Releases: alibaba/nacos
2.2.0.1 (March 2nd, 2023)
该版本移除了默认鉴权插件中依赖的nacos.core.auth.plugin.nacos.token.secret.key
默认值,在部署新版本时必须要输入自定义的有效token.secret.key
用于登陆后的accessToken生成。
本变更避免开源用户直接使用默认配置时出现的安全风险,提升了开源组件使用的安全性。
旧版本不是必须升级到这个版本, 只需要根据文档修改对应token.secret.key即可修复问题。
变更详情:
- [#9992] Remove the default token.secret.key.
This version removes nacos.core.auth.plugin.nacos.token.secret.key
which is dependent on the default authentication plugin. When deploying with new version, users must set the custom valid token.secret.key
to generate accessToken for login.
This change is to avoid security risks when users directly use the default configuration, and improve the security during using this component.
The old version does not have to be upgraded to this version, just modify the token.secret.key according to documentation to repair problem.
Detail:
- [#9992] Remove the default token.secret.key.
2.2.1-RC
2.2.0 (Dec 14, 2022)
This version is an important version which include some large changes.
The first important change is remove the old redundant codes about 1.x naming and double write relative codes. After changed, The 2.2.0 version will can't upgraded from Nacos 1.X server, only can upgraded from at least version 2.0.0. The changes will not effect the adapt for 1.X client request, users can still use 1.X client with 2.2.0 version.
The second important change is adding several plugins:
- datasource plugin, which added by Asoc 2022 project to support other DBs.
- custom environment plugin, which added by community to handle configurations of Nacos server, such as decrypt database password.
- connection limit plugin, which refactored from old limit module, to extend more abilities to protect Nacos server under high pressure.
The third important change is to enhance the beta feature Tracing plugin
and batch register
, which make them more easy to use.
Detail see:
feature
[#5863][#9331] Support batch register and batch deregister service.
[#8308] Add v2 openAPI for nacos 2.0.
[#8312] Support datasource plugins.
[#8481] Support track tracing plugins.
[#8694] Support prometheus http service discovery(prometheus http sd).
[#9318] Support caseSentive for Ldap auth plugin.
[#9366] Support Ldaps authentication.
Enhancement&Refactor
[#7930] Reomve old redundant codes about 1.x naming.
[#9391] Optimization Chooser.
[#9393] Make server stop auto when starting error.
[#9414] Optimize fuzzy queries to make SQL more general.
[#9415][#9449][#9466][#9497] Enhancement datasource plugins.
[#9423] ExternalDataSourceProperties add isEmpty check to support external config.
[#9459] Modify the method modifier of NacosApplicationListener to default.
[#9471] Keep console query condition in configuration After return list config pages.
[#9597] Keep console query condition in discovery After return list service pages.
[#9615] Enhance client choose server node to request server more dispersed.
[#9653] Refactor connection limit module to plugin.
BugFix
[#9334] Fix group_id data length different in many tables.
[#9341] Fix can not create bean ldapAuthenticationProvider.
[#9351] Fix instance count error in prometheus metrics.
[#9367] Fix auth plugin's property 'token.secret.key' base64 decode error.
[#9408][#9437] Fix console namespace list deploy problems.
[#9461] Fix ClientWorker NullPointer judgement order.
[#9474] Fix some instance is unhealthy after change to http health check.
[#9478] Fix the chooser bug when all instances have a zero weight.
[#9584] Fix console configuration query button overflow hidden problem.
[#9586] Fix problem of deregister instance failure after service expired metadata auto clean.
Dependency
[#9652] Upgrade ui dependencies to fix some depend vulnerability.
2.2.0-BETA (Oct 28, 2022)
This version is an important version which include some large changes.
The first important change is remove the old redundant codes about 1.x naming and double write relative codes. After changed, The 2.2.0 version will can't upgraded from Nacos 1.X server, only can upgraded from at least version 2.0.0. The changes will not effect the adapt for 1.X client request, users can still use 1.X client with 2.2.0 version.
The second important change is merging some of Asoc2022 and Summer2022 topic results, such as v2.0 openAPI and datasource plugins. Other topics will publish in future versions.
The third important change is to enhance the beta feature Tracing plugin
and batch register
, which make them more easy to use.
Due to many important changes in this version, so community plan to do a pre-release BETA version. According the beta result, The next version plan to Beta2 or GA release.
Detail see:
feature
[#5863][#9331] Support batch register and batch deregister service.
