Release notes

This release includes all features, improvements, and bug fixes from TBMQ v2.3.0, along with the following Professional Edition exclusive updates:

Main features

• Audit Logs: Introduced comprehensive audit logging to track and record all administrative actions and system events. This provides full visibility into user activities, configuration changes, and operational events — essential for compliance, security monitoring, and troubleshooting in enterprise environments.
• SSO Role Management: Enhanced the Single Sign-On (SSO) integration with advanced role mapping capabilities. Administrators can now define role assignment strategies that automatically map identity provider (IdP) roles to TBMQ roles during authentication. This streamlines user provisioning and ensures consistent access control across federated environments.

Improvements

• OAuth interface redesign: Redesigned the OAuth 2.0 / SSO configuration interface with an improved layout and user experience, making it easier to set up and manage identity provider integrations.
• Internationalization: Added Spanish, Hindi, and Chinese (Simplified) translations, expanding accessibility for a broader global audience.
• Home page and getting started updates: Updated the home page, login screen, and getting started guide with refreshed visuals and improved onboarding content.

This release includes all features, improvements, and bug fixes from TBMQ v2.2.0, along with the following Professional Edition exclusive updates:

Main features

• Single Sign-On / OAuth 2.0: Integrate with corporate identity providers (IdPs) via Single Sign-On (SSO) and the OAuth 2.0 framework. This centralizes user management, enforces strong authentication, and improves the overall security posture for TBMQ users and administrators.
• Role-Based Access Control (RBAC): RBAC system allowing administrators to define fine-grained access permissions based on roles. This ensures users only have access to the specific administrative functions and resources necessary for their job, which is crucial for compliance and security segmentation.
• White Labeling (Custom Branding): Provide the ability to fully customize the TBMQ UI with custom logos, color schemes, and branding elements. This allows partners and enterprise users to integrate the broker management UI directly into their own product ecosystem.

Core system and operational improvements

• Security and performance: Vulnerability fixes across core services and deployment scripts. Significant memory and performance optimizations to enhance throughput and reduce operational costs.
• Modernized system dependencies: Upgraded core components to the latest stable versions, including Apache Kafka 4.0, Valkey 8.0, and PostgreSQL 17. This ensures long-term stability and access to the latest performance enhancements.
• Advanced networking control: Introduced the ability to control the Proxy Protocol configuration independently for each MQTT listener (TCP, TLS, WS, WSS). This offers greater flexibility in complex networking environments and load-balancer setups.
• Flexible certificate authentication: Added support to use the Common Name (CN) placeholder for X.509 Certificate Chain credentials within authentication rules. This simplifies the creation of dynamic, certificate-based authentication policies.
• Authentication reliability fix: Resolved a validation bug in the JWT authentication provider when switching between PEM and JWKS (JSON Web Key Set) formats, ensuring stable authentication across dynamic key rotation setups.

The following release notes cover all Community Edition versions included in TBMQ.

Minor release with the following features, infrastructure upgrades, improvements, and bug fixes.

Main features:

• #284 Core & UI: HTTP Authentication provider — authenticate MQTT clients against external HTTP services by @dmytro-landiak;
• #281 Core & UI: Bulk import of MQTT client credentials by @dmytro-landiak and @deaflynx;
• #297 Core: Redis/Valkey SSL/TLS and ACL username support by @dmytro-landiak;
• #289 UI: Home page redesign by @deaflynx;
• #280 Core: Session management refactoring, performance optimization, and race condition fixes by @dmytro-landiak.

Infrastructure upgrades:

• #263 Migrate to Apache Kafka 4.0 by @dmytro-landiak;
• #260 Migrate to ValKey 8.0 (alternative to Redis > 7.2) by @dmytro-landiak;
• #261 Migrate to PostgreSQL 17 by @dmytro-landiak.

