Skip to content

Releases: alibaba/nacos

2.4.2 (Sep 5th, 2024)

05 Sep 09:16
@KomachiSion KomachiSion
2.4.2
3a9003b
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.2 (Sep 5th, 2024) Latest
Latest

This version primarily fixes a potential deadlock issue during the startup process related to the Raft protocol initialization in version 2.4.1 (#12526). It also rolls back the changes made in version 2.4.1 that lowered the hessian version, which caused startup problems on JDK 17+ versions due to conflicts with hessian dependencies. Additionally, the logic for checking ServerStatus has been optimized to prevent issues from affecting the availability of non-Raft-dependent functionalities due to Raft election failures.

Furthermore, this version includes several usability enhancements and addresses some other bugs.

Please see the details of the changes below:

Change details

Enhancement&Refactor

[#12483] Configuration list adds configuration format.
[#12547] Nacos client supports desensitise in logging.
[#12555] SwitchManager support http、tcp、mysql HealthParams and pushCSharpVersion update.
[#12569] Enhance is exist table logic to support more database.
[#12573] Enhance Server status check to avoid affect core features.
[#12583] Enhance protocolManager lock logic.
[#12608] Enhance configs diff, support to collapse identical rows.

BugFix

[#12093] Fix reset password success but no message.
[#12498][#12503] Revert "Resolve the Hessian package conflict issue. (#12449)".
[#12509] Fix nacos-client updating accessToken bug.
[#12526] Fix possible dead lock problem during start up.
[#12563] Fix paramchecker invalid bug.
[#12581] Fix namespace quota and parameter optimize.
[#12604] Fix get config labels from env parameters.
[#12610] Fix wrong error code for http open api request.

Dependency

[#12568] Upgrade mysql-connector-j from 8.0.33 to 8.2.0.
[#12387] Upgrade logback adapter to 1.1.3
[#12586][#12596] Upgrade spring version to 5.3.39.
[#12596] Upgrade tomcat to 9.0.93.

New Contributors

Full Changelog: 2.4.1...2.4.2

Contributors

shengbinxu and XiaZhouxx
Assets 6
Loading

2.4.1 (Aug 15th, 2024)

15 Aug 11:57
@KomachiSion KomachiSion
2.4.1
106a1d5
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.1 (Aug 15th, 2024)

该版本主要针对部分Jraft请求处理时,会造成任意文件读写的问题进行修复。

该漏洞仅影响7848端口(默认设置下),一般使用时该端口为Nacos集群间Raft协议的通信端口,不承载客户端请求,因此老版本可以通过禁止该端口来自Nacos集群外的请求达到止血目的(如部署时已进行限制或未暴露,则风险可控)。

另外该版本也在2.4.0的基础上针对derby ops接口做了进一步优化,默认限制derby数据库可执行的SQL范围,降低用户在打开derby ops接口后的风险。

变更详情请查看下文:

The version mainly fixes the issue of arbitrary file read and write that can occur during the processing of some Jraft requests.

The vulnerability only affects port 7848 (by default), which is typically used as the communication port for Nacos cluster inter-raft protocol and does not handle client requests. Therefore, the risk can be controlled by disabling requests from outside of Nacos clusters (e.g. by limiting or not exposing the port) in older versions.

Additionally, this version has further optimized the Derby Ops API by restricting the range of executable SQL commands on the Derby database by default, thereby reducing the risk to users when accessing the Derby Ops API.

Please see the details of the changes below:

Change details

Feature

Enhancement&Refactor

[#11887] Add some tips when token.secret.key is not base64.
[#12311] Enhance console to support namespace list with selectors.
[#12405] LDAP plugin support custom admin user password for default.
[#12446] Enhance hint when got Mac Instance with error in default auth plugin.
[#12466] Enhance to configurable service metadata and instance metadata length.
[#12477] Enhance default auth plugin to support auth_basic when logout.
[#12489] Remove KvStorage and ConsistencyService.
[#12490] Enhance derby mode to support limit SQL Type.

