-2021-33909

    o Java SE Vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-2369)
    CVSS v3 Score: 4.4 (Medium)
    CVE: CVE-2021-2369

    o Java SE Vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-2341)
    CVSS v3 Score: 3.1 (Low)
    CVE: CVE-2021-2341

    o Java SE Vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-2388)
    CVSS v3 Score: 7.5 (High)
    CVE: CVE-2021-2388

    o Amazon Linux 2 : kernel (ALAS2-2021-1693, ALAS2-2021-1696)
    CVSS v3 Score: 7.5 (High)
    CVE: CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-34556, CVE-2021-35477, CVE-2021-3655

    o The remote CentOS Linux host is missing one or more security updates. (CESA-2021:3028) (https://www.tenable.com/plugins/nessus/152360)
    CVSS v3 Score: 8.8 (High)
    CVE: CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512

    Download

    Files can be retrieved from the Solace Products site using your account name and password.

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    Documentation

    Solace product documentation can be found at: https://docs.solace.com.

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following product has been released and is available for download:

    • Solace PubSub+ Event Broker 9.8.0.17

    Release Summary

    This release introduces the following product updates:

    • Fix for issue SOL-55040 - Replication may cause excess resource consumption on the Solace broker.

    Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Download

    Files can be retrieved from the Solace Products site using your account name and password.

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    If you need access to AWS for Solace PubSub+ Event Broker: Software downloads, please contact Solace at support@solace.com. Access to http://products.solace.com requires your account name and password.

    Documentation

    Solace product documentation can be found at: https://docs.solace.com

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following products have been released and are available for download:

    • Solace PubSub+ Event Broker 9.11.0.9

    Release Summary

    This release introduces the following new features:

    • RDP - Variable Targets
    • RDP - Additional HTTP Headers with Fixed/Variable Values
    • Support for cgroups v2
    • Support 30,000 Transacted Sessions at 100K and 200K connection tiers
    • Add Search Configuration to resolv.conf on Appliance

    Vulnerability Notice

    The following vulnerabilities have been addressed in this release (see Release Notes for details):

    • The PubSub+ Event Broker appliance and machine image are exposed to the following vulnerabilities:
    1. CentOS 7 : kernel security updates
      CVSS v3 Score: 7.8 (High)
      CVE: CVE-2020-29374, CVE-2021-23133, CVE-2021-33034, CVE-2021-32399, CVE-2020-26558, CVE-2021-0129, CVE-2020-
      24587, CVE-2020-24586, CVE-2020-24588, CVE-2020-26139, CVE-2020-26147, CVE-2021-29650, CVE-2021-3564, CVE-2021-
      3573, CVE-2021-3587, CVE-2021-34693, CVE-2021-38160, CVE-2021-3609, CVE-2021-3655, CVE-2021-33909, CVE-2021-
      38204, CVE-2021-3679, CVE-2021-37576, CVE-2021-22543
    2. CentOS 7 : kernel (CESA-2021:3327) (https://www.tenable.com/plugins/nessus/152970)
      CVSS v3 Score: 7.8 (High)
      CVE: CVE-2020-27777, CVE-2021-22555, CVE-2021-29154, CVE-2021-29650, CVE-2021-32399
    3. CentOS 7 : bind (https://nvd.nist.gov/vuln/detail/CVE-2021-25214)
      CVSS v3 Score: 6.5 (Medium)
      CVE: CVE-2021-25214

    Download

    Files can be retrieved from the Solace Products site using your account name and password.

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    If you need access to AWS for Solace PubSub+ Event Broker: Software downloads, please contact Solace at support@solace.com. Access to http://products.solace.com requires your account name and password.

    Documentation

    Solace product documentation can be found at: https://docs.solace.com

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    The following products have been released and are available for download:

    • Solace PubSub+ Event Broker Appliance and Software 9.9.0.37
    • Solace PubSub+ Event Broker Appliance and Software 9.10.0.21
    • Solace PubSub+ Event Broker Appliance and Software 9.11.0.10

    Release Summary

    These releases introduce the following product updates:

    • Updates to address the following vulnerabilities (Note: some vulnerabilities were addressed in previous 9.10.0 and 9.11.0 releases, and have now been backported to 9.9.0. See Release Notes for more details):
    1. CentOS 7 : kernel security updates
      CVSS v3 Score: 7.8 (High)
      CVE: CVE-2020-29374, CVE-2021-23133, CVE-2021-33034, CVE-2021-32399, CVE-2020-26558, CVE-2021-0129, CVE-2020-24587, CVE-2020-24586, CVE-2020-24588, CVE-2020-26139, CVE-2020-26147, CVE-2021-29650, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587, CVE-2021-34693, CVE-2021-38160, CVE-2021-3609, CVE-2021-3655, CVE-2021-33909, CVE-2021-38204, CVE-2021-3679, CVE-2021-37576, CVE-2021-22543
    2. CentOS 7 : kernel (CESA-2021:3327) (https://www.tenable.com/plugins/nessus/152970 )
      CVSS v3 Score: 7.8 (High)
      CVE: CVE-2020-27777, CVE-2021-22555, CVE-2021-29154, CVE-2021-29650, CVE-2021-32399
    3. CentOS 7 : bind (https://nvd.nist.gov/vuln/detail/CVE-2021-25214 )
      CVSS v3 Score: 6.5 (Medium)
      CVE: CVE-2021-25214
    4. The remote CentOS Linux host is missing one or more security updates. (CESA-2021:3028) (https://www.tenable.com/plugins/nessus/152360 )
      CVSS v3 Score: 8.8 (High)
      CVE: CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512
    5. Java SE Vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-2369)
      CVSS v3 Score: 4.4 (Medium)
      CVE: CVE-2021-2369
    6. Java SE Vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-2341 )
      CVSS v3 Score: 3.1 (Low)
      CVE: CVE-2021-2341
    7. Java SE Vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-2388 )
      CVSS v3 Score: 7.5 (High)
      CVE: CVE-2021-2388
    8. CentOS 7 : kernel (CESA-2021:2725) (https://www.tenable.com/plugins/nessus/151979 )
      CVSS v3 Score: 7.8 (High)
      CVE: CVE-2019-20934, CVE-2020-11668, CVE-2021-33033, CVE-2021-33034, CVE-2021-33909
    9. CentOS 7 : linuxptp (CESA-2021:2658) https://nvd.nist.gov/vuln/detail/CVE-2021-3570
      CVSS v3 Score: 9.1 (Critical)
      CVE: CVE-2021-3570
    10. CentOS 7 : kernel security updates
      CVSS v3 Score: 7.5 (High)
      CVE: CVE-2021-38205, CVE-2021-3732, CVE-2021-3653, CVE-2021-3656, CVE-2020-3702, CVE-2021-38198, CVE-2021-3753

      Please refer to the product release notes for information on new features, changed functionality, resolved issues, known issues and upgrade considerations.

    Download

    Files can be retrieved from the Solace Products site using your account name and password.

    Access

    • Access to the Solace PubSub+ Event Broker: Software Standard Edition is available to everyone at https://solace.com/downloads/
    • Access to the 90-day Solace PubSub+ Event Broker: Software Evaluation Edition is available to everyone at https://solace.com/downloads/
    • Access to the Solace PubSub+ Event Broker: Software Enterprise Edition is available to customers who have licensed the product.

    If you need access to AWS for Solace PubSub+ Event Broker: Software downloads, please contact Solace at support@solace.com. Access to http://products.solace.com requires your account name and password.

    Documentation

    Solace product documentation can be found at: https://docs.solace.com