Improvements:

• Core:
  • #277 Performance and authentication improvements by @dmytro-landiak;
  • #282 Common configuration for Kafka consumers and producers by @dmytro-landiak;
  • #275 Remove active-connection MQTT message retransmission by @dmytro-landiak;
  • #274 Metrics updates by @dmytro-landiak;
  • #262 Enable/disable proxy protocol per MQTT listener by @dmytro-landiak;
  • #258 CN placeholder for X.509 Certificate Chain credentials in auth rules by @dmytro-landiak;
  • #285 Control allowance of root multi-level wildcard subscription creation by @dmytro-landiak;
  • #278 Allow enable or disable unauthorized clients persistence by @dmytro-landiak;
  • #269 Enhanced client analysis logging by @dmytro-landiak;
  • #264 Deployment scripts refactoring by @dmytro-landiak;
  • #293 Added clientCertCn to the integration JSON by @dmytro-landiak.
• UI:
  • #273 Update monitoring charts by @deaflynx;
  • #272 Add Spanish, Hindi, and Chinese (Simplified) translations by @deaflynx;
  • #271 Enhance ‘Basic’ client credentials change password dialog by @deaflynx;
  • #270 Add GitHub badge component to display repository star count by @deaflynx;
  • #286 UI updates: home, login, and getting started pages by @deaflynx;
  • #302 Add copy and paste functionality for topic rules by @Strazz1337.

Bug fixes:

• Core:
  • #291 Application client backpressure: pause/resume via Kafka Consumer API by @dmytro-landiak;
  • #276 Improve Kafka Management API performance and fix consumer thread-safety by switching to async AdminClient calls and batching lag calculation by @dmytro-landiak.
• UI:
  • #292 UI fixes by @deaflynx.

Security:

• #299 Address HIGH/MEDIUM CVEs in dependencies (Spring Boot, Netty, Tomcat, Jackson, Logback, BouncyCastle) by @dmytro-landiak.

We welcome our new contributors:

• @Strazz1337 made their first contribution in #302.

Full changelog: v2.2.0…v2.3.0

Minor release with the following features, improvements, and bug fixes.

Main features:

• #232 Core & UI: MQTT authentication providers and JWT authentication by @ShvaykaD and @deaflynx;
• #226 Core & UI: Blocked clients by @dmytro-landiak and @deaflynx;
• #208, #212 Core: MQTT channel backpressure handling by @dmytro-landiak;
• #209 Core & UI: Service info monitoring by @dmytro-landiak and @deaflynx.

Improvements:

• Core and install scripts:
  • #214, #221 Strategies of message delivery for MQTT clients by @dmytro-landiak;
  • #223 Health endpoint by @dmytro-landiak;
  • #234 Controllers refactoring by @dmytro-landiak;
  • #236 Filter sensitive data in API response by @dmytro-landiak;
  • #243 Vulnerability fixes by @dmytro-landiak;
  • #246 Monitoring metrics improvements by @dmytro-landiak;
  • #247 Change third-party repositories to bitnamilegacy by @dmytro-landiak.
• UI:
  • #210 Monitoring charts updates by @deaflynx;
  • #219 Updated form fields style by @deaflynx;
  • #220 Topics autocomplete by @deaflynx;
  • #241 Update locales by @deaflynx;
  • #244 Grouping of topic filters for Integrations by @deaflynx;
  • 7709ef0 Users table: added login button;
  • a9d3fc3 MQTT client credentials: added Description field.

Bug fixes:

• Core:
  • #239 Verify client certificate chain during TLS handshake by requesting or requiring client authentication by @dmytro-landiak;
  • #229 Fix handling of QoS 0 publish messages for integration subscriptions by @dmytro-landiak;
  • #246 Monitoring metrics race condition fix by @dmytro-landiak.
• UI:
  • cc35837 Fixed animation bug in the Apply changes button in entity form (Firefox);
  • eaaebc7 Fixed retrieving correct topics when switching between integrations.

Removal notice: obsolete environment variables

As of v2.2.0, the following environment variables are deprecated and no longer required:

• SECURITY_MQTT_AUTH_STRATEGY
• SECURITY_MQTT_BASIC_ENABLED
• SECURITY_MQTT_SSL_ENABLED
• SECURITY_MQTT_SSL_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT

These variables were replaced by the new configuration options introduced in #232. You may safely remove them from your environment after upgrading.

Minor release with the following features, improvements, and bug fixes.

Main features:

• #201 Core & UI: Implemented Integration Executor microservice and HTTP integration by @dmytro-landiak and @deaflynx;
• #202 Core & UI: Added Kafka integration by @dmytro-landiak and @deaflynx;
• #203 Core & UI: Added MQTT integration by @dmytro-landiak and @deaflynx;
• #200 UI: Migrated to Angular 19 by @deaflynx.