[#8308] Add v2 openAPI for nacos 2.0.
[#8312] Support datasource plugins.
[#8481] Support track tracing plugins.
[#9366] Support Ldaps authentication.
Enhancement
[#7930] Remove old redundant codes about 1.x naming.
BugFix
[#9334] Fix group_id data length different in many tables.
[#9341] Fix can not create bean ldapAuthenticationProvider.
[#9351] Fix instance count error in prometheus metrics.
2.1.2 (Oct 17th, 2022)
This version mainly enhance the console UI, release pure nacos client without shaded and fix lots of bugs.
The next version plan to release 2.2.0, which include many of new plugins.
Detail see:
Enhancement
[#6112] Unified derby-data variables.
[#7929] Reduce nacos-client jar size by minijar.
[#8941] Support Fuzzy Query in Authority Control--for api change.
[#8956] Internationalize product description content in nacos console.
[#8976] Create new namespace with duplicate namespace show name.
[#9091] build pure nacos-client when release.
[#9210] Naming Distro sync support revision.
Refactor&dependency
[#8611] Close old datasource connection.
[#8650] Make cluster/report both receive and send metadata.
[#9013] refactor rpcClient and grpcClient to support set configuration.
[#9014] refactor TpsMonitorPoint.
[#9177] Upgrade org.yaml.snakeyaml version from 1.30 to 1.32
[#9325] Add switch for naming async query.
BugFix
[#8882] Fix nacos-client 2.1.0 start error when using endpoint configuration.
[#8910] Fix calculate instance count error when using batch register.
[#8925] Fix the value of hasQueryString is always false.
[#8928] Fix the replaceAll operation is invalid for server list.
[#8931] Fix BatchInstanceData can't serialize problem.
[#8934] Fix header lost when request retrying.
[#8947] Fix the authentication/encryption plugin are not loaded on the nacos server.
[#9023] Fix corner case config dataId 'cipher-' can't be create.
[#9047] Fix ServerListMgr is not shutdown in nacos-client.
[#9060] Fix print logs for NamingTraceEvent continuously.
[#9062] Fix unsubscribe service failed problem.
[#9101] Fix the ConnectionTimeout property in the datasource connection is overwritten problem.
[#9227] Fix instance change event subscribe failed in 2.1.1 when no setting scope.
[#9230] Fix error event order for snapshot loading.
[#9269] Fix RpcClient parse ipv6 address error problem.
[#9271][#6876] Fix 'JraftServer' NPE after server exceptionally shutdown.
[#9277] Fix ClientServiceIndex not clean when service removed.
[#9305] Fix build resource with error dataId.
[#9311] Fix cache not removed when listener adding delay.
[#9323] Fix service checking problem in 1.x http openAPI.
2.1.1 (Aug 8th, 2022)
This version mainly fix lots of bugs in 2.1.0 version and upgrade many dependencies to fix some big problem.
At the same time, community do some of enhancement for performance such as default auth plugin, Grpc request and distro protocol.
Finally, This version add two beta feature -- batchRegister
and trace event
. The first beta feature is used by proxy register situation like nacos-sync
.
The second beta feature is used to get the information of config or service changes. It will be a new plugin for community.
Detail see:
Features
[#5863] (BETA) Support batch register service.
[#7424] Add version data compare in the history list.
[#8305] (REMOVE) Remove leave nacos server nodes API temporarily.
[#8481] (BETA) Add TRACE Event to server.
[#8755] Add default fuzzy search feature.
Enhancement
[#8099] Fast failure for distro sync task and verify task if cluster disconnect.
[#8150] Add the namespace description item to the namespace list page.
[#8345] Add validation for service cluster name.
[#8515] Optimize some code in InetUtils.
[#8561] Enhance default authentication plugin performance.
[#8574] Enhance filter service info for push callback.
[#8592] Ehhance GrpcUtil memory and cpu cost.
[#8622] Add NacosEnvironment and add some unit tests.
Refactor&dependency
[#8369] Remove mina dependency.
[#8383] Upgrade jackson version to 2.12.6.1.
[#8421] Remove commonOkHttp dependency.
[#8472] Remove useless dependency.
[#8479] Refactor singleton construction as private.
[#8540] Upgrade spring-boot version to 2.6.8.
[#8594] Makes distro data load timeout can be configured.
[#8596] Explicitly specify spring-boot-maven-plugin version same as spring-boot.
[#8623] Upgrade mysql-connector-java to 8.0.28.
