|
|
@@ -0,0 +1,16 @@
|
|
|
+Enhanced Connection Rate Limiter for Improved System Resilience
|
|
|
+
|
|
|
+- **Improved system stability and responsiveness under high connection rates.**
|
|
|
+ Previously, listener acceptors would ignore new connection attempts when the rate limit was exceeded, potentially resulting in an unrecoverable state if a large number of clients connected or reconnected frequently within a short period. Listeners now accept pending connections but immediately close them if the rate limit is reached, reducing resource strain and increasing system resilience during peak loads.
|
|
|
+
|
|
|
+- **A new listener option, `nolinger`, has been introduced.**
|
|
|
+ When set to `true`, a TCP-RST is sent immediately upon socket closure, helping to mitigate SYN flood attacks and further enhancing connection-handling efficiency.
|
|
|
+
|
|
|
+- **MQTT listeners' `max_connection` config value is now capped by system limits.**
|
|
|
+ It cannot exceed system limits: `ulimit` from the OS and `node.process_limit`.
|
|
|
+ - If configured to `infinity` or a value greather than system limit, it is automatically adjusted to the system limit.
|
|
|
+
|
|
|
+- **SSL listeners' `ssl_options` config value is now validated before changes.**
|
|
|
+ Previously, invalid SSL options, such as unsupported TLS versions, could be accepted when configuring/reconfiguring a listener, causing clients to fail to connect after the change. Now, such invalid options are detected early:
|
|
|
+ - If a listener is configured with invalid SSL options, the node will fail to boot.
|
|
|
+ - If invalid SSL options are requested via the dashboard or config API, the request will fail with status code `400`.
|
zmstone