Helm chart support: Official Helm chart for deploying TBMQ is now available, enabling simplified Kubernetes deployments with customizable configuration options.

Improvements:

• Core and install scripts:
  • #191 Incremental upgrade by @ShvaykaD;
  • #217 Proxy protocol support by @dmytro-landiak.
• UI:
  • #200 Updates by @deaflynx:
    • Switched from flex-layout to pure CSS with Tailwind;
    • Switched to Angular esbuild;
    • Monitoring charts: extended time-window options to include minutes, added custom legend;
    • Menu: switched from toggle menu to tabs.

Bug fixes:

• Core:
  • #207 Fixed persistent message loss in Redis persistence by @dmytro-landiak;
  • #205 Fix MqttConnAckMessage incorrectly returns auth method property even if no enhanced auth is used by @Nanabell.

New contributors:

• @Nanabell made their first contribution in #205.

Third-party versions update:

• #218 Bump Kafka, Redis, and PostgreSQL versions by @ShvaykaD.

Patch release with the following improvements and bug fixes.

Improvements:

• Core:
  • #178 MQTT processing improvement to eliminate unnecessary object creation;
  • #183 Improved Redis integration by enhancing Lettuce connection handling and cluster topology refresh logic;
  • #185 Allow semicolon (;) as a character in Kafka configurations;
  • #188 Vulnerabilities fixes;
  • #189 Added sort order support for aggregation queries of historical statistics;
  • #190 Removed search_text column from PostgreSQL.

Bug fixes:

• Core:
  • #176 Added missing parameter for WebSocket client admin settings;
  • #182 Last will delivery error on broker shutdown;
  • #184 Added Redis cluster topology refresh options for Jedis implementation.

With the changes in this release, performance testing was conducted. Results are available in the 1M msg/sec P2P performance test.

Major release with the following features, improvements, and bug fixes.

Main features:

• #142 Core: Migrated Device persistent storage from PostgreSQL to Redis;
• #149 Core: MQTT 5: Subscription Identifier;
• #158 Core: MQTT 5: Enhanced authentication;
• #139 Core & UI: Client session details: added MQTT client credentials that authenticated the client;
• #139 Core & UI: Client session details: added client MQTT version info;
• #151 UI: Getting started page;
• #152 Core: Added PostgreSQL table to persist latest key-value pairs;
• #154 Core & UI: Advanced client session metrics;
• #157 Core & UI: Unauthorized clients;
• #159 Core & UI: Added subscriptions page to display all broker subscriptions;
• #168 Core & UI: Retained messages added advanced filter.

Improvements:

• Core and install scripts:
  • #164 MQTT publish ordered processing performance improvement;
  • #165 Updated default parameters and added write-and-flush option control for persistent Device clients;
  • #166 Client sessions filter improvement: added search filter by client IP, and enhanced filtering by subscriptions number;
  • #167 MQTT client credentials filter improvement: added search filters by client ID, username, and certificate common name;
  • #169 TBMQ latest version available logic moved from frontend to backend, works in a scheduled fashion to prevent rate limiting;
  • #170 Library versions update and vulnerabilities fixes;
  • #149 MQTT client subscriptions management improvement: admins can update shared subscriptions and MQTT 5 subscription options;
  • Performance improvement of get all client sessions, subscriptions, and retained messages queries;
  • Added backup and restore guides for PostgreSQL.
• UI:
  • #147 Added Subscription Identifier feature parameters;
  • #158 MQTT client credentials: added enhanced authentication (SCRAM) credentials;
  • #155 Added entity details page;
  • #166 Client sessions filter improvement: added search filter for client IP, and enhanced filtering by subscriptions number;
  • #167 MQTT client credentials filter improvement: added search filters by client ID, username, and certificate common name;
  • Check connectivity: added topic generation based on authorization rule regex pattern;
  • WebSocket client page: added pagination, control of maximum messages limit, improved topic validation.

Bug fixes:

• Core:
  • #172 Allow edit system WebSocket MQTT client credentials;
  • Do not allow to publish message with topic starting with $.
• UI:
  • MQTT client credentials: fixed authorization rule editing;
  • Fixed HTTP request URL encoding;
  • Fixed table sorting.

