An Event Broker in a DMR Mesh may unexpectedly restart during heavy subscription churn (thousands of subscriptions added or removed per second) while simultaneously servicing SEMP v1 show commands.

In rare cases when several consecutive published messages have been NACK'd by the event broker, then the publishing client immediately disconnects/reconnects, several messages published immediately after reconnect by that client may be ACK'd to the client, but dropped by the broker as if they had been NACK'd.

A message-vpn may transition to providing service before learning all DMR cluster subscriptions from the network. This can occur when an event causes a re-synchronization of subscription information (such as a broker restart), and then another event (such as an HA-switchover or DR-switchover) occurs before all subscriptions have been learned by the message-vpn on that broker.

The Click-to-Connect wizard may fail to establish connections when Server Name Indication (SNI) is required for establishing a proxied connection.

The event SYSTEM_CLUSTERING_CERTIFICATE_MATCHING_NOT_CONFIGURED is incorrectly triggered for cluster links using basic authentication.

When message replay is active on an endpoint, and incoming messages match the endpoint but not the replay-log filters, the replay operation may not complete.

Publish at least one message that matches the replay-log filters.

During large-scale spool file synchronization events between high availability software brokers, some files may not be synchronized in rare cases. This condition may occur when the HA mate has been offline for an extended period of time.

The Solace broker may leak internal memory when AMQP clients attempt to publish guaranteed messages while the Guaranteed Messaging service is unavailable. This can result in connection failures for client applications.

Initiate an HA failover and restart the broker.

For appliances only, and under extremely rare conditions, the NAB's internal packet processing system may stall network traffic. Now, the appliance automatically detects this condition and initiates a reboot to restore service. In HA configurations, this triggers failover to the backup appliance.

A race condition may arise when client usernames are being created and deleted simultaneously with the establishment of an SSL connection for Config-Sync. This can lead to an unexpected reboot of the primary broker in HA configurations, triggering a failover to the backup broker.

This issue applies to Solace PubSub+ software event broker machine images only.

The software event broker is vulnerable to CVE-2018-5407.

Disable SMT/Hyper-Threading on the event broker host.

Messages queued at the replication standby site will not be moved to the dead message queue (DMQ) when they expire at the replication active site.

Bridges configured with an active/standby role of 'auto' may fail to connect following a redundancy failover if the broker's active-standby-role configuration is modified after creating the 'auto' bridge.

Rebooting the broker two times will correct the issue.

The broker may disconnect slow subscribers when its NAB Buffer Load Factor exceeds 85%, before the expected 100% level at which slow subscribers are typically disconnected.

The rate at which a broker can accept connections may be lower than expected when using LDAP authorization.

When the message spool disk is full for HA software brokers, message spool defragmentation will fail, as expected, but with the incorrect error message.

Endpoints with many messages require more time to trim than expected (replay-log trimming included).

SolOS will fail to boot if the search list for host-name lookup in /etc/resolv.conf is larger than 245 characters.

If you are upgrading brokers that are part of a DMR network to version 10.1.1 or newer from version 9.5 or older, cluster links will not be operational after the upgrade. Solace recommends upgrading to 10.0.1 first, and then upgrading to 10.1.1 and newer.

Alternatively, after a direct upgrade between the affected versions, dynamic-message-routing can be disabled and re-enabled on each message-vpn to recover the cluster links. Note that this operation will cause a brief DMR service outage.

When performing an HA broker upscale, redundancy will not recover if the primary and backup are upscaled back to back immediately with no delay.

Add a delay of 60 seconds between upscaling the primary and backup broker after step 7 of the upscale procedure (https://docs.solace.com/Software-Broker/Set-Scaling-Params-HA.htm#Step_2__Increase_the_Value_of_the_Scaling_Parameter(s)).

Administratively deleted messages that were spooled to multiple endpoints may still be delivered to applications.

SolOS will fail to start up if an invalid SSL certificate is configured via config-keys.

The PubSub+ Software Event Broker needs larger TCP rmem/wmem settings to support multi-node routing neighbors across high RTT WAN links.

Original bug: Bug 63008

The PubSub+ Software Event Broker erroneously allows more user-created message-VPNs than are officially supported within the broker. This applies to all editions (Enterprise, Standard, and Evaluation). In a future release, this limit will be strictly enforced.

If the backup appliance in an active-active HA configuration is restarted while the message spool is disabled, re-enabling the message-spool will fail if one or more replay logs exist in the setup. This issue applies to Solace PubSub+ appliances only.

Set the active-standby redundancy role of the backup appliance to 'backup' prior to the restart. After the restart, set the active-standby role back to 'none'.

WebUI login passwords can only accept the printable ASCII character set. Extended characters like auoAUOss do not work.