sync release 5.8

.github/workflows/check_markdown.yaml

@@ -1,6 +1,14 @@
 name: Check Docs
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - 'release-[0-9].[0-9]'
+      - 'release-[0-9].[0-9][0-9]'
+  pull_request:
+    branches:
+      - 'release-[0-9].[0-9]'
+      - 'release-[0-9].[0-9][0-9]'
 
 jobs:
   markdown_check:
@@ -16,6 +24,9 @@ jobs:
         markdownlint -c .github/workflows/markdown_config.json ./zh_CN
         markdownlint -c .github/workflows/markdown_config.json ./ja_JP
 
+    - name: Spell Check Repo
+      uses: crate-ci/[email protected]
+
   directory_check:
     runs-on: ubuntu-latest
     steps:

.github/workflows/deploy_docs.yaml

@@ -5,6 +5,9 @@ on:
     tags:
       - v*
   pull_request:
+    branches:
+      - 'release-[0-9].[0-9]'
+      - 'release-[0-9].[0-9][0-9]'
 
 jobs:
   prepare:

_typos.toml

@@ -0,0 +1,51 @@
+[default]
+extend-ignore-re = [
+  "[A-Fa-f0-9]{8,}",                # hexadecimal tokens
+  "[A-Za-z0-9+/=]{12,}",           # base64-like random blobs
+  "([A-Z0-9]{2,}-){2,}[A-Z0-9]+",  # cipher suites (PSK-3DES-EDE-CBC-SHA)
+  "([A-Za-z]{2,}_){1,}[A-Za-z]+"   # snake_case config fields (may contain abbreviations)
+]
+extend-ignore-words-re = ["^custome$"]
+
+[default.extend-words]
+# EMQX specific terms
+emqx = "emqx"
+kuiper = "kuiper"
+neuron = "neuron"
+mqtt = "mqtt"
+suback = "suback"
+puback = "puback"
+qos = "qos"
+mosquitto = "mosquitto"
+alis = "alis"
+wxs = "wxs" 
+
+# Technical jargon
+k8s = "k8s"
+auth = "auth"
+repo = "repo"
+schemas = "schemas"
+
+# Ordinal numbers
+1st = "1st"
+2nd = "2nd"
+3rd = "3rd"
+
+# Words that appeared in false positives
+succee = "succee"
+smal = "smal"
+siz = "siz"
+iif = "iif"
+EACG = "EACG"
+EDE = "EDE"
+HPE = "HPE"
+AKS = "AKS"
+aks = "aks"
+TKE = "TKE"
+Sur = "Sur"
+
+[default.extend-identifiers]
+iif = "iif"
+
+[files]
+extend-exclude = ["redocly", "cfg-manual-docgen", "hocon"]

dir.yaml

@@ -6,7 +6,7 @@
 # - A doc node may have edition: ee for enterprise only content
 #
 # Grouping node
-# - Must have a 'title_en' (English), 'title_cn' (Chinese), 'title_ja' (Japanese) is optional wehn no need to translate. e.g. FAQ
+# - Must have a 'title_en' (English), 'title_cn' (Chinese), 'title_ja' (Japanese) is optional when no need to translate. e.g. FAQ
 # - Parent nodes must NOT have a 'path'
 #
 # Content node can be one of:

en_US/access-control/authz/file.md

@@ -103,7 +103,7 @@ Where,
 
 - `type`: Data source types of authorizer; here is `file`.
 - `enable`: Whether to activate the authorizer; optional value: `true`, `false`.
-- `path`: Configuration file path; default value: `etc/acl.conf`. If file-based authorizer is editted through Dashboard or REST API, EMQX stores the new file to `data/authz/acl.conf` and stops reading the configuration in the original file.
+- `path`: Configuration file path; default value: `etc/acl.conf`. If file-based authorizer is edited through Dashboard or REST API, EMQX stores the new file to `data/authz/acl.conf` and stops reading the configuration in the original file.
 
