Bug fixes

  • Fix an issue where messages replayed from datagrepper always failed signature validation despite having valid signatures (#477).
  • Fix a Python 3 incompatibility where the downloading the certificate revocation list crashed when attempting to write the file (#478).

Development improvements

  • Several loggers now use their full module path as their logger name rather than just “fedmsg” (#479).

Many thanks to all our contributors for this release:

  • Jeremy Cline
  • Chaitanya Kukde


Backwards incompatible changes

  • The --daemon option for all fedmsg commands that was deprecated in 0.19.0 has been removed. We recommend using your operating system’s init system instead. systemd unit files are available in the git repository (#470).
  • Python 2.6 is no longer supported (#469).


  • Python 3.4+ is now supported. In order to use x509 certificates to sign and verify messages, you will need cryptography v1.6+ and pyOpenSSL v16.1+. These can be installed with pip via pip install fedmsg[crypto_ng] (#449).
  • The fedmsg documentation has been re-organized (#453).

Development Improvements

  • The m2crypto unit tests were being skipped when the cryptography library was missing. This is no longer the case (#446).
  • All usage of the nose library has been removed from the tests and the dependency on nose has been removed (#448).
  • click has been added as a test dependency (#452).
  • Test coverage increased from 54.72% to 58.82%
  • Several improvements to the tox.ini file (#458).

Many thanks to all our contributors for this release:

  • Lumír ‘Frenzy’ Balhar
  • Ralph Bean
  • Jeremy Cline
  • Chenxiong Qi


0.19.1 is a bug fix release that addresses several critical regressions introduced in 0.19.0.

Bug fixes

  • Fix an issue where messages failed validation because the message certificate and signature were unicode objects (#456).
  • Fix an issue where message bodies were not deserialized from JSON before being passed to a consumer because the message bodies were unicode objects (#464).
  • Fix an issue where messages never got passed to the consumer because the message pre-processing caused an unhandled exception (#462).

Many thanks to the contributors for this release:

  • Kamil Páral
  • Jeremy Cline
  • Patrick Uiterwijk
  • Ralph Bean
  • Ricky Elrod



  • The --daemon option has been deprecated for all fedmsg commands and will be removed in a future release. We recommend using your operating system’s init system instead. systemd units and SysV init scripts are available in the git repository (#434).


  • A new command, fedmsg-signing-relay, has been added that signs messages prior to relaying them (#409).
  • A new command, fedmsg-check, can be used to check whether or not the expected fedmsg producers and consumers are running (#416).
  • If the message contains a headers key, these are placed in the message body (#437).
  • It is now possible to use cryptography and pyOpenSSL rather than m2crypto (#421).
  • The ircbot’s URL shortener service is now configurable (#430).

Bug fixes

  • Fix an issue where an AttributeError wasn’t actually raised when calling fedmsg.publish before initializing the Moksha hub and using a non-ZeroMQ publishing mechanism (#412).
  • The default configuration was missing the topic_prefix key (#431).

Development Improvements

  • fedmsg is now PEP-8 compliant ( #414, #421, #422).
  • Tox is used to enforce PEP-8, build the documentation, and run the tests with multiple versions of Python (#417).
  • The test suite is now run with pytest rather than nose. (#417).
  • Code coverage history is now tracked with

Many thanks to all our contributors for this release:

  • Elan Ruusamäe
  • Pravin Chaudhary
  • Ralph Bean
  • Jeremy Cline



  • Fix an issue introduced in 0.18.3 where monitoring sockets were not being created in the fedmsg relay (#433)



  • The environment configuration key is no longer restricted to dev, stg, and prod. It now must be an alphanumeric string (#406).

Bug fixes

  • fedmsg-logger –json-input can now handle multi-line json (#392).
  • Update the documentation on publishing to mention the endpoints configuration (#394).
  • Start re-branding the library so it’s not Fedora-specific (#391).
  • Ensure fedmsg-relay doesn’t run producers (#395).
  • Remove keys added by datagrepper from messages retrieved from the backlog (#402).

Development Improvements

  • Fix a mock used by the test suite (#405).


This is a security release which addresses CVE-2017-1000001.

Bug fixes

  • Fixes an issue in the validation logic of the base consumer which caused child consumers to not validate the authenticity of messages (5c21cf88a).


Bug fixes

  • Only check for STOMP messages after decoding any ZMQMessage (#393).

Development Improvements

  • Remove test cases for old versions of the Python six library. fedmsg only supports six-1.9 or greater (#390).



  • Cascade IRC connections (#374).
  • Get fedmsg-hub working on STOMP (#380).
  • Raise the resource limit on open files for fedmsg-hub (#381).
  • Add SSL support to irc bot (#386).

Bug fixes

  • Return earlier when validate_signatures is turned off (#388).

Documentation Improvements

  • Remove the out-dated status page from the documentation (#375).
  • Make the introduction less Fedora specific (#377).
  • Update the necessary dependencies in the Development section (#385).
  • Document turning off validation for other buses (#387).

Development Improvements

  • Turn testing Python 2.6 in Travis on (#382).

Older Changes

For older changes, consult the old changelog.