BugFix
[#7039] Fix config encryptedData md5 calculation problem.
[#8153] Fix NPE for AutoExpireCache.
[#8243][#8653] Fix health check plugin problem.
[#8275] Fix can't register service when use skywalking.
[#8295] Fix can't login when use embedded storage in cluster model.
[#8318] Fix findAllConfigInfoForDumpAll sql args error.
[#8372] Fix client can't use https connection.
[#8424] Fix cycle dependency problem.
[#8428] Fix naming subscribe bug when multiple NamingService.
[#8505] Fix log configuration conflict in spring-boot project.
[#8514][#8539] Fix prometheus api error in client.
[#8516] Fix the persistent instance becomes a temporary instance.
[#8602] Fix display error after delete current namespace.
[#8632] Fix subscribe disabled instance problem in the first time.
[#8635] Fix NPE when call the shutdown method.
[#8720] Fix the problem that config aspect invalid problem.
[#8742] Fix change instance metadata, the revision of service not change.
[#8784] Fix some bugs for Console UI.
[#8833] Fix import config failed when open auth.
[#8880] Fix constantly loading config when not read permission.
Test
[#4982][#8344] Fix naming module unit test and generate jacoco coverage report.
1.4.4 (Aug 8th, 2022)
This version mainly upgrade the spring boot version to 2.6.6 to fix some spring's security problem, and apply many enhancements from 2.X.
Details see following:
Enhancement
[#5344] Reset raft cluster ops for no leader by JRaft Api.
[#5884][#7810] Add the permission for history config.
[#7284] Enhance print exception details.
[#7799] Enhance console exception handler.
[#7802] Enhance thread pool manager.
[#7801] Enhance connection release timeout between server.
[#7803] Apply some Jraft Enhancement from 2.X.
[#7925] Client stops the UpdateTask after a service is unsubscribed.
[#8072] Reduce memory cost in DistroProtocol initialization to avoid OutOfMemoryError.
[#8144] Add volatile modifier to NamingProxy.serversFromEndpoint.
[#8203] Fix the concurrency problem about the iterator of ServerListManager.
[#8434] Enhance DistroConsistencyServiceImpl listen/unListen.
BugFix
[#6198][#7809] Fix StringUtils.join throw NullPointerException.
[#6273] Fix loop leave server.
[#7141][#7804] Fix the problem of the operator column being empty while configuring adding and deleting records.
[#7750][#7869] Fix bug in permissions management module, such as redundant 'nacos,' when change password.
[#7757][#7761] Fix jraft request parse failed problem.
[#7807] Fix yaml parse concurrent problem.
[#7836] Fix nacos-client can't parse localhost
problem.
[#8012] Fix NPE in DistroConsistencyServiceImpl.Notifier.
[#8283] Fix thread safety problem when concurrently registering with the same cluster.
[#8428] Fix naming subscribe bug when multiple NamingService .
[#8539] Fix prometheus api error.
Dependency
[#7813] Upgrade log4j2 to 2.17.1.
[#7813] Upgrade logback to 1.2.9.
[#7813] Upgrade Jraft to 1.3.9.
[#8421] Remove commonOkHttp dependency.
[#8169] Upgrade spring-boot version to 2.6.6.
2.1.0 (Apr 29, 2022)
This version mainly adds authentication plugin and configuration encryption plugin ability. And shutdown the ability to support upgraded from version 1.X by default.
For Client, this version refactor the classes scan logic and remove the org.reflections
dependency to solve the incompatibility issues when org.reflections
conflicts.
Finally, this version does some enhancement and fixes some bugs found in 2.0.4.
The detail change log following:
Features
[#5695] Add a plugin SPI for configuration encryption and decryption for Nacos 2.0
[#5696] Add a plugin SPI for authentication for Nacos 2.0.
[#7930] Default close support upgrade from 1.X feature.
[#7992] Support cluster grpc client to set thread pool size.
[#8220] Add reset raft cluster operation.
Enhancement & Refactor
[#7487] Add generics for the CacheBuilder.
[#7879] Refactor destroy method of AbstractMemberLookup.
[#7924][#8214] Add ldap auth plugin.
[#7952] Ignore read request for raft follower's state machine to enhance raft stability.
[#7966] Add more information in Auth/Distro/Curcuit-Filter when cause some server error.
[#7971] Stop version judge Task and release thread after upgrade completely.
[#8072] Enhance memory cost in DistroProtocol initialization.
[#8107] Enhance console change password operation.
