H Martin
For the tracking, here's the Jira ticket:
https://issues.apache.org/jira/browse/AMQ-9477
The fix has been merged. We will move forward with the 6.1.2 release
including this.
Thanks for the report.
Regards
JB
On Wed, Apr 10, 2024 at 11:32 AM Zeissig, Martin
wrote:
>
> Dear Community
>
Hi
We can consider a bug.
The reason of the change is because Jetty 11 doesn’t handle the patterns
the same way as Jetty 9.
So what we had as security constraint in Jetty 9 doesn’t work in Jetty 11.
Jetty 11 doesn’t allow wildcard matching the same way.
I will fix that by securing the root cont
have a security issue now.
>
> I wanted to report the issue as friendly hint only.
>
> Best regards
>
> Martin
>
>
> -Ursprüngliche Nachricht-
> Von: Vilius Šumskas
> Gesendet: Mittwoch, 10. April 2024 13:47
> An: users@activemq.apache.org
> Betreff:
. Looking forward to see the fix in next releases ;)
Best regards
-Ursprüngliche Nachricht-
Von: Vilius Šumskas
Gesendet: Mittwoch, 10. April 2024 13:34
An: users@activemq.apache.org
Betreff: RE: Disabled authentication ActiveMQ Classic Webapps since V6.x
Hi,
oh, I remember this. This is
Hi,
oh, I remember this. This is exactly what I did in
https://github.com/apache/activemq/commit/c67ada04c77e9379ef25ac62d5ea1fcf20cf8b8f
, and at least /admin endpoint was tested and was properly protected after
that fix. However, I see that configuration went through couple of changes
again
