broker 5.8.8 更新日志

Enhancements

#15813 Added package release for Debian 13 (Trixie), and updated Docker images to use Debian 13 as the base.

#15773 Throttled client ID registration during reconnects.
- When a previous session cleanup is still in progress, new connections using the same client ID are now throttled. This prevents instability when clients reconnect aggressively.
- Affected clients receive reason code 137 (Server Busy) in the CONNACK with Reason-String "THROTTLED", and should retry after the cleanup completes.
- Fixed the reason code returned when another connection registers the same client ID; now correctly returns 137 instead of 133.

#15499 Added a force deactivate alarm API endpoint to allow administrators to forcibly deactivate active alarms.

#15536 Disabled the node.global_gc_interval configuration by default to improve overall performance stability, as it caused CPU fluctuations and higher message latency while providing little benefit over Erlang’s built-in garbage collector.
#15539 Optimized Erlang VM parameters to improve performance and stability:
- Increased buffer size for distributed channels to 32 MB (+zdbbl 32768) to prevent busy_dist_port alarms during intensive Mnesia operations.
- Disabled scheduler busy-waiting (+sbwt none +sbwtdcpu none +sbwtdio none) to lower CPU usage reported by the operating system.
- Set scheduler binding type to db (+stbt db) to reduce message latency.

#15580 Added a new emqxLicenseSecretRef variable to the EMQX Enterprise Helm chart. This allows users to specify a Kubernetes Secret containing the EMQX license key, so the license is applied automatically.

This replaces the non-functional emqxLicenseSecretName variable, which created and mounted a secret file but did not pass the license to EMQX.

#14778 Fixed an issue where a node could not join a running cluster if that node had broken symlinks in its data/certs or data/authz directories.

#15581 Upgraded Erlang/OTP version from 26.2.5.2 to 26.2.5.14. This upgrade includes two TLS-related fixes from OTP that affect EMQX:
- Fixed a crash in TLS connections caused by a race condition during certificate renewal.
- Added support for RSA certificates signed with RSASSA-PSS parameters. Previously, such certificates could cause TLS handshakes to fail with a bad_certificate / invalid_signature error.

#15639 Fixed an issue where the packets.subscribe.auth_error metric was not incremented when subscription authentication failed.

#15699 Fixed an issue where built-in authentication data for gateways (e.g., CoAP) was incorrectly removed when a node was stopped or restarted.

#15683 Fixed ExHook TLS options so that gRPC clients can correctly verify the server hostname during the TLS handshake.