 <!--For detailed parameter list, see [authz-file](../../configuration/configuration-manual.html#authz-file). Need to update the link later-->
 

en_US/admin/cli.md

@@ -365,7 +365,7 @@ emqx_a -> topic:t/1 qos:0 nl:0 rh:0 rap:0
 
 ### subscriptions add \<ClientId\> \<Topic\> \<QoS\>
 
-Mannually add a subscription.
+Manually add a subscription.
 
 ```bash
 $ emqx ctl subscriptions add emqx_a t/1 1
@@ -1528,7 +1528,7 @@ Currently there are by default 5 registered gateways:
 * mqttsn
 * stomp
 
-EMQX is designed to be plugable, so that more gateways can be installed as pluginsand register to EMQX at runtime.
+EMQX is designed to be pluggable, so that more gateways can be installed as pluginsand register to EMQX at runtime.
 Once registered, a gateway can be managed with management APIs and CLIs (see `gateway` command below).
 
 ## gateway-clients

en_US/changes/auth-4.4-to-5.1-compatibility.md

@@ -394,7 +394,7 @@ backend = mongodb
 
 - `srv_record`, `username`, `password`, `auth_source`, `database`, `w_mode`, `topology`, `collection` are retained.
 
-- `r_mode` is availalable only for `rs` type.
+- `r_mode` is available only for `rs` type.
 
 - `pool` is changed to `pool_size`.
 
@@ -1156,7 +1156,7 @@ type = mongodb
   - For `rs`, `sharded` to `servers`
   - For `single` to `server`
 - `srv_record`, `username`, `password`, `auth_source`, `database`, `w_mode`, `topology`, `collection` are retained.
-- `r_mode` is availalable only for `rs` type.
+- `r_mode` is available only for `rs` type.
 - `pool` is changed to `pool_size`.
 - `ssl.*` is changed to common SSL options. Refer to [TLS for External Resource Access](../network/overview.md#tls-for-external-resource-access).
 - `auth_query.selector` is changed to `filter`. The filter should not be a string, but the whole selector data structure.  `${var`}-style [placeholders](../access-control/authn/authn.md#authentication-placeholders) may be used in selector values.

en_US/changes/breaking-changes-5.1.0.md

@@ -153,7 +153,7 @@ The previous official plugins have been migrated to EMQX as built-in functions.
 | emqx_bridge_mqtt | Data Bridge - MQTT Bridge                                 |
 | emqx_web_hook    | Data Bridge - HTTP Server                                 |
 | emqx_coap        | CoAP Gateway                                              |
-| emqx_dashboard   | Dasboard                                                  |
+| emqx_dashboard   | Dashboard                                                  |
 | emqx_exhook      | ExHook                                                    |
 | emqx_exproto     | ExProto Gateway                                           |
 | emqx_lwm2m       | LwM2M Gateway                                             |

en_US/changes/breaking-changes-ce-5.4.md

@@ -4,7 +4,7 @@
 
 - [#11994](https://github.com/emqx/emqx/pull/11994) Stopped releasing packages for Windows.
 
-- [#11998](https://github.com/emqx/emqx/pull/11998) Stopped releasing packages for MacOS 11 (BigSur).
+- [#11998](https://github.com/emqx/emqx/pull/11998) Stopped releasing packages for MacOS 11 (Big Sur).
 
 - [#12112](https://github.com/emqx/emqx/pull/12112) Stopped supporting UDP multicast based clustering strategy.
 

en_US/changes/breaking-changes-ce-5.8.md

@@ -24,7 +24,7 @@
 
 ## v5.8.1
 
-- [#13792](https://github.com/emqx/emqx/pull/13792) The default expiration time for a banned item that is created without an `until` value is now `infinity` (previsouly capped at 1 year limit).
+- [#13792](https://github.com/emqx/emqx/pull/13792) The default expiration time for a banned item that is created without an `until` value is now `infinity` (previously capped at 1 year limit).
 
 - [#13742](https://github.com/emqx/emqx/pull/13742) Fixed an issue when a client would receive retained messages for a topic starting with `$` when it subscribed to topic `#` or `+`.
 

en_US/changes/breaking-changes-ee-5.4.md

@@ -2,7 +2,7 @@
 
 ## e5.4.0
 
-- [#11998](https://github.com/emqx/emqx/pull/11998) Stopped releasing packages for MacOS 11 (BigSur).
+- [#11998](https://github.com/emqx/emqx/pull/11998) Stopped releasing packages for MacOS 11 (Big Sur).
 
 - [#12112](https://github.com/emqx/emqx/pull/12112) Stopped supporting UDP multicast based clustering strategy.
 

en_US/changes/breaking-changes-ee-5.8.md

@@ -47,7 +47,7 @@
 