BugFix

[#12301] Fix headlth check for persistent instance for different namespace but groupName and serviceName are same.
[#12374] Fix memory calculate error for metrics api.
[#12397] Fix the bug of parsing empty connection control rule problem.
[#12410] Fix no hint when beta config content is not equal with formal content.

Dependency

[#12342] Resolve the Hessian package conflict.

New Contributors

Full Changelog: 2.4.0.1...2.4.1

Contributors

eltociear, gongycn, and 7 other contributors
Assets 6
Loading

1.4.8 (Aug 15th, 2024)

15 Aug 11:51
@KomachiSion KomachiSion
1.4.8
f4373de
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.4.8 (Aug 15th, 2024)

What's Changed

New Contributors

Full Changelog: 1.4.7...1.4.8

Contributors

raymondzhangl, EruDev, and KomachiSion
Assets 6
Loading

2.4.0.1 (July 22th, 2024)

22 Jul 07:28
@KomachiSion KomachiSion
2.4.0.1
197795a
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.0.1 (July 22th, 2024)

This version is fast fix for two block issues #12387 and #12395 for 2.4.0, which might cause password can't be changed and can't create new users when not using MySQL database with new table structures.

What's Changed

Full Changelog: 2.4.0...2.4.0.1

Contributors

KomachiSion
Assets 6
Loading

2.4.0 (July 19th, 2024)(Please use 2.4.0.1)

19 Jul 06:34
@KomachiSion KomachiSion
2.4.0
4e77625
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.0 (July 19th, 2024)(Please use 2.4.0.1)

Please use 2.4.0.1 first

This version is an important version which support many new features.

The most mainly feature is Nacos support maintainer to initialize the admin user nacos password instead of using default password to improve the default security for deploy nacos clusters.

One more thing is default disabled derby ops API to prevent false alarms regarding corresponding risks for users without authentication enabled when deploying in standalone mode. If maintainers want use this API to maintain and query data in derby, maintainers can use nacos.config.derby.ops.enabled=true to open this API.

And other mainly features are support TLS Grpc communication between Nacos cluster nodes as an optional feature to improve Nacos security, which means nacos not only support TLS communication between client and server; What's more, Nacos start to support user extend Selector before callback Subscriber for naming module, not only can select instance of services by healthy and clusters. And Nacos client support callback service diffs by new event to reduce Subscriber cache and compare logics.

Third mainly features are support some configs usages in Nacos console and support more enhancement usage for plugins, such as support add all metadata to prometheus sd protocol and support aliyun ram v4 signature.

In addition to substantial feature updates, this version also fixes some bugs from previous versions and upgrades certain dependencies with security vulnerabilities.

Detail see:

Feature

[#10374] Support naming custom selectors and support service diff events.
[#11456] Support TLS Grpc communication between Nacos cluster nodes.
[#11847] Nacos console support publish config with cas.
[#11943] Record users for import configs.
[#11957] Remove default password for user nacos.
[#12130] Add metadata as labels in prometheus http sd.
[#12162] Support aliyun ram v4 signature method.

Enhancement&Refactor

[#11956] Refactor nacos client logging module, use SPI load current logger adapter.
[#12013] Enhance to fast config Nacos memory setting in startup.sh by environment CUSTOM_NACOS_MEMORY.
[#12072] Support does not impose any limit when totalCountLimit is less than 0.
[#12166] Enhance nacos client init properties logger.
[#12177] Update console header link to new nacos.io.
[#12178] Add total record count display in pagination.
[#12185] Use nacos properties in CacheDirUtil.
[#12221] Remove the accessToken from the URL.
[#12235] Enhance logging format in the ResponseExceptionHandler.
[#12246] Internationalize the display of total counts in the configuration list and service list.
[#12321] Enhance log for unexpected exception from NetworkInterface.ifUp.
[#12355] Record the cost of ConfigDump in Prometheus.
[#12372] Disable derby ops api default.
[#12382] Support ram info switch.

