What’s New in HiveMQ 4.22?
Written by HiveMQ Team
Category: HiveMQ Release
Published: November 7, 2023
The HiveMQ team is proud to announce the release of HiveMQ Enterprise MQTT Platform 4.22. This release adds PROXY protocol support for TLS and provides numerous improvements to enhance the usability and observability of your HiveMQ deployments.
- PROXY protocol support for TLS (Transport Layer Security)
Proxy Protocol + TLS
HiveMQ supports the PROXY protocol for all listeners. The PROXY protocol is a TCP-based protocol that enables transporting client details such as the source IP address and port over multiple proxies. This capability is very useful if you run your HiveMQ brokers behind a load balancer that proxies the TCP connection.
Previously, it was not possible to combine the use of the PROXY protocol and TLS when HiveMQ was responsible for terminating the SSL/TLS. HiveMQ 4.22 adds support for TLS with the PROXY protocol.
How it works
You can enable the PROXY protocol in the
listeners section of your HiveMQ broker configuration individually per listener.
The HiveMQ broker automatically detects at which level the PROXY protocol is transmitted - with TLS or without.
Example listener configuration with Proxy protocol enabled:
How it helps
The PROXY protocol is typically used in load balancer setups like AWS Elastic Load Balancing. When enabled, the PROXY protocol passes meta information such as the IP address of the MQTT client to your HiveMQ broker. This information enables you to uniquely identify each client with the original details for debugging purposes, rather than just the load balancer IP.
Now, you can use the PROXY protocol with TLS to achieve full end-to-end encryption between load balancers and the HiveMQ broker with complete visibility of the client IPs.
For more information on using the PROXY protocol with HiveMQ, see PROXY Protocol.
Additional Features and Improvements
HiveMQ Enterprise MQTT Broker
- Added DEGRADED health state in the Health API cluster component to indicate ongoing leave replication activity during which cluster topology changes are not recommended.
- Fixed an issue that could prevent correct monitoring when a file system is created directly on an unpartitioned disk.
- Fixed an issue that could cause logging statements for some failure detection events to contain insufficient information.
- Fixed an issue to ensure that a CONNACK message is sent if a connection closes due to a CONNECT package that exceeds the configured maximum message size.
HiveMQ Enterprise Distributed Tracing Extension
- Updated span attribute names to support new OpenTelemetry semantic conventions.
HiveMQ Enterprise Extension for Kafka
- Fixed an issue that could cause a QoS 0 PUBLISH message to be unnecessarily resent to Kafka after the initial delivery attempt fails.
HiveMQ Enterprise Extensions
- Improved XSD rules to ensure that route IDs in the extension configuration do not include invalid characters.
The new validation is implemented for the following enterprise extensions:
- HiveMQ Enterprise Bridge Extension
- HiveMQ Enterprise Extension for Kafka
- HiveMQ Enterprise Extension for MongoDB
- HiveMQ Enterprise Extension for MySQL
- HiveMQ Enterprise Extension for PostgreSQL
- HiveMQ Enterprise Extension for Snowflake
- Added SIGPIPE signal handling to the MQTT subscribe command to facilitate integration with other processes.
- Fixed an issue that prevented the display of multiple user properties with the same name.