Cent

[Documentation](https://fzambia.gitbooks.io/centrifugal/content/) was updated to fit all these release notes. Also all API and client libraries were updated – Javascript browser client (`centrifuge-js`), Python API client (`cent`), Django helper module (`adjacent`). API clients for Ruby (`centrifuge-ruby`) and PHP (`phpcent`) too. Admin web interface was also updated to support changes introduced here.

There are 2 new API libraries: [gocent](https://github.com/centrifugal/gocent) and [jscent](https://github.com/centrifugal/jscent). First for Go language. And second for NodeJS.

Also if you are interested take a look at [centrifuge-go](https://github.com/centrifugal/centrifuge-go) – experimental Centrifugo client for Go language. It allows to connect to Centrifugo from non-browser environment. Also it can be used as a reference to make a client in another language (still hoping that clients in Java/Objective-C/Swift to use from Android/IOS applications appear one day – but we need community help here).

How to migrate
--------------

* Use new versions of Centrifugal libraries - browser client and API client. Project key not needed in client connection parameters, in client token generation, in HTTP API client initialization.
* Another backwards incompatible change related to private channel subscriptions. Actually this is not related to Centrifugo but to Javascript client but it's better to write about it here. Centrifuge-js now sends JSON (`application/json`) request instead of `application/x-www-form-urlencoded` when client wants to subscribe on private channel. See [in docs](https://fzambia.gitbooks.io/centrifugal/content/mixed/private_channels.html) how to deal with JSON in this case.
* `--web` is now a boolean flag. Previously it was used to set path to admin web interface. Now it indicates whether or not Centrifugo must serve web interface. To provide path to custom web application directory use `--web_path` string option.

I.e. before v1 you started Centrifugo like this to use web interface:


centrifugo --config=config.json --web=/path/to/web/app


Now all you need to do is run:


centrifugo --config=config.json --web


And no need to download web interface repository at all! Just run command above and check http://localhost:8000.

If you don't want to use embedded web interface you can still specify path to your own web interface directory:


centrifugo --config=config.json --web --web_path=/path/to/web/app

======

Some upgrade steps needed to migrate to this release, see below.

This release is a major refactoring of Centrifugo internal engine. Centrifugo now uses `protobuf` format while transferring data between nodes and serializing history/presence data in Redis. We expect that all those changes **should not affect your working application code** though as new serialization format used **you may need to run** `FLUSHDB` command if using Redis engine to remove presence/history data encoded as JSON (if you don't use presence and history then no need to do this). If you have any problems with new serialization format used by Centrifugo internally – we can consider making old JSON encoding optional in future releases. Depending on how you use Centrifugo with Redis Engine those internal changes can result in nearly the same performance (if real-time content mostly generated by users online, so messages coming to Centrifugo have to be delivered to at least one client) or up to 2x API request speed up (if your real-time mostly generated by application backend itself so some messages published in channel with no active subscribers and there is no need to do JSON encoding work).

* Using SockJS 1.1 by default (actually as by default we use jsdelivr.net CDN version it will be latest minor release - at moment of writing 1.1.1) – this means that you need to also upgrade SockJS on client side to the same version (because **some iframe-based SockJS transports require exact version match on client and server**). Note that you can set desired SockJS version used by Centrifugo server via `sockjs_url` option (which is now by default `//cdn.jsdelivr.net/sockjs/1.1/sockjs.min.js`). So if you don't want to upgrade SockJS on client side or just want to fix version used or use your own hosted SockJS library (which is good if you think about old browser support and don't want to be affected by minor SockJS library releases) - use that option.
* `centrifugo version` now shows Go language version used to build binary.
* Performance and memory allocation improvements.

======

No backwards incompatible changes here. This release uses go1.6.2

* HTTP/2 support. This means that Centrifugo can utilize HTTP/2 protocol automatically - this is especially useful for HTTP-based SockJS transports (no limits for open connections per domain anymore). Note that HTTP/2 will work only when your setup utilizes `https`. Also HTTP/2 does not affect websockets because of missing protocol upgrade possibilities in HTTP/2 protocol - so websockets will work in the same way as before. Also if you have any proxy before Centrifugo then depending on your setup some reconfiguration may be required to make HTTP/2 work.

Just to remember how to test Centrifugo with SSL: [follow instructions](https://devcenter.heroku.com/articles/ssl-certificate-self) from Heroku article to generate self-signed certificate files. Then start Centrifugo like this:


./centrifugo --config=config.json --web --ssl --ssl_key=server.key --ssl_cert=server.crt


Go to https://localhost:8000/ and confirm that you trust certificate of this site (this is because of self-signed certificate, in case of valid certificate you don't need this step). Then you can test secure endpoint connections.

======

One more fix for v1.4.2 release here

* proper aliasing of `admin_password` and `admin_secret` configuration options. See [88](https://github.com/centrifugal/centrifugo/issues/88)

======

**Fix of security vulnerability introduced in v1.4.2**, see below.

* If you are using Centrifugo v1.4.2 (previous versions not affected) with admin socket enabled (with `--admin` or `--web` options) and your admin endpoint not protected by firewall somehow then you must update to this version. Otherwise it's possible to connect to admin websocket endpoint and run any command without authentication. It's recommended to update your secret key after upgrade. So sorry for this.