When replication is temporarily disabled and then re-enabled on a DR-Standby broker, the Replicated Mate Message ID for replicated messages is incorrectly shown as "n/a". This does not affect message processing or acknowledgment.

It may unexpectedly take up to 3 minutes for the standby broker of a High Availability (HA) redundant group of event brokers to learn all of the subscriptions from a DMR mesh following a reboot of the standby broker.

In a disaster recovery (DR) deployment, replicated messages may remain on the DR-Standby broker after a message spool reset occurs on the DR-Active broker, or after the DR-Active broker changes. This can happen even if consumer-ack-propagation is enabled.

Under certain message publishing and consuming patterns, the broker may become unresponsive while attempting to spool messages to disk, despite having available disk space. When this occurs, the broker's CPU usage remains at 100% and the broker becomes unable to process new incoming messages.

Shut down and then re-enable the message-spool service.

DMR may incorrectly report a topology error if there existed a DMR topology error before an HA-failover.

After a broker restart, REST consumers that are configured with a forward proxy will not make use of the forward proxy when requesting an OAuth token. If the broker is only allowed to communication with the OAuth server via the proxy, then the request for an OAuth token will fail and the Rest Delivery Point (RDP) will remain operationally down.

Shut down and then re-enable the affected REST consumer and Rest Delivery Point (RDP).

The broker is unable to process Expiration and other JWT (Java Web Token) claims for OAuth client authentication if the values returned in the claims have exponential formats.

If a DMR cluster link is enabled and its span is later changed from External to Internal, the broker may continue using External link forwarding rules which could result in duplicate messages. As the default span is External,this issue can occur if a link is enabled without having specified a span and later changing the span to Internal.

Shut down and re-enable dynamic message routing for all impacted VPNs on the broker where the link's span was changed. This is a service-impacting workaround. When dynamic message routing is shut down any messages queued in the VPN for delivery to other brokers in the DMR mesh are lost and while dynamic message routing remains shut down messages will not be forwarded to other brokers in the DMR mesh.

For DMR cluster operational display, the 'Links Up' counter may occasionally display inaccurate values.

When attempting to create a Dynamic Message Routing (DMR) link while the broker has reached the maximum supported number of bridges, the DMR link creation will fail but the link resources may remain allocated.

The Try-Me page in PubSub+ Broker Manager now automatically updates the client username when logging into Broker Manager from PubSub+ Cloud.

An Event Broker in a DMR Mesh may unexpectedly restart during heavy subscription churn (thousands of subscriptions added or removed per second) while simultaneously servicing SEMP v1 show commands.

When several consecutive published messages have been NACK'd by the event broker and the publishing client disconnect/reconnects, in rare cases, several messages published immediately after the client reconnects may be ACK'd to the client, but dropped by the broker as if they had been NACK'd.

A message-vpn may transition to providing service before learning all DMR cluster subscriptions from the network. This can occur when an event causes a re-synchronization of subscription information (such as a broker restart), and then another event (such as an HA-switchover or DR-switchover) occurs before all subscriptions have been learned by the message-vpn on that broker.

The Click-to-Connect wizard may fail to establish connections when Server Name Indication (SNI) is required for establishing a proxied connection.

The event SYSTEM_CLUSTERING_CERTIFICATE_MATCHING_NOT_CONFIGURED is incorrectly triggered for cluster links using basic authentication.

When message replay is active on an endpoint and incoming messages match the endpoint but not the replay-log filters, the replay operation may not complete.

Publish at least one message that matches the replay-log filters.

During large-scale spool file synchronization events between high availability software brokers, some files may not be synchronized in rare cases. This condition may occur when the HA mate has been offline for an extended period of time.

The broker may leak internal memory when AMQP clients attempt to publish guaranteed messages while the Guaranteed Messaging service is unavailable. This can result in connection failures for client applications.

Initiate an HA failover and restart the broker.

For appliances only, and under extremely rare conditions, the NAB's internal packet processing system may stall network traffic. The appliance now automatically detects this condition and initiates a reboot to restore service. In HA configurations, this triggers failover to the backup appliance.

Enabling SMRP debug logs with mask 0xffffffff may cause the broker to unexpectedly restart.

A race condition may arise when client usernames are being created and deleted simultaneously with the establishment of an SSL connection for Config-Sync. This can lead to an unexpected reboot of the primary broker in HA configurations, triggering a failover to the backup broker.

The maximum number of concurrent open files for the container processes is governed by the 'nofiles' resource limit. Most container runtimes support setting 'rlimit' values using the 'ulimit' parameter when creating a container. The broker now requires setting '--ulimit nofile=4096:1048576' command line parameter when you create the container.

The gather-diagnostics command (enable -> admin -> gather-diagnostics) has added a new "no-encrypt" option. Outputs of gather-diagnostics will be encrypted unless the no-encrypt option is specified. This change also applies to the gather-diagnostics-host script.

This issue applies to Solace PubSub+ software event broker machine images only.

The software event broker is vulnerable to CVE-2018-5407.

Disable SMT/Hyper-Threading on the event broker host.

Messages queued at the replication standby site will not be moved to the dead message queue (DMQ) when they expire at the replication active site.

Bridges configured with an active/standby role of 'auto' may fail to connect following a redundancy failover if the broker's active-standby-role configuration is modified after creating the 'auto' bridge.

Rebooting the broker two times will correct the issue.

The broker may disconnect slow subscribers when its NAB Buffer Load Factor exceeds 85%, before the expected 100% level at which slow subscribers are typically disconnected.

The rate at which a broker can accept connections may be lower than expected when using LDAP authorization.

When the message spool disk is full for HA software brokers, message spool defragmentation will fail, as expected, but with the incorrect error message.

Endpoints with many messages require more time to trim than expected (replay-log trimming included).

SolOS will fail to boot if the search list for host-name lookup in /etc/resolv.conf is larger than 245 characters.

If you are upgrading brokers that are part of a DMR network to version 10.1.1 or newer from version 9.5 or older, cluster links will not be operational after the upgrade. Solace recommends upgrading to 10.0.1 first, and then upgrading to 10.1.1 and newer.

Alternatively, after a direct upgrade between the affected versions, dynamic-message-routing can be disabled and re-enabled on each message-vpn to recover the cluster links. Note that this operation will cause a brief DMR service outage.

When performing an HA broker upscale, redundancy will not recover if the primary and backup are upscaled back to back immediately with no delay.

Add a delay of 60 seconds between upscaling the primary and backup broker after step 7 of the upscale procedure (https://docs.solace.com/Software-Broker/Set-Scaling-Params-HA.htm#Step_2__Increase_the_Value_of_the_Scaling_Parameter(s)).

Administratively deleted messages that were spooled to multiple endpoints may still be delivered to applications.

SolOS will fail to start up if an invalid SSL certificate is configured via config-keys.

The PubSub+ Software Event Broker needs larger TCP rmem/wmem settings to support multi-node routing neighbors across high RTT WAN links.

Original bug: Bug 63008

The PubSub+ Software Event Broker erroneously allows more user-created message-VPNs than are officially supported within the broker. This applies to all editions (Enterprise, Standard, and Evaluation). In a future release, this limit will be strictly enforced.

If the backup appliance in an active-active HA configuration is restarted while the message spool is disabled, re-enabling the message-spool will fail if one or more replay logs exist in the setup. This issue applies to Solace PubSub+ appliances only.

Set the active-standby redundancy role of the backup appliance to 'backup' prior to the restart. After the restart, set the active-standby role back to 'none'.

WebUI login passwords can only accept the printable ASCII character set. Extended characters like auoAUOss do not work.