I've tested it now (setting the corresponding value on the Artemis CRD to ""),
and it works.
The resulting broker.xml contains:
Many thanks
Andrea
Da: Justin Bertram
Inviato: martedì 9 aprile 2024 20:45
A: users@activemq.apache.or
Dear Community
I have updated from ActiveMQ Classic 5.x to 6.1.1.
Since update to 6.1.1 the API (webapps jolokia) is unprotected and can be
accessed without basic authentication:
Example:
http://localhost:8161/api
In previous ActiveMQ Classic versions (5.x) the API was protected with
authentic
Hi,
oh, I remember this. This is exactly what I did in
https://github.com/apache/activemq/commit/c67ada04c77e9379ef25ac62d5ea1fcf20cf8b8f
, and at least /admin endpoint was tested and was properly protected after
that fix. However, I see that configuration went through couple of changes
again
Hi Vilius
Thanks for confirmation. Looking forward to see the fix in next releases ;)
Best regards
-Ursprüngliche Nachricht-
Von: Vilius Šumskas
Gesendet: Mittwoch, 10. April 2024 13:34
An: users@activemq.apache.org
Betreff: RE: Disabled authentication ActiveMQ Classic Webapps since V
You should probably create a bug ticket first :)
--
Vilius
-Original Message-
From: Zeissig, Martin
Sent: Wednesday, April 10, 2024 2:46 PM
To: users@activemq.apache.org
Subject: AW: Disabled authