LavinMQ 2.7 RC — OAuth2, KTLS, and better control

The first release candidate for LavinMQ 2.7 is here. While we’re always working on stability, this release is about two things: making the broker easier to manage at scale and squeezing even more performance from the hardware.

OAuth2 support

This release includes OAuth2 support, allowing you to move away from traditional usernames and passwords. By using JWT (JSON Web Tokens), you can now handle authentication through your own identity provider. A clean way to manage access and rotate secrets across a large infrastructure.

Performance at the core: KTLS

This release introduces support for Kernel TLS (KTLS). Traditionally, encryption happens in “user space”, meaning the application has to do the heavy lifting before handing the data to the operating system. This creates a bottleneck as data is copied back and forth between memory buffers. KTLS moves this process directly into the kernel, reducing CPU usage and increasing throughput. The result is the security of TLS with speeds that feel much closer to a plain-text connection.

Consistent hash exchange optimization: introducing Jump

The Consistent Hash Exchange has been updated to use the Jump Consistent Hash algorithm. This change makes routing faster and more memory-efficient, especially for exchanges with a large number of queues. It ensures a more even distribution of messages while removing the overhead of managing large hash rings. Jump has been available since 2.7, but will not be set as the default until later versions.

Other improvements

Resume paused queues
It’s now possible to restart stopped queues directly from the management console.

TLS SNI and mTLS
Support for Server Name Indication (SNI) allows LavinMQ to serve multiple certificates on a single IP, making it easier to manage multi-tenant environments.

Cluster hook commands
You can now automatically trigger custom scripts whenever a node becomes a leader or stops being a leader. This is a simple way to automate tasks like updating load balancers or reconfiguring external services during a failover.

Try the release candidate

We are looking for feedback on the 2.7.0-rc.1. Check out the full release log on GitHub and let us know what you think.