Skip to main content

RabbitMQ is not affected by CVE-2025-32433 (an Erlang/OTP CVE)

· One min read

RabbitMQ is Not Affected by CVE-2025-32433

RabbitMQ is not affected by CVE-2025-32433, a vulnerability in the Erlang's SSH library. RabbitMQ does not use SSH, neither the server nor the client parts.

Team RabbitMQ's Erlang Packages Do Not Include SSH

Team RabbitMQ produces a zero dependency Erlang RPM that does not include the SSH library since it is not used. Our Debian packages are split into multiple fine-grained components, and the RabbitMQ installation guide skips SSH library installation.

Patched Versions Are Available

Team RabbitMQ's RPM repositories and Debian repositories were updated to include Erlang 27.3.3, 26.2.5.11 and 25.3.2.20.

For aarch64 (64-bit ARM) RPM packages, see rabbitmq/erlang-rpm releases.

For aarch64 (64-bit ARM) Debian packages of Erlang 26.2.5.11, see this Launchpad repository.

RabbitMQ community Docker image was also upgraded to Erlang 27.3.3 and 26.2.5.11 last week.

RabbitMQ 4.1.0 is released

· 5 min read

RabbitMQ 4.1.0 is a new minor release that includes multiple performance improvements, and a number of features such as thew new peer discovery mechanism for Kubernetes.

See Compatibility Notes below to learn about breaking or potentially breaking changes in this release.

Highlights

Some key improvements in this release are listed below.

Quorum Queue Throughput and Parallelism Improvements

Quorum queue log reads are now offloaded to channels (sessions, connections).

In practical terms this means improved consumer throughput, lower interference of publishers on queue delivery rate to consumers, and improved CPU core utilization by each quorum queue (assuming there are enough cores available to the node).

Initial Support for AMQP 1.0 Filter Expressions

Support for the properties and application-properties filters of AMQP Filter Expressions Version 1.0 Working Draft 09.

As described in the AMQP 1.0 Filter Expressions blog post, this feature enables multiple concurrent clients each consuming only a subset of messages from a stream while maintaining message order.

Feature Flags Quality of Life Improvements

Graduated (mandatory) feature flags several minors ago has proven that they could use some user experience improvements. For example, certain required feature flags will now be enabled on node boot when all nodes in the cluster support them.

See core server changes below as well as the GitHub project dedicated to feature flags improvements for the complete list of related changes.

rabbitmqadmin v2

rabbitmqadmin v2 is a major revision of the original CLI client for the RabbitMQ HTTP API.

It supports a much broader set of operations, including health checks, operations on federation upstreams, shovels, transformations of exported definitions, (some) Tanzu RabbitMQ HTTP API endpoints, --long-option and subcommand inference in interactive mode, and more.

RabbitMQ 4.0.9 is released

· One min read

RabbitMQ 4.0.9 is a new patch release in the 4.0.x series.

Release Artifacts

Release artifacts can be obtained on GitHub as well as RPM, Debian package repositories.

Community Support Now Only Covers the 4.1.x Series

With the release of RabbitMQ 4.1.0, this series is no longer covered by community support.

Future 4.0.x releases will only be available to paying customers via the Broadcom customer portal.

All non-paying users must upgrade to 4.1.0 in order to be covered by community support from the core team.

Upgrade Guidance

If upgrading from a version prior to 4.0, please consult the 4.0 release notes.

RabbitMQ 4.1 Performance Improvements

· 5 min read

RabbitMQ 4.1 is around the corner (update: has been released) and, as usual, apart from new features, we have made some internal changes that should provide better performance.

There are at least 4 notable changes:

  1. Lower and more stable memory usage for quorum queues
  2. Much better performance when consuming a long quorum queue
  3. Better performance for Websocket connections
  4. Lower memory usage and/or higher throughput for TCP connections

RabbitMQ 4.1: New Kubernetes Peer Discovery Mechanism

· 5 min read

RabbitMQ 4.1 includes a completely redesigned peer discovery plugin for Kubernetes. No configuration changes should be needed when upgrading to 4.1, so if you want, you can just stop reading here. If you are interested in the details, read on. This blog post explains the peer discovery subsystem in general and the changes to rabbitmq_peer_discovery_k8s in particular.

Tanzu RabbitMQ 3.13.8 is released

· One min read

Tanzu RabbitMQ 3.13.8 is a new patch release in the 3.13.x series of the commercial edition of RabbitMQ.

This edition includes additional feature such as Warm Standby Replication, intra-cluster traffic compression and a FIPS-enabled Erlang runtime.

Tanzu RabbitMQ is available on Kubernetes, as an OCI image, and an OVA image.

This release is based on open source RabbitMQ 3.13.x and includes all the latest backports in open source RabbitMQ 3.13.8.

Release Artifacts

Release artifacts for the 3.13.x series can be obtained via the Broadcom customer portal:

Upgrade Guidance

If upgrading from a version prior to 3.13.9, please first consult the open source RabbitMQ 3.13.0 release notes.

RabbitMQ 3.13.8 is released

· One min read

RabbitMQ 3.13.8 is a new patch release in the 3.13.x series. This series is currently covered by commercial support only.

For publicly available open source releases, see the 4.0.x series.

Release Artifacts

Release artifacts for the 3.13.x series can be obtained via the Broadcom customer portal.

Upgrade Guidance

If upgrading from a version prior to 3.13.9, please consult the 3.13.0 release notes.