 ## e5.8.1
 
-- [#13792](https://github.com/emqx/emqx/pull/13792) The default expiration time for a banned item that is created without an `until` value is now `infinity` (previsouly capped at 1 year limit).
+- [#13792](https://github.com/emqx/emqx/pull/13792) The default expiration time for a banned item that is created without an `until` value is now `infinity` (previously capped at 1 year limit).
 
 - [#13742](https://github.com/emqx/emqx/pull/13742) Fixed an issue when a client would receive retained messages for a topic starting with `$` when it subscribed to topic `#` or `+`.
 

en_US/changes/changes-ce-5.4.md

@@ -56,7 +56,7 @@
 
   - Bypassing network for the local calls.
 
-  - Avoid senstive data leaking in debug logs [#12202](https://github.com/emqx/emqx/pull/12202)
+  - Avoid sensitive data leaking in debug logs [#12202](https://github.com/emqx/emqx/pull/12202)
 
 - [#12111](https://github.com/emqx/emqx/pull/12111) Fixed an issue when API tokens were sometimes unavailable immediately after login due to race condition.
 

en_US/changes/changes-ce-v3.md

@@ -94,7 +94,7 @@ Github Commit: [emqx/emqx-web-hook#3dd041](https://github.com/emqx/emqx-web-hook
 
 _Release Date: 2019-10-28_
 
-EMQX 3.2.4 is now available. This version mainly adds IPv6 support for Dashbaord and REST APIs, and fixes some bugs.
+EMQX 3.2.4 is now available. This version mainly adds IPv6 support for Dashboard and REST APIs, and fixes some bugs.
 
 Bug fixes:
 
@@ -118,7 +118,7 @@ Github Issue: [emqx/emqx#2937](https://github.com/emqx/emqx/issues/2937)
 
 Enhancements:
 
-- Support for IPv6 access to Dashbaord
+- Support for IPv6 access to Dashboard
 
 Github PR: [emqx/emqx-dashboard#161](https://github.com/emqx/emqx-dashboard/pull/161)
 
@@ -164,7 +164,7 @@ GitHub Commit: [emqx/emqx#9cdaa7](https://github.com/emqx/emqx/commit/9cdaa71a66
 
 Github Commit: [emqx/emqx#31671f](https://github.com/emqx/emqx/commit/31671f5ee5516e04ca6c648679f030b790c84fd9)
 
-- Fix the issue thar placeholder like '%c' in mountpoint doesn't take effect
+- Fix the issue that placeholder like '%c' in mountpoint doesn't take effect
 
 Github Commit: [emqx/emqx#58ba22](https://github.com/emqx/emqx/commit/58ba22dfc79ce81ac74fffae60a624d2238585ca)
 
@@ -232,7 +232,7 @@ Github PR: [emqx/emqx#2696](https://github.com/emqx/emqx/pull/2696)
 
 Bug fixes:
 
-- Fix the issue that encouter crash when Websocket sessions go offline abnormally
+- Fix the issue that encounter crash when Websocket sessions go offline abnormally
 
 Github PR: [emqx/emqx#2697](https://github.com/emqx/emqx/pull/2697)
 
@@ -550,7 +550,7 @@ The EMQX 3.0.0 is now available. In this release, we have re-designed the ETS ta
 
 Enhancements:
 
-- Move addtional vm args to a separate vm.args file
+- Move additional vm args to a separate vm.args file
 
 Github PR: [emqx/emqx#2033](https://github.com/emqx/emqx/pull/2033) , [emqx/emqx#2057](https://github.com/emqx/emqx/pull/2057) , [emqx/emqx#2070](https://github.com/emqx/emqx/pull/2070)
 
@@ -896,7 +896,7 @@ Support node cookie value with = characters. (emq-relx#146)
 
 ### mochiweb
 
-Improve Req:get(peername) funciton to support x-forwarded-for and x-remote-port . (emqtt/mochiweb#9)
+Improve Req:get(peername) function to support x-forwarded-for and x-remote-port . (emqtt/mochiweb#9)
 
 ## 2.3.0 "Passenger's Log"
 
@@ -974,7 +974,7 @@ Newline character in emq.conf causing error;(emqttd#1000)
 
 Fix crash caused by duplicated PUBREC packet (emqttd#1004)
 
-Unload the 'session.created' and 'session.teminated' hooks (emq-plugin-template)
+Unload the 'session.created' and 'session.terminated' hooks (emq-plugin-template)
 
 ## 2.1.1
 

en_US/changes/changes-ce-v4.md

@@ -267,7 +267,7 @@ a node restart (and configuration change) is required.
 - Add a warning log if the ACL check failed for subscription [#9124](https://github.com/emqx/emqx/pull/9124).
   This is to make the ACL deny logging for subscription behave the same as for publish.
 
-- JWT ACL claim supports `all` action to imply the rules applie to both `pub` and `sub` [#9044](https://github.com/emqx/emqx/pull/9044).
+- JWT ACL claim supports `all` action to imply the rules apply to both `pub` and `sub` [#9044](https://github.com/emqx/emqx/pull/9044).
 
 - Added a log censor to avoid logging sensitive data [#9189](https://github.com/emqx/emqx/pull/9189).
