From 02ef854f0ff31387ee85d954b1e26c1e65213f1a Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Fri, 29 Sep 2023 08:54:41 +0200
Subject: [PATCH 1/6] fix(ldap): no crash when no query result is empty list

---
 apps/emqx_ldap/src/emqx_ldap.erl | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/apps/emqx_ldap/src/emqx_ldap.erl b/apps/emqx_ldap/src/emqx_ldap.erl
index 628397ff3..82f749967 100644
--- a/apps/emqx_ldap/src/emqx_ldap.erl
+++ b/apps/emqx_ldap/src/emqx_ldap.erl
@@ -262,10 +262,12 @@ do_ldap_query(
                 ldap_connector_query_return,
                 #{result => Result}
             ),
-            case Result#eldap_search_result.entries of
-                [_] = Entry ->
-                    {ok, Entry};
-                [_ | _] = L ->
+            Entries = Result#eldap_search_result.entries,
+            Count = length(Entries),
+            case Count =< 1 of
+                true ->
+                    {ok, Entries};
+                false ->
                     %% Accept only a single exact match.
                     %% Multiple matches likely indicate:
                     %% 1. A misconfiguration in EMQX, allowing overly broad query conditions.
@@ -276,7 +278,7 @@ do_ldap_query(
                         error,
                         LogMeta#{
                             msg => "ldap_query_found_more_than_one_match",
-                            count => length(L)
+                            count => length(Entries)
                         }
                     ),
                     {error, {unrecoverable_error, Msg}}

From c2d750aa094e28a8e4ac32c8bf6c99717d6a3c7c Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Fri, 29 Sep 2023 09:20:42 +0200
Subject: [PATCH 2/6] fix(resource): redact query args in exception log

---
 apps/emqx_resource/src/emqx_resource_buffer_worker.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/emqx_resource/src/emqx_resource_buffer_worker.erl b/apps/emqx_resource/src/emqx_resource_buffer_worker.erl
index e8b595630..c75770673 100644
--- a/apps/emqx_resource/src/emqx_resource_buffer_worker.erl
+++ b/apps/emqx_resource/src/emqx_resource_buffer_worker.erl
@@ -856,7 +856,7 @@ handle_query_result(Id, Result, HasBeenSent) ->
     {ack | nack, function(), counters()}.
 handle_query_result_pure(_Id, ?RESOURCE_ERROR_M(exception, Msg), _HasBeenSent) ->
     PostFn = fun() ->
-        ?SLOG(error, #{msg => "resource_exception", info => Msg}),
+        ?SLOG(error, #{msg => "resource_exception", info => emqx_utils:redact(Msg)}),
         ok
     end,
     {nack, PostFn, #{}};

From 6891234390c2f1135bab7eb9778293738e73c9a5 Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Fri, 29 Sep 2023 09:48:15 +0200
Subject: [PATCH 3/6] chore: return simplified error reason for less logging

---
 .../emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl
index de789df0b..499e24c5b 100644
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl
@@ -135,11 +135,13 @@ login(
                     ensure_user_exists(Username);
                 {ok, #{result := 'invalidCredentials'} = Reason} ->
                     {error, Reason};
-                {error, _} = Error ->
-                    Error
+                {error, _Reason} ->
+                    %% All error reasons are logged in resource buffer worker
+                    {error, ldap_bind_query_failed}
             end;
-        {error, _} = Error ->
-            Error
+        {error, _Reason} ->
+            %% All error reasons are logged in resource buffer worker
+            {error, ldap_query_failed}
     end.
 
 ensure_user_exists(Username) ->

From 1177a32310bc0036d8b4d29cac28a83d957b1ea6 Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Fri, 29 Sep 2023 09:49:27 +0200
Subject: [PATCH 4/6] chore: bump version to 5.3.0-rc.2

---
 apps/emqx/include/emqx_release.hrl       | 2 +-
 deploy/charts/emqx-enterprise/Chart.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl
index 381c5fa13..001860ce6 100644
--- a/apps/emqx/include/emqx_release.hrl
+++ b/apps/emqx/include/emqx_release.hrl
@@ -35,7 +35,7 @@
 -define(EMQX_RELEASE_CE, "5.3.0").
 
 %% Enterprise edition
--define(EMQX_RELEASE_EE, "5.3.0-rc.1").
+-define(EMQX_RELEASE_EE, "5.3.0-rc.2").
 
 %% The HTTP API version
 -define(EMQX_API_VERSION, "5.0").
diff --git a/deploy/charts/emqx-enterprise/Chart.yaml b/deploy/charts/emqx-enterprise/Chart.yaml
index e0720bad9..a9c50d086 100644
--- a/deploy/charts/emqx-enterprise/Chart.yaml
+++ b/deploy/charts/emqx-enterprise/Chart.yaml
@@ -14,8 +14,8 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 5.3.0-rc.1
+version: 5.3.0-rc.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 5.3.0-rc.1
+appVersion: 5.3.0-rc.2

From dc147fd310ea73ceaf25300486ea7fc2b27f0517 Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Fri, 29 Sep 2023 10:30:14 +0200
Subject: [PATCH 5/6] fix(rule-engine): console action has no args field

---
 apps/emqx_rule_engine/src/emqx_rule_runtime.erl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/emqx_rule_engine/src/emqx_rule_runtime.erl b/apps/emqx_rule_engine/src/emqx_rule_runtime.erl
index 74396dbc8..aac38ee37 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_runtime.erl
+++ b/apps/emqx_rule_engine/src/emqx_rule_runtime.erl
@@ -361,8 +361,9 @@ do_handle_action(RuleId, {bridge, BridgeType, BridgeName, ResId}, Selected, _Env
         Result ->
             Result
     end;
-do_handle_action(RuleId, #{mod := Mod, func := Func, args := Args}, Selected, Envs) ->
+do_handle_action(RuleId, #{mod := Mod, func := Func} = Action, Selected, Envs) ->
     %% the function can also throw 'out_of_service'
+    Args = maps:get(args, Action, []),
     Result = Mod:Func(Selected, Envs, Args),
     inc_action_metrics(RuleId, Result),
     Result.

From c64e599e811bc28ff9a19a2bbae696a0f230b90e Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Fri, 29 Sep 2023 10:33:11 +0200
Subject: [PATCH 6/6] docs: document how to retrieve peercert

---
 apps/emqx/src/emqx_channel.erl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/emqx/src/emqx_channel.erl b/apps/emqx/src/emqx_channel.erl
index 8669aea8e..e4d04cf6b 100644
--- a/apps/emqx/src/emqx_channel.erl
+++ b/apps/emqx/src/emqx_channel.erl
@@ -1996,6 +1996,8 @@ trim_conninfo(ConnInfo) ->
             %% NOTE
             %% We remove the peercert because it duplicates what's stored in the socket,
             %% otherwise it wastes about 1KB per connection.
+            %% Retrieve with: esockd_transport:peercert(Socket).
+            %% Decode with APIs exported from esockd_peercert and esockd_ssl
             peercert
         ],
         ConnInfo