Release Notes for Solace PubSub+ Event Broker, Version
September 2021

New Features Introduced in Release 9.11.0

This section lists the new features in Solace PubSub+ Event Broker, Version 9.11.0.
RDP - Variable Targets
Allows for message-specific variables to be included in the RDP HTTP target to a cloud-native service or an application like a data lake. These metadata variables can include the full topic, a topic field, all or part of a timestamp, ids, and much more in a variety of formats and encodings including URL.
RDP - Additional HTTP Headers with Fixed/Variable Values
RDP HTTP headers can be added to outgoing messages with a fixed name and fixed or variable values to work with cloud-native services or applications. These variable values can include metadata including the full topic, a topic field, all or part of a timestamp, ids, and much more in a variety of formats and encodings including base 32 & 64.
Support for cgroups v2
The PubSub+ Container will now be able to detect the resources available using the cgroups v2 interface on operating systems that support cgroups v2. Containers running on systems using cgroups v1 will continue to use the cgroups v1 interface.
Support 30,000 Transacted Sessions at 100K and 200K connection tiers
The scaling limit for maximum transacted sessions on the PubSub+ Software Broker has been increased for the 100K and 200K connection tiers. The PubSub+ Software Broker now supports a maximum of 30,000 transacted sessions for those connection tiers.
Add Search Configuration to resolv.conf on Appliance
The search parameter of the resolv.conf file is now configurable on the PubSub+ Appliance. Users with more than one domain suffix in their network can now configure a list of domains to search when resolving a hostname.

Issues Resolved in Release 9.11.0

This section lists the resolved issues in Solace PubSub+ Event Broker, Version 9.11.0.
Reference NumberDescriptionVersion
With large, high rate bursts of MQTT client logins, some of the connecting MQTT clients may time out waiting for a PINGRESP and reconnect adding further login pressure. An optimization is needed to allow forward progress to be made processing the MQTT client logins and subsequent actions (such as adding QoS1 subscriptions and publishing messages including PINGREQs).
The PubSub+ Event Broker appliance and machine image are exposed to the following vulnerabilities:
CentOS 7 : kernel security updates
CVSS v3 Score: 7.8 (High)
CVE: CVE-2020-29374, CVE-2021-23133, CVE-2021-33034, CVE-2021-32399, CVE-2020-26558, CVE-2021-0129, CVE-2020-24587, CVE-2020-24586, CVE-2020-24588, CVE-2020-26139, CVE-2020-26147, CVE-2021-29650, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587, CVE-2021-34693, CVE-2021-38160, CVE-2021-3609, CVE-2021-3655, CVE-2021-33909, CVE-2021-38204, CVE-2021-3679, CVE-2021-37576, CVE-2021-22543
Polling the "show message-spool detail" command can introduce additional latency to guaranteed messages.
Replication may cause excess resource consumption on the Solace broker.
The PubSub+ Event Broker appliance and machine image are exposed to the following vulnerabilities:
CentOS 7 : kernel (CESA-2021:3327) (
CVSS v3 Score: 7.8 (High)
CVE: CVE-2020-27777, CVE-2021-22555, CVE-2021-29154, CVE-2021-29650, CVE-2021-32399
CentOS 7 : bind (
CVSS v3 Score: 6.5 (Medium)
CVE: CVE-2021-25214

Changed Functionality in Release 9.11.0

This section lists the changed functionality in Solace PubSub+ Event Broker, Version 9.11.0.

Known Issues in Release 9.11.0

This section describes known issues in Solace PubSub+ Event Broker, Version 9.11.0.
Reference NumberDescription
Making the same configuration change on both the primary and backup event brokers at the same time can cause config-sync to go out of sync.
Only execute the configuration change on one node. Config-sync will ensure that the configuration change is propagated to the other node.
This issue applies to Solace PubSub+ software event broker machine images only.
The software event broker is vulnerable to CVE-2018-5407.
Disable SMT/Hyper-Threading on the event broker host.
SolOS will fail to startup if an invalid SSL certificate is configured via config-keys.
Messages queued at the replication standby site will not be moved to the dead message queue (DMQ) when they expire at the replication active site.
VMR needs larger TCP rmem/wmem settings to support multi-node routing neighbors across high RTT WAN links.
Original bug: Bug 63008
Bridges configured with an active/standby role of "auto" may fail to connect following a redundancy failover if the broker's active-standby-role configuration is modified after creating the "auto" bridge.
Rebooting the broker two times will correct the issue.
A bridge delivering guaranteed messages may stall if the window size it was initially configured to use is later modified to be a smaller value.
If the bridge stalls, the bridge queue must be removed from the bridge configuration and re-added to the bridge configuration to allow the bridge to resume delivering guaranteed messages. It is not necessary to delete and recreate the queue itself.
The broker may disconnect slow subscribers when its NAB Buffer Load Factor exceeds 85%, before the expected 100% level at which slow subscribers are typically disconnected.
The rate at which a broker can accept connections may be lower than expected when using LDAP authorization.
PubSub+ Manager may not display all of the configured client profiles.
The PubSub+ Software Event Broker erroneously allows more user-created message-VPNs than are officially supported within the broker. This applies to all editions (Enterprise, Standard and Evaluation). In a future release, this limit will be strictly enforced.
The Solace broker can reboot if DNS resolution is slow to complete during an LDAP lookup.
The commit request for a local transaction sent from a replication active site to the replication standby site while using transaction replication mode causes a no-subscription-match event.
The Solace PubSub+ Machine image will not continuously retry for a IP address via DHCP if DHCP servers are unreachable.
Note that this only affects machine images. Appliances and Docker images are not affected.
If the backup appliance in an active-active HA configuration is restarted while the message spool is disabled, re-enabling the message-spool will fail if one or more replay logs exist in the setup. This issue applies to Solace PubSub+ appliances only.
Set the active-standby redundancy role of the backup appliance to 'backup' prior to the restart. After the restart, set the active-standby role back to 'none'.
The TTL Exceeded and Total Egress Discards statistics for a multi-node routing neighbor link may be incorrect and displayed as very large values (near the max for an unsigned 64-bit integer) if the link has TTL egress discards and its stats are administratively cleared or the link goes down and comes back up.
When the message spool disk is full for HA software brokers, message spool defragmentation will fail, as expected, but with the incorrect error message.
PubSub+ 3560 Appliances, with the Guaranteed Messaging 650k key enabled, may reboot if transacted sessions are used.
Defragmentation on software brokers does not defrag messages that are spooled to the mate when the current node is standby.
The Google Cloud Platform Connector in PubSub+ Manager does not correctly create the target audience claim for Cloud Functions connectors.