Minor release with the following features, improvements, and bug fixes.

Main features:

• #118 Extended X.509 Certificate Chain authentication based on CN regex;
• #121 Added feature to limit the count of Application clients;
• #128 Added Device persisted messages rate limits;
• #132 Added rate limits for total incoming and outgoing messages per broker cluster;
• #144 New historical data for network traffic metric.

Improvements:

• Core and install scripts:
  • #119 Client sessions limit by using cache;
  • #125 Major versions update and vulnerabilities fixes;
  • #134 Added possibility to set Kafka prefix for all topics, producers, consumers, and consumer groups;
  • #135 Added possibility to set cache prefix for all keys;
  • #143 Improvements to the upgrade script logic.
• UI:
  • #130 Update UI dependencies versions;
  • #146 Monitoring: added network traffic chart;
  • #137 Updates:
    • Settings: added Connectivity, Security, and General settings;
    • Profile page: renamed to Account, added Security page with password configuration;
    • Websocket client: added control over client activity logging in browser console;
    • Websocket client: added Reset button in Publish properties dialog;
    • Websocket connection: in add/edit dialogs added https/ws incompatibility warning;
    • Home: updated Version card when no updates are available;
    • Corrected browser tab titles;
    • Basic client credentials: moved Change Password button to the top of details panel.

Bug fixes:

• Core:
  • #123 NPE fix for get all shared subscriptions;
  • #124 Fix for subscription matching and message forwarding to subscribers;
  • #131 Fix for packet id sequence for publish messages.
• UI:
  • #137 Fixes:
    • Client credentials: fixed issue with non-clickable button in disabled mode;
    • Websocket Client: fixed broken help link.

Important notice:

If you have previously overridden the default value of JWT_TOKEN_SIGNING_KEY in your configuration, please update your custom JWT token signing key to ensure it is at least 512 bits in length. Failure to comply may result in authentication issues.

Example: Qk1xUnloZ0VQTlF1VlNJQXZ4cWhiNWt1cVd1ZzQ5cWpENUhMSHlaYmZIM0JrZ2pPTVlhQ3N1Z0ZMUnd0SDBieg==

Minor release with the following features, improvements, and bug fixes.

Main features:

• #94 MQTT 5: Request-Response Pattern;
• #98 MQTT 5: Flow Control;
• #101 UI: WebSocket client page; WebSocket connections and subscriptions entities support in Postgres.

Improvements:

• Core and install scripts:
  • #104 TLS Cipher suites control — allows to set desired cipher suites usage;
  • #109 Backpressure improvements;
  • #110 Disconnect client command now includes Reason Codes to correctly specify the reason of the disconnection;
  • #111 MQTT over WebSockets installation scripts update for correct WebSocket client usage;
  • Added system WebSocket MQTT client credentials;
  • Application persistent and Application Shared Subscriptions clients workflow improvement using cached thread pool;
  • Non-blocking deletion of old Kafka consumer groups on broker startup;
  • Memory usage and performance improvements.

Bug fixes:

• Core:
  • #106 Fix for direct memory leak;
  • #107 Fix for unauthorized delivery of Last Will message;
  • #94 Fixed Maximum Packet Size response to MQTT 5 client depending on the listener chosen;
  • Fixed NPE that can happen on broker startup during historical statistics calculation;
  • Disabled Redis autoconfiguration in case of Caffeine cache usage to prevent trying to connect to Redis instance on broker startup;
  • Dependency vulnerabilities;
  • User password containing only whitespaces bugfix.
• UI:
  • #108 Fix for issue during Retained message deletion that contains special characters;
  • Resolved an issue with hidden fields in edit mode for MQTT client credentials details of the type “X.509 Certificate Chain”.

Obsolete environment variables:

• TB_APP_PERSISTED_MSG_THREADS_COUNT
• TB_APP_PERSISTED_MSG_SHARED_SUBS_THREADS_COUNT

These environment variables can be safely removed due to automatic scaling of threads based on the number of Application clients being added or removed.

Minor release with the following features and improvements.

Main features:

• #84 MQTT 5: Payload format and Content types;
• #86 Client sessions limits.

Improvements:

• Core and install scripts:
  • #87 Installation scripts enhancements.

