Hi everyone,
We’ve just released NServiceBus.RabbitMQ 9.1.1, 9.0.1, 8.0.5, and 7.0.7.
Fixed bugs
- #1439 Previous connections stay active after reconnect, causing resource exhaustion
- #1440 System.Formats.Asn1 (an indirect reference) has a security vulnerability in versions 9.0.1, 8.0.5 and 7.0.7
How to know if you are affected
All users are affected by #1439.
You are affected by #1440 if you are using NServiceBus.RabbitMQ 9.0.0 or earlier, and .NET runtime 8.0.7 or earlier.
Symptoms
For #1439, network connections between the client and the RabbitMQ broker may be interrupted. During interruptions the transport attempts to reconnect to the broker. During reconnection attempts, previous connections may stay open and eventually lead to resource exhaustion on the client, which requires the client to be restarted.
For #1440, see the security advisory.
When to upgrade
You should upgrade immediately if you are affected. Otherwise, you should upgrade during your next maintenance window.
Where to get it
You can install the new versions of NServiceBus.RabbitMQ from NuGet.
Please read our release policy for more details.
With thanks,
The team in Particular