BugFix

[#10639] Fix the encrypted_data_key is text type so that old version can't upgrade directly.
[#11902] Fix leak of request and response for java native runtime for nacos-client.
[#11926] Fix Nacos can't triggle self protection when disk full in some OS.
[#11951] Fix the problem that the serviceName and groupName are not resolved correctly when deleting an empty service instance.
[#11967] Fix Config can't publish and listen when dataId contains some special words in Window OS.
[#11968] Fix Multiple config change plugin implementation configuration conflicts problem.
[#12022] Fix nacos datasource plugin ClassCastException problem.
[#12046] Fix cipher-aes config encrypt plugin not effect when publish config again.
[#12060] Fix too large ttl when auth disabled.
[#12146] Fix the operation type does not display when rolling back a configuration with a delete operation type.
[#12168] Fix the labels of the query conditions on the Permission Control - Role Management page are still displayed in Chinese after switching the system language to English.
[#12180] Fix the operator is not recorded during clone and import operations.
[#12196] Fix prometheus http sd invalid label names.
[#12207] Fix disk failover datasource not keep status.
[#12197] Add an id primary key column to both the roles and permissions tables.
[#12219] Fix ServerListManager in nacos-client fails to parse the endpoint in the config.
[#12253] Add endpoint cluster name for config & naming server list manager.
[#12265] Fix nacos client dependencies tree without grpc package.
[#12323] Fix nacos client logback configuration will override packagingData problem.
[#12333] Fix auth Plugin resource parser can't parser v2 config openAPI namespaceId.

Dependency

[#11904] Bump Spring Security to 5.7.12.
[#11975] Remove unused dependency javatuple.
[#11980] Bump spring framework to 5.3.34.
[#12135] Upgrade module naocs-console from junit4 to junit5.
[#12369] Upgrade grpc to 1.64.2.

New Contributors From 2.4.0-BETA.

Full Changelog: 2.4.0-BETA...2.4.0

Contributors

taomaree, dingjs, and HMYDK
Assets 6
Loading

2.3.3 (Jun 25th, 2024) (client only)

25 Jun 02:30
@KomachiSion KomachiSion
2.3.3-client-only
3326cdf
Compare
Choose a tag to compare
2.3.3 (Jun 25th, 2024) (client only)

This version mainly fix one client block bug and support java agent parsing ram info switches.

The client block bug was introduced in client version 2.3.0, as detailed in ISSUE #10792. The intended change was to unify the address server addressing logic for both the registry and the configuration center and to support custom modification of the address server's path.

However, in a Spring Cloud environment, the clusterName parameter for discovery has a specific business significance: it denotes the clusterName attribute of the registered service instance. When users configure the clusterName attribute for service instances, it simultaneously alters the path used for addressing the address server.

This bug was primarily caused by the previous ambiguity in the Nacos Client's parameter naming definitions.

To resolve this issue, starting from version 2.3.3, parameters used for controlling the address server will be prefixed with "Endpoint". Specifically:

The clusterName parameter for endpoint will be renamed to endpointClusterName.
The clusterName attribute used by the registry for service instances will remain unchanged.

Previous Configuration:

spring.cloud.nacos.discovery.clusterName=my-service-cluster
spring.cloud.nacos.config.clusterName=my-service-cluster

Updated Configuration:

spring.cloud.nacos.discovery.endpointClusterName=my-endpoint-cluster
spring.cloud.nacos.discovery.clusterName=my-service-cluster
spring.cloud.nacos.config.endpointClusterName=my-endpoint-cluster
Assets 2
Loading

2.4.0-BETA (Jun 6th, 2024)

06 Jun 03:21
@KomachiSion KomachiSion
2.4.0-BETA
1e38289
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.0-BETA (Jun 6th, 2024) Pre-release
Pre-release

This version is an important version which support many new features.

The most mainly feature is Nacos support maintainer to initialize the admin user nacos password instead of using default password to improve the default security for deploy nacos clusters.

And other mainly features are support TLS Grpc communication between Nacos cluster nodes as an optional feature to improve Nacos security, which means nacos not only support TLS communication between client and server; What's more, Nacos start to support user extend Selector before callback Subscriber for naming module, not only can select instance of services by healthy and clusters. And Nacos client support callback service diffs by new event to reduce Subscriber cache and compare logics.

Third mainly features are support some configs usages in Nacos console and support more enhancement usage for plugins, such as support add all metadata to prometheus sd protocol and support aliyun ram v4 signature.

In addition to substantial feature updates, this version also fixes some bugs from previous versions and upgrades certain dependencies with security vulnerabilities.

Detail see:

Feature

[#10374] Support naming custom selectors and support service diff events.
[#11456] Support TLS Grpc communication between Nacos cluster nodes.
[#11847] Nacos console support publish config with cas.
[#11943] Record users for import configs.
[#11957] Remove default password for user nacos.
[#12130] Add metadata as labels in prometheus http sd.
[#12162] Support aliyun ram v4 signature method.

Enhancement&Refactor

[#11956] Refactor nacos client logging module, use SPI load current logger adapter.
[#12013] Enhance to fast config Nacos memory setting in startup.sh by environment CUSTOM_NACOS_MEMORY.
[#12072] Support does not impose any limit when totalCountLimit is less than 0.
[#12166] Enhance nacos client init properties logger.
[#12177] Update console header link to new nacos.io.

BugFix

[#10639] Fix the encrypted_data_key is text type so that old version can't upgrade directly.
[#11902] Fix leak of request and response for java native runtime for nacos-client.
[#11926] Fix Nacos can't triggle self protection when disk full in some OS.
[#11951] Fix the problem that the serviceName and groupName are not resolved correctly when deleting an empty service instance.
[#11967] Fix Config can't publish and listen when dataId contains some special words in Window OS.
[#11968] Fix Multiple config change plugin implementation configuration conflicts problem.
[#12022] Fix nacos datasource plugin ClassCastException problem.
[#12046] Fix cipher-aes config encrypt plugin not effect when publish config again.
[#12060] Fix too large ttl when auth disabled.
[#12146] Fix the operation type does not display when rolling back a configuration with a delete operation type.
[#12168] Fix the labels of the query conditions on the Permission Control - Role Management page are still displayed in Chinese after switching the system language to English.

Dependency

[#11904] Bump Spring Security to 5.7.12.
[#11975] Remove unused dependency javatuple.
[#11980] Bump spring framework to 5.3.34.
[#12135] Upgrade module naocs-console from junit4 to junit5.

New Contributors

Full Changelog: 2.3.2...2.4.0-BETA

Contributors

syshenyao, hnyyghk, and 11 other contributors
Assets 6
Loading

2.3.2 (Apr 3rd, 2024)

03 Apr 06:29
@KomachiSion KomachiSion
2.3.2
b8a5a56
Compare
Choose a tag to compare
2.3.2 (Apr 3rd, 2024)

This version mainly fix #11880 issue, this issue will make nacos-server frequently push config to nacos-client 2.3.1 version even data no changed so that the client and server resource costs.

And at the same time, This version can fix other usage issues found in 2.3.1 and older version.

Detail see:

Enhancement&Refactor

[#11752] Enhance contentPath configurable for AddressServerUrl.
[#11801] Refactor PageHandlerAdapterFactory.
[#11844][#11867][#11903] Refactor connection and client labels content.
[#11895] Enhance response for register service instance for non-connected connection.

BugFix

[#11536] Fix failover triggered problem.
[#11821] Fix announcement api not limit path expression.
[#11835] Fix service removed after server restarted when service contain metadata.
[#11842] Fix response wrong status code for some API.
[#11843] Fix nacos/v2/ns/client/* API response data wrong for batch registered service.
[#11853] Fix nacos-client start failed for native GraalVM.
[#11880] Fix config module frequently push new config data even config no change.

Dependency

[#11874] Bump mysql-connnector-java to 8.0.33
[#11811] Bump Spring Web to 5.3.33
[#11913] Bump console ui dependencies to solve security problem with audit fix.

New Contributors

Full Changelog: 2.3.1...2.3.2

Contributors

lmm1990, JianweiWang, and 4 other contributors
Assets 6
Loading

2.3.1 (Mar 4, 2024)

04 Mar 06:20
@KomachiSion KomachiSion
2.3.1
92dda94
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.3.1 (Mar 4, 2024)

This version mainly do some Enhancement and bugfix for 2.3.0 to improve the usages and stability.

And From this version, Nacos support snowFlake to generate instance id again and usage is same with older version.

For console, this version add an new style of dark mode. Thanks for the community contributors.

Detail see:

Feature

[#9001] Support snowFlakeInstanceId by SPI.
[#11441][#11708] Add console UI Dark mode.

Enhancement&Refactor

[#10846] Support metricsfor grpc server executor and grpc request.
[#11053] Enhance Nacos Client Failover Logic.
[#11306] Change the length of the field named resource from 255 to 128.
[#11514] Check server stream ready state to avoid bytebuffer back up in flow control pending write queue.
[#11518] Enhance the timed incremental reconciliation for configuration center.
[#11521] Add UT coverage for config module.
[#11526] Add service info log when client receive server push data.
[#11571] Fix Persistent services load snapshot will casue data inconsistent by thread safety.
[#11601] Enhance to remove check auth identity key and value for standalone mode.
[#11612] Unified use of NameThreadFactory to create thread pools.
[#11618] Add the config of max thread count for client worker & naming polling.
[#11658] Enhance dump configuration logic to reduce network traffic.
[#11695] Fix PreviousConfigHistory show encrypted configuration problem.
[#11670] Remove direct read logic for configuration center when starting with derby.

BugFix

[#10752] Fix Prometheus sd api security is not compatiable with nacos original security configs.
[#11416] Fix connection count of current node is not accurate.
[#11459] Fix RowMapper is required problem in embedded storage with cluster.
[#11489] Fix PageHandlerAdapterFactory initHandlerAdapters error.
[#11493] Fix service name group check in nacos client.
[#11494] Fix Login api request frequently when disabled auth with 2.x client.
[#11497] Fix ClassCastException when nacos.plugin.datasource.log.enabled=true.
[#11499] Fix address server health check error.
[#11573][#11619][#11624][#11626] Fix default control plugin invalid problem.
[#11595] Fix user update permission problem.
[#11647] Fix logged raft-config always {} problem.
[#11654] Fix server don't send its abilities if client don't send its abilities when setting up connection.
[#11679] Fix totalpush count cannot increase when push fail.
[#11718] Fix ErrorCode have the same code.
[#11701] Fix BatchRegister service might cause distro sync handle exception and data delay after timeout.

Dependency

[#11473] Upgrade logback to 1.2.13.
[#11586] Remove deprecated dependency api of spring security.
[#11422] Upgrade Jraft to 1.3.14.
[#11777] Upgrade console-ui dependencies by npm audit fix to fix some ui security.

Assets 4
Loading

1.4.7 (Jan 15th, 2024)

15 Jan 02:24
@KomachiSion KomachiSion
1.4.7
bd22667
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.4.7 (Jan 15th, 2024)

What's Changed

  • [ISSUE #10787] Fixed the memory performance issue caused by the creat… by @wyt in #10937
  • [ISSUE #11132]feat: Add a rolling deletion strategy to solve the hidden danger of unlimited number of log files by @FeiXiangDouLi in #11189
  • fix: 修复配置文件监听器异常信息打印会出现null的问题 by @hczs in #11425
  • fix:Port modification in the configuration file does not take effect … by @DiligenceLai in #11524
  • Upgrade to 1.4.7 & add new property to support agent situation. by @KomachiSion in #11644

New Contributors

Full Changelog: 1.4.6...1.4.7

Contributors

wyt, FeiXiangDouLi, and 3 other contributors
Assets 4
Loading