We are pleased to announce the release of OpenSRF 3.0.2, a message routing network that offers scalability and failover support for individual services and entire servers with minimal development and deployment overhead.
OpenSRF 3.0.2 is a bugfix release, but all users of OpenSRF 3.0.1 are advised to upgrade as soon as possible. In particular, users of NGINX as a reverse proxy for Evergreen systems are encouraged to upgrade to take advantage of a more secure NGINX configuration.
The following bugs are fixed in OpenSRF 3.0.2:
- LP#1684970: When running behind a proxy such as NGINX, the HTTP translator was not getting the IP address of the user agent. As a consequence, it was possible that two different HTTP translator clients could end up talking to the same OpenSRF worker process. This issue is resolved by using the
remoteipApache module to extract the user agent’s IP address from the X-Real-IP HTTP header.
- LP#1702978: OpenSRF could fail to retrieve memcached values whose keys contain the % character. This resulted in breaking authentication in Evergreen when the username or barcode contained a %.
- LP#1711145: The sample NGINX configuration file shipped with OpenSRF had weak SSL settings. As of this release, it now
- Enables http2
- Adds a commented section on enabling SSL everywhere.
- Apply a 5-minute proxy read timeout to avoid too-short timeouts on long API calls.
- Adds a commented section on sending NGINX logs to syslog.
- Includes INSTALL notes on generating the dhparam file.
To download OpenSRF, please visit the downloads page.
We would also like to thank the following people who contributed to the release:
- Galen Charlton
- Bill Erickson
- Mike Rylander
- Jason Stephenson
- Cesar Velez