   If the data to be logged is a map or key-value list which contains sensitive key words such as `password`, the value is obfuscated as `******`.
@@ -283,7 +283,7 @@ a node restart (and configuration change) is required.
   Meaning, if a plugin (or module) is restarted after initial boot, it may get ordered to the end of the list.
   With this config, you may set the order with a comma-speapated ACL or auth plugin names (or aliases).
   For example: `acl_order = jwt,http`, this will make sure `jwt` is always checked before `http`,
-  meaning if JWT is not found (or no `acl` cliam) for a client, then the ACL check will fallback to use the HTTP backend.
+  meaning if JWT is not found (or no `acl` claim) for a client, then the ACL check will fallback to use the HTTP backend.
 
 - Added configurations to enable more `client.disconnected` events (and counter bumps) [#9267](https://github.com/emqx/emqx/pull/9267).
   Prior to this change, the `client.disconnected` event (and counter bump) is triggered when a client
@@ -325,7 +325,7 @@ a node restart (and configuration change) is required.
   Note that the `id` in `POST /api/v4/rules` should be literals (not encoded) when creating a `rule` or `resource`.
   See docs [Create Rule](https://docs.emqx.com/en/enterprise/v4.4/advanced/http-api.html#post-api-v4-rules) [Create Resource](https://docs.emqx.com/en/enterprise/v4.4/advanced/http-api.html#post-api-v4-resources).
 
-- Calling 'DELETE /alarms/deactivated' now deletes deactived alarms on all nodes, including remote nodes, not just the local node [#9280](https://github.com/emqx/emqx/pull/9280).
+- Calling 'DELETE /alarms/deactivated' now deletes deactivated alarms on all nodes, including remote nodes, not just the local node [#9280](https://github.com/emqx/emqx/pull/9280).
 
 - When republishing messages or bridge messages to other brokers, check the validity of the topic and make sure it does not have topic wildcards [#9291](https://github.com/emqx/emqx/pull/9291).
 
@@ -352,7 +352,7 @@ a node restart (and configuration change) is required.
   published when a client is denied connection [#8894](https://github.com/emqx/emqx/pull/8894).
 
 - More rigorous checking of flapping to improve stability of the system [#9045](https://github.com/emqx/emqx/pull/9045).
-  Previsouly only normal disconnects are counted, now the connection rejections (e.g. authentication failure) is also included.
+  Previously only normal disconnects are counted, now the connection rejections (e.g. authentication failure) is also included.
   Find more about flapping detection in [EMQX document](https://docs.emqx.com/en/enterprise/v4.3/configuration/configuration.html#flapping-detect-policy)
 
 - QoS1 and QoS2 messages in session's buffer are re-dispatched to other members in the group
@@ -525,7 +525,7 @@ a node restart (and configuration change) is required.
 - Fix the issue that the alarm was not cleared when the rule engine resource was deleted
 - Fix Dashboard HTTPS listener's `verify` option not taking effect
 - Fix the issue that messages were lost when the peer session was terminated during the delivery of QoS 1 messages through shared subscriptions
-- Fix the issue that when the log tracer encounters large packets, the heap size grows too fast and triggers the policy of forcibly closeing the connection process
+- Fix the issue that when the log tracer encounters large packets, the heap size grows too fast and triggers the policy of forcibly closing the connection process
 - Fix the issue that the MQTT-SN client would be disconnected when retransmitting QoS 2 messages
 - Fix the issue that the subscriber's connection was disconnected due to the wrong user properties type in the message publishing API `api/v4/mqtt/publish`
 - Fix the issue that some authentication algorithms were unavailable due to the PostgreSQL driver not adapting to OTP 24
@@ -640,7 +640,7 @@ The compare base of this change set is 4.3.12
     providing the possibility to release EMQX on multiple Erlang/OTP versions
   * `centos` is renamed to `el`. This is mainly due to centos8 being dead (replaced with rockylinux8)
 
-- MongoDB authentication supports DNS SRV and TXT Records resolution, which can seamlessly connect with MongoDB Altas
+- MongoDB authentication supports DNS SRV and TXT Records resolution, which can seamlessly connect with MongoDB Atlas
 