Minor release with the following features, improvements, and bug fixes.

Main features:

• #73 Redis cache support;
• #76 Client sessions advanced filtering;
• #12aac735e7 MQTT client credentials advanced filtering;
• #80 Shared subscriptions management.

Improvements:

• Core:
  • Performance improvements for message processing. See commits e0c66d3052, 03409f7f18, a1dd722deb, 3af40bb504, 55ff71bea8, 5f11148025, 79db26751c;
  • d437200ba1 Added possibility to buffer messages before sending to subscribers;
  • a091e31963 Delete Kafka consumer group API.
• UI:
  • #78 Migrate to Angular 15;
  • 9231eaafc9 Added Kafka management pages;
  • 25289016b5 Sidebar menu optimization;
  • 7a685d5e00 Added option to disconnect/remove several client sessions;
  • ed1f9ffd39 Management of shared subscriptions;
  • 06b881694f Shared subscriptions advanced filtering;
  • 6b1ee03d8d, 7a685d5e00 Client sessions advanced filtering;
  • f229a35c5d, 38532959f5 MQTT client credentials advanced filtering;
  • 3334cb4666, c42b8f3b63 New form for client credentials creation;
  • 7ba4996cbe Added filter buttons from Home page for sessions and client credentials;
  • 971cdb8b27, 9ff6a349d6 Added check connectivity window after creation of client credentials;
  • 702e98b673, f7efffbe42 Getting started guide on Home page updates;
  • 7019da05ff, 340853add6 Monitoring charts minor updates.

Bug fixes:

• Core:
  • #70 Fixed shared subscriptions processing with QoS 0 (AT_MOST_ONCE);
  • eae45b9781 Start processing shared subscriptions for persistent clients without additional subscribe message;
  • 0303a0e3f6 Fixed issue for persistent clients and shared subscriptions: Application — corrected QoS change for existing subscription; Device — stop receiving stored messages twice on client connect if it sends subscribe.
• UI:
  • #77 Fix user logout when changing password on Profile page on “Skip” button hit;
  • 25108bf9db Fixed loading animation in Home page for inactive browser tab;
  • 7901fedae9, fe01288420 MQTT client credentials authorization topic rules bug fixes.

Minor release with the following features, improvements, and bug fixes.

Main features:

• #53 MQTT over WebSockets;
• #63 MQTT 5 message expiry;
• #66 MQTT 5 topic alias;
• #68 UI: New Home page.

Improvements:

• Core:
  • #57 Additional validation for entities to protect from XSS;
  • Introduced a dedicated thread pool for Application shared subscriptions processing, corrected stats for the number of active shared subscriptions processors;
  • Time series controller API calls improved validation;
  • MQTT client credentials and Application shared subscription entities search by ‘contains’.
• UI:
  • Introduced responsive design for the Home page;
  • Extended config card on the Home page with parameters related to WebSocket listeners;
  • Sorting capabilities on the config card;
  • Possibility to view Kafka topics and Kafka consumer groups widgets in full-screen mode on the Home page;
  • Added last timestamps to charts on the Home page;
  • Added upgrade info and link to the version card on the Home page;
  • New quick links to the documentation on the Home page;
  • Option to skip changing the default password on the first user login;
  • Quality of Service level displayed with respective number.

Bug fixes:

• Core:
  • #52 Spring CORS configuration issue;
  • Deny deletion of own sysadmin user by API.
• UI:
  • Fixed making multiple same fetch requests on Home page loading;
  • Tooltip display fix for graphs on the Monitoring page;
  • Full-screen issue on the Monitoring page.

Patch release with the following improvements and bug fixes.

Improvements:

• Installation:
  • Added script for installing and running TBMQ in monolithic mode.
• UI:
  • Home page. Getting Started new procedure;
  • Home page. Tooltips improvements;
  • Home page. Kafka topics & Consumer Groups switching tabs animation correction;
  • Monitoring page. Chart legend interaction improvement;
  • MQTT client credentials form hint improvement;
  • New toast with default password info on User creation.

Bug fixes:

• Core:
  • #41 Keep Alive value of 0 fix.
• UI:
  • Monitoring page. Sessions and Subscriptions graphs are not showing values in cluster mode.

Initial release. See GitHub for more info.