This update makes it much easier to manage security at scale. You can now connect LavinMQ to your identity providers (such as Keycloak or Auth0), allowing you to manage all user access in one central place. Beyond security, this version offers better administrative tools and faster performance.
For CloudAMQP customers, this means a more secure, stable, and easier-to-manage environment that is faster than ever.
Version highlights
OAuth2/OpenID support #1632
OAuth2 is a token-based access model that replaces passwords with short-lived access tokens. By adding OAuth2 and OpenID authentication, LavinMQ gives you the opportunity to further secure your data transfer by avoiding credential sharing and limiting the impact of stolen tokens, while simplifying sign-ins and service connections.
Stream queue performance #1531
In LavinMQ 2.7, stream performance is improved by now storing the first message per segment, reducing disk I/O. The change was minimal and straightforward, but resulted in eliminated redundancy writes while keeping reads fast. The full story can be read on Minor change, major results: LavinMQ streams hit 30% speed gain.
Queue restart capability #1345
This release introduces the ability to minimize downtime by allowing restarts of closed queues via the HTTP API, Management UI, or lavinmqctl. In a messaging system like LavinMQ, "restart" or "re-declare" queues brings further operational flexibility, allowing you to act on queue behavior without affecting the entire LavinMQ broker.
Kernel TLS (kTLS) commit 61bdb12
The implementation of kernel TLS (kTLS) ensures the shortest path between data and hardware. This is achieved by letting the application prepare and send the unencrypted data to the kernel. The kernel then performs TLS encryption and sends the encrypted data to the network interface. By delegating TLS to the kernel, the system reduces unnecessary CPU handoffs, leaving more resources available for your primary workloads. Read more about kTLS.
mTLS and SNI support #1516
As a security improvement, 2.7 implements mutual TLS (mTLS) and Server Name Indication (SNI) support. As standard TLS requires the server to identify its certificate, mTLS demands that both the server and client verify each other. This mutual verification ensures that both sides are authenticated before the connection is established. SNI is a TLS protocol extension that allows the server to select and send the correct certificate to the client. Read more about mTLS.
Consistent hash exchange #1604
Consistent hash exchange is used for keeping message ordering in a scaling environment. The exchange type now supports opting in to a jump-consistent hash algorithm for smoother message distribution. Developer insights: Switching to jump hash algorithm for LavinMQ consistent hash exchange.
Read more
Find the official LavinMQ 2.7.0 Release Notes on GitHub and the official LavinMQ blog for further reading.
Ready to upgrade? We can help!
Feel safe upgrading your broker. Our 24/7 support team is here to help you with any questions that arise. For any questions regarding the upgrade process or the implementation of specific features, please reach out via the CloudAMQP Support portal or email us at support@cloudamqp.com.
