Skip to content

What's New in HiveMQ 4.31?

by HiveMQ Team

The HiveMQ team is proud to announce the release of HiveMQ Enterprise MQTT Platform 4.31. This release introduces HTTP header authentication for clients using MQTT over WebSockets, new Health API metrics, expanded Audit Log tracking that includes the HiveMQ REST API and Control Center, and numerous performance enhancements and useability improvements.

Highlights

  • New HTTP-header/WebSocket client authentication method
  • Expanded Audit Log to include the HiveMQ REST API and Control Center

Use HTTP headers to authenticate clients using MQTT over WebSockets

Browser-based web applications can use the WebSocket protocol to connect to HiveMQ and establish an MQTT connection. HiveMQ implements all RFC6555 WebSocket standards and provides native support for all common WebSocket versions. Our latest 4.31 release adds the ability to authenticate such applications using HTTP headers.

How it works

Similar to what is already supported for REST API pipelines, the Enterprise Security Extension now allows you to configure an HTTP headers preprocessor for MQTT listener pipelines using MQTT over WebSockets. The new preprocessor also supports the extraction of cookie headers for MQTT and REST API pipelines.

Example of an HTTP Headers preprocessor with cookie extraction on an MQTT listener pipeline:

<enterprise-security-extension>
    ...
    <pipelines>
        <listener-pipeline listener="websocket">
            <authentication-preprocessors>
                <http-headers-preprocessor>
                    <cookie-extraction>
                        <cookie-name>mycookie</cookie-name>
                    </cookie-extraction>
                </http-headers-preprocessor>
            </authentication-preprocessors>
            ...
        </listener-pipeline>
    </pipelines>
</enterprise-security-extension>

How it helps

MQTT clients using MQTT over WebSockets can now use header-based authentication/authorization without having to send the password in the MQTT password field. The HTTP headers are extracted from the WebSocket handshake request and then processed by ESE.

One possible use case is to take advantage of HTTP-only cookies in browser-based applications. For more information and configuration details, see HTTP Headers Preprocessor.

Added REST API and Control Center Events to Audit Log

The HiveMQ Audit Log is a powerful, long-standing feature of the HiveMQ Enterprise Edition broker that provides a single, unified log for tracking auditing-relevant data. Starting with HiveMQ 4.31, you can also track all HiveMQ REST API and Control Center events via the Audit Log feature. The expanded log lets you know precisely who had access to which information and when the access occurred.

How it works

The HiveMQ Audit Log is enabled by default and lets you access an overview of all actions performed on your HiveMQ deployment.

Example audit log entries:

2024-07-29T13:01:04,700+02:00 | user:"hivemq" | IP:"127.0.0.1" | node:"NfEYa" | source:"control-center [Default Login]" | Logged in successful
2024-07-29T13:50:55,317+02:00 | user:"hivemq" | IP:"127.0.0.1" | node:"NfEYa" | source:"control-center" | Saved new script
2024-07-29T13:51:04,838+02:00 | user:"hivemq" | IP:"127.0.0.1" | node:"NfEYa" | source:"control-center" | Saved new schema
2024-07-29T13:53:19,929+02:00 | user:"hivemq" | IP:"127.0.0.1" | node:"NfEYa" | source:"control-center" | Created instance for module with name 'hivemq-duplicate-message' and version '0.1.0'
2024-07-29T13:53:28,048+02:00 | user:"hivemq" | IP:"127.0.0.1" | node:"NfEYa" | source:"control-center" | Disabled instance for module with name 'hivemq-duplicate-message' and version '0.1.0'
2024-07-29T13:53:32,186+02:00 | user:"hivemq" | IP:"127.0.0.1" | node:"NfEYa" | source:"control-center" | Enabled instance for module with name 'hivemq-duplicate-message' and version '0.1.0'
2024-07-29T14:01:20,586+02:00 | user:"hivemq" | IP:"127.0.0.1" | node:"NfEYa" | source:"control-center" | Saved new schema

The example log lists Data Hub changes the user named hivemq initiated from the HiveMQ Control Center.

The new functionality can be enabled/disabled in your HiveMQ configuration file:

<hivemq>
<security>
	<control-center-audit-log>
		<enabled>true</enabled>
	</control-center-audit-log>
	<rest-api-audit-log>
		<enabled>true</enabled>
	</rest-api-audit-log>
</security>
</hivemq>

How it Helps

The HiveMQ Audit Log is a HiveMQ Enterprise Edition feature that supports multiple use cases from troubleshooting to detecting unauthorized access to compliance validation. The latest version adds a clear overview of all changes made with the HiveMQ REST API and all Data Hub changes initiated from the HiveMQ Control Center. For a detailed list of all available HiveMQ Audit Log events, see HiveMQ Audit Log.

More Noteworthy Features and Improvements

HiveMQ Enterprise MQTT Broker

  • Improve request handling to reduce latency and CPU consumption.
  • Streamlined internal task management to increase efficiency and boost message throughput on larger machines.
  • Fixed an issue that could allow invalid packet IDs when using MQTT 3.
  • Improved message throughput for machines with multiple CPU cores.
  • Improved resource usage to boost message throughput.
  • Reduced end-to-end message latency and memory footprint to heighten broker efficiency.
  • Fixed an issue that could cause an unnecessary error message to be logged during prolonged high-memory usage.
  • Fixed an issue that could prevent correct message delivery during a cluster topology change.

HiveMQ Health API

  • Added metrics for the system, extension, and health group endpoints of the Health API that expose the health state of the broker as numeric values.

HiveMQ Data Hub

  • Fixed an issue that could significantly lengthen the time needed to create a script.
  • Improved script and schema handling to allow immediate deletion once all referenced policies are removed with no waiting period.
  • Streamlined module instance handling to allow instances to be directly deleted without being first disabled.
  • Fixed an issue in the control center navigation for modules that did not reflect the current system configuration and permissions.

HiveMQ Enterprise Security Extension

  • Fixed an issue that could cause the REST API pipeline to return an incorrect WWW-Authenticate response header.
  • Added the ability to configure cookie extraction on an HTTP Headers preprocessor.
  • Fixed an issue to ensure case-insensitive handling of request header names in the HTTP Headers preprocessor.

HiveMQ Enterprise Extension for Kafka

  • Fixed an issue that incorrectly allowed extension configuration files with an invalid root tag.
  • Added the option to enable schema configuration validation (disabled by default).

HiveMQ Enterprise Data Lake Extension

  • Added the ability to bind custom key-value metadata to uploaded Parquet files with the Parquet processor.

HiveMQ Enterprise Bridge Extension

  • Fixed an issue that could intermittently throw a Null Pointer Exception during broker startup when a Bridge extension in SUB mode is used.

HiveMQ Enterprise Extension for MongoDB

  • Added new retry behavior for insert statements that fail due to database connection errors to avoid possible data loss.

HiveMQ MQTT CLI

  • Added support for ARM-based platforms to the MQTT CLI container image.

Get Started Today

To upgrade to HiveMQ 4.31 from a previous HiveMQ version, follow our HiveMQ Upgrade Guide. To learn more about all the features the HiveMQ Platform offers, explore the HiveMQ User Guide.

HiveMQ Team

The HiveMQ team loves writing about MQTT, Sparkplug, Industrial IoT, protocols, how to deploy our platform, and more. We focus on industries ranging from energy, to transportation and logistics, to automotive manufacturing. Our experts are here to help, contact us with any questions.

HiveMQ logo
Review HiveMQ on G2