[#8156] Support js and css of console auto-upgrade.
BugFix
[#1717][#7359] Fix XSS vulnerabilities.
[#6273] Fix loop request for offline server nodes API.
[#6999] Fix Nacos client does not support logback overload log configuration.
[#7757] Fix jraft read request deserialize to write request problem.
[#7780] Fix config a-b-a problem.
[#7941] Fix version comparison error in Config Detail page.
[#8087] Fix text out of box in configuration manager.
[#8108] Fix throw NPR for health check for v2.
[#8050] Fix configuration about Distro changes could not take effect.
[#8161] Fix console can't use relative path problem.
[#8163] Fix multi-instance share the same local snapshot.
[#8196] Fix subscriber api without count when the query number is more than subscriber count.
Dependency
[#7758] Update module nacos-consistency protobuf-maven-plugin version to 0.6.1.
[#7886] Enhance package scan logic and remove org.reflections dependency.
Tests
2.1.0-BETA (Apr 01, 2022)
This version mainly adds authentication plugin and configuration encryption plugin ability. And shutdown the ability to support upgraded from version 1.X by default.
For Client, this version refactor the classes scan logic and remove the org.reflections
dependency to solve the incompatibility issues when org.reflections
conflicts.
Finally, this version does some enhancement and fixes some bugs found in 2.0.4.
The detail change log following:
Features
[#5695] Add a plugin SPI for configuration encryption and decryption for Nacos 2.0
[#5696] Add a plugin SPI for authentication for Nacos 2.0.
[#7930] Default close support upgrade from 1.X feature.
[#7992] Support cluster grpc client to set thread pool size.
Enhancement & Refactor
[#7879] Refactor destroy method of AbstractMemberLookup.
[#7952] Ignore read request for raft follower's state machine to enhance raft stability.
[#7966] Add more information in Auth/Distro/Curcuit-Filter when cause some server error.
[#7971] Stop version judge Task and release thread after upgrade completely.
BugFix
[#1717][#7359] Fix XSS vulnerabilities.
[#7757] Fix jraft read request deserialize to write request problem.
[#7941] Fix version comparison error in Config Detail page.
Dependency
[#7758] Update module nacos-consistency protobuf-maven-plugin version to 0.6.1.
[#7886] Enhance package scan logic and remove org.reflections dependency.
Tests
1.4.3 (Jan 27, 2022)
This version mainly optimizes the stability of config module, put forward the interactive experience of console.
What's more, this version also made a large improvement in terms of UT coverage rate, and fix many bugs of 1.4.x.
Details see following:
Features
[#6016] Support fetching server list from endpoint with namespace.
[#5672] relayout configurations page.
Enhancement
[7188] Add encryptedDataKey with LocalEncryptedDataKeyProcessor.getEncryptDataKeySnapshot into LocalConfigInfoProcessor.getSnapshot.
[#6663] Optimize GetServerListTask load priority.
[#1773] Let the importted config over the original config.
[#5635] Fix the problem of no Gap With CreateUser button & refresh.
Refactor & Code Quality
[#7480] Upgrade log4j to 2.17.0 for v1.x-develop.
[#7420] Upgrade log4j from 2.15.0 to 2.16.0.
[#5547] Optimize ConfigRequest and ConfigResponse code, extract common constants.
[#5621] Remove duplicated dependency.
[#5528] Optimize ParamUtil code and extract constants.
[#5587] Change the invalid compare in NotifySingleService.
BugFix
[#1733] Fix the problem of still getting the instance after register twice and deregister.
[#7191] Fix EncryptedData Long-Polling listerning bug in client(LongPollingRunnable).
[#3969] Fix the problem of searching for special character matching errors by group name.
[#5814] Fix the query param lost when use enter press to search in Nacos 1.x.
[#5747] When using the multi-registry feature of Dubbo with setting namingLoadCacheAtStart=true, the cache of NacosNamingService will overwrite each other.
[#5683] Fixes logical judgment expression.
[#5664] Fix the locales of field Action Type don't take effect in config history detail page.
[#3548] Fix the problem of the srcUser filling with username when auth is disabled.
Other
[#7342] Optimizing client beat log output, removing unnecessary error logs.
Test
[#5538] Fix some failed test cases.
[#5577] [#5600] [#5601] [#5484] [#5599] [#5595] [#5596] [#5579] [#5583] [#5539] [#5545] Adding Unit Tests for some classes in nacos-core and nacos-naming.