e5.3.2-alpha.2

Enhancements

• #11725 Introduced the LDAP as a new authentication and authorization backend.

• #11752 Change default RPC driver from 'gen_rpc' to 'rpc' for core-replica database sync.

  This improves core-replica data replication latency.

• #11785 Allow viewer to change their own passwords, viewer can't change other's password.

• #11787 Improve emqx command performance.

  Avoid loading EMQX application code in nodetool script unless necessary.

• #11790 Added validation of Redis commands configured in Redis authorization source. Also, improved Redis command parsing in authentication and authorization so that it is redis-cli compatible and supports quoted arguments.

• #11541 Introduced additional way of file transfer interactions. Now client may send file transfer commands to $file-async/... topic instead of $file/... and receive command execution results as messages to $file-response/{clientId} topic. This simplifies file transfer feature usage in certain cases, for example, when a client uses MQTTv3 or when the broker is behind an MQTT bridge. See the EIP-0021 for more details.

Bug Fixes

• #11757 Fixed 500 error response when downloading non-existent trace files, now returns 404.

• #11762 Fixed destruction of built_in_database authorization source. Now all the ACL records are removed when the authorization source is destroyed. Previosly, old records were left in the database, which could cause problems when creating authorization source back.

• #11771 Fixed validation of Bcrypt salt rounds in authentication management through the API/Dashboard.

• #11780 Fixed validation of the iterations field of the pbkdf2 password hashing algorithm. Now, iterations must be strictly positive. Previously, it could be set to 0, which led to a nonfunctional authenticator.

• #11791 Fixed an issue that prevented heartbeats from correctly keeping the CoAP Gateway connections alive.

• #11797 Modified HTTP API behavior for APIs managing the built_in_database authorization source: They will now return a 404 status code if built_in_database is not set as the authorization source, replacing the former 20X response.

• #11955 Fix EMQX graceful stop when there is an unavailable MongoDB resource present.

• #11975 Resolve redundant error logging on socket closure

  Addressed a race condition causing duplicate error logs when a socket is closed by both a peer and the server. Dual socket close events from the OS and EMQX previously led to excessive error logging. The fix improves event handling to avoid redundant error-level logging.

• #11987 Fix connection crash when trying to set TCP/SSL socket active_n option.

  Prior to this fix, if a socket is already closed when connection process tries to set active_n option, it causes a case_clause crash.

• #11731 Add file_transfer feature configs to hot-config schema.

• #11754 Improved log formatting for Postgres bridge when there are unicode characters in the error messages returned by the driver.