NServiceBus.RabbitMQ 9.1.1, 9.0.1, 8.0.5, and 7.0.7 – Patch releases available

Hi everyone,

We’ve just released NServiceBus.RabbitMQ 9.1.1, 9.0.1, 8.0.5, and 7.0.7.

Fixed bugs

  • #1439 Previous connections stay active after reconnect, causing resource exhaustion
  • #1440 System.Formats.Asn1 (an indirect reference) has a security vulnerability in versions 9.0.1, 8.0.5 and 7.0.7

How to know if you are affected

All users are affected by #1439.

You are affected by #1440 if you are using NServiceBus.RabbitMQ 9.0.0 or earlier, and .NET runtime 8.0.7 or earlier.

Symptoms

For #1439, network connections between the client and the RabbitMQ broker may be interrupted. During interruptions the transport attempts to reconnect to the broker. During reconnection attempts, previous connections may stay open and eventually lead to resource exhaustion on the client, which requires the client to be restarted.

For #1440, see the security advisory.

When to upgrade

You should upgrade immediately if you are affected. Otherwise, you should upgrade during your next maintenance window.

Where to get it

You can install the new versions of NServiceBus.RabbitMQ from NuGet.

Please read our release policy for more details.

With thanks,
The team in Particular