 - Support dynamic modification of MQTT Keep Alive to adapt to different energy consumption strategies.
 
@@ -703,7 +703,7 @@ The compare base of this change set is 4.3.12
 - Add a warning log if the ACL check failed for subscription [#9124](https://github.com/emqx/emqx/pull/9124).
   This is to make the ACL deny logging for subscription behave the same as for publish.
 
-- JWT ACL claim supports `all` action to imply the rules applie to both `pub` and `sub` [#9044](https://github.com/emqx/emqx/pull/9044).
+- JWT ACL claim supports `all` action to imply the rules apply to both `pub` and `sub` [#9044](https://github.com/emqx/emqx/pull/9044).
 
 - Added a log censor to avoid logging sensitive data [#9189](https://github.com/emqx/emqx/pull/9189).
   If the data to be logged is a map or key-value list which contains sensitive key words such as `password`, the value is obfuscated as `******`.
@@ -719,7 +719,7 @@ The compare base of this change set is 4.3.12
   Meaning, if a plugin (or module) is restarted after initial boot, it may get ordered to the end of the list.
   With this config, you may set the order with a comma-speapated ACL or auth plugin names (or aliases).
   For example: `acl_order = jwt,http`, this will make sure `jwt` is always checked before `http`,
-  meaning if JWT is not found (or no `acl` cliam) for a client, then the ACL check will fallback to use the HTTP backend.
+  meaning if JWT is not found (or no `acl` claim) for a client, then the ACL check will fallback to use the HTTP backend.
 
 - Added configurations to enable more `client.disconnected` events (and counter bumps) [#9267](https://github.com/emqx/emqx/pull/9267).
   Prior to this change, the `client.disconnected` event (and counter bump) is triggered when a client
@@ -757,7 +757,7 @@ The compare base of this change set is 4.3.12
   Note that the `id` in `POST /api/v4/rules` should be literals (not encoded) when creating a `rule` or `resource`.
   See docs [Create Rule](https://docs.emqx.com/en/enterprise/v4.4/advanced/http-api.html#post-api-v4-rules) [Create Resource](https://docs.emqx.com/en/enterprise/v4.4/advanced/http-api.html#post-api-v4-resources).
 
-- Calling 'DELETE /alarms/deactivated' now deletes deactived alarms on all nodes, including remote nodes, not just the local node [#9280](https://github.com/emqx/emqx/pull/9280).
+- Calling 'DELETE /alarms/deactivated' now deletes deactivated alarms on all nodes, including remote nodes, not just the local node [#9280](https://github.com/emqx/emqx/pull/9280).
 
 - When republishing messages or bridge messages to other brokers, check the validity of the topic and make sure it does not have topic wildcards [#9291](https://github.com/emqx/emqx/pull/9291).
 
@@ -953,7 +953,7 @@ The compare base of this change set is 4.3.12
 - Fix the issue that the alarm was not cleared when the rule engine resource was deleted
 - Fix Dashboard HTTPS listener's `verify` option not taking effect
 - Fix the issue that messages were lost when the peer session was terminated during the delivery of QoS 1 messages through shared subscriptions
-- Fix the issue that when the log tracer encounters large packets, the heap size grows too fast and triggers the policy of forcibly closeing the connection process
+- Fix the issue that when the log tracer encounters large packets, the heap size grows too fast and triggers the policy of forcibly closing the connection process
 - Fix the issue that the MQTT-SN client would be disconnected when retransmitting QoS 2 messages
 - Fix the issue that the returned results did not match the query conditions when querying subscriptions with multiple conditions
 - Fix rule engine resource connection test not working
@@ -1194,7 +1194,7 @@ EMQX 4.3.8 is released now, it mainly includes the following changes:
 
   Github PR: [emqx#5436](https://github.com/emqx/emqx/pull/5436)
 
-> Note: Starting from this version, CentoOS 7 requires the use of openssl 1.1.1. For the installation method of openssl upgrade, please refer to: [FAQ - Incorrect OpenSSL Vesion](https://docs.emqx.com/en/enterprise/v4.3/faq/error.html#incorrect-openssl-version)
+> Note: Starting from this version, CentoOS 7 requires the use of openssl 1.1.1. For the installation method of openssl upgrade, please refer to: [FAQ - Incorrect OpenSSL Version](https://docs.emqx.com/en/enterprise/v4.3/faq/error.html#incorrect-openssl-version)
 
 ## 4.3.7