Package "rabbitmq-server"

  rabbitmq-server (3.8.3-0ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Cross site scripting.
    - debian/patches/CVE-2021-32718.patch: Escape html in
      res.req_params.username in .../www/js/dispatcher.js.
    - debian/patches/CVE-2021-32719.patch: Format
      upstream.value['consumer-tag'] in
      .../www/js/tmpl/federation-upstream.ejs.
    - CVE-2021-32718
    - CVE-2021-32719

 -- Hlib Korzhynskyy <email address hidden> Mon, 02 Dec 2024 12:30:45 -0330

  rabbitmq-server (3.8.3-0ubuntu0.1) focal; urgency=medium

  * New upstream verison 3.8.3 (LP: #2060248).
    - RabbitMQ nodes will now gracefully shutdown when receiving a `SIGTERM`
      signal. Previously the runtime would invoke a default handler that
      terminates the VM giving RabbitMQ no chance to execute its shutdown
      steps.
    - Speedup execution of boot steps by a factor of 2N, where N is the number
      of attributes per step.
    - New health checks that can be used to determine if it's a good moment to
      shut down a node for an upgrade.
    - details about these changes can be found at
      https://github.com/rabbitmq/rabbitmq-server/blob/main/release-notes/3.8.3.md
  * Packaging changes needed by this update:
    - d/watch: update to find upstream tarball, and verify its signature
    - d/upstream/signing-key.asc: added, downloaded from
      https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
    - d/p/CVE-2023-46118-{1,2}.patch: refresh
    - d/p/lp1999816-fix-rabbitmqctl-status-disk-free-timeout.patch: fix offset
    - d/p/lets-use-python3-not-python-binary.patch: refresh
  * Added new dep8 tests (LP: #1679386):
    - d/t/smoke-test
    - d/t/hello-world
    - d/t/publish-subscribe
    - d/t/rpc
    - d/t/work-queue

 -- Mitchell Dzurick <email address hidden> Wed, 01 May 2024 17:02:31 -0700

  rabbitmq-server (3.8.2-0ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-46118-*.patch: Introduce HTTP request body limit
      for definition uploads and Reduce default HTTP API request body size limit
      to 10 MiB in deps/rabbitmq_management/Makefile, include/rabbit_mgmt.hrl,
      priv/schema/rabbitmq_management.schema, src/rabbit_mgmt_util.erl,
      src/rabbit_mgmt_wm_definitions.erl.
    - CVE-2023-46118

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 07 Nov 2023 09:37:31 -0300

  rabbitmq-server (3.8.2-0ubuntu1.4) focal; urgency=medium

  * d/p/lp1999816-fix-rabbitmqctl-status-disk-free-timeout.patch:
    Fix rabbitmqctl status when free disk space cannot be determined
    (LP: #1999816).

 -- Jorge Merlino <email address hidden> Wed, 22 Feb 2023 19:47:18 -0300

  rabbitmq-server (3.8.2-0ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-22116.patch: treat arrays with extra or
      missing input as fatal errors in src/amqp10_binary_parser.erl,
      test/binary_parser_SUITE.erl.
    - CVE-2021-22116

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 23 Jun 2021 10:05:38 -0300