RabbitMQ 4.0.0 GA is here

[michaelklishin]

@yosifkit @tianon folks, RabbitMQ 4.0.0 has shipped (the website and plenty of other places will be updated/synced in the next few days).

Can we please graduate 4.0 to a GA series?

Thank you!

[tianon]

We had a small race! 😂

#725

[michaelklishin]

4.0.0 and 4.0.1 shipped after have a known problem with the generic binary package (and, as far as I can tell, only that package plus its "latest toolchain" version).

The version is set to 4.0.0+2 instead of 4.0.1. For 4.0.0 it was set to 4.0.0-rc.2 which is the N-1 tag on that branch.

I now suspect it is an artifact of our (relatively) recent Makefile refactoring. It can take a few days to address.

If this affects the builds of this image, we can disable the 4.0.x builds unless this is addressed.

[yosifkit]

That doesn't affect the code that the server was built with, just the version string that is embedded in the binaries, right?

If that is all, I think it is relatively harmless and will be fixed in a coming release. It will affect the value shown in SBOM scanner/generators (like those attached in the image index), but I don't think that'd change what future CVE's would apply to it.

[michaelklishin]

@yosifkit it only affects the version reported by the nodes (when the generic binary package is used) and the reported versions of plugins, including their directory names. Nothing else.

It also does not affect many other artifact types so a package built from our source tarball with the correct inputs potentially won't exhibit this problem (the source tarball does not have any version information other than Git commits of all subprojects (what's under deps).

[michaelklishin]

4.0.2 is out with a corrected version in the generic UNIX packages.

[tianon]

Excellent, will go out with docker-library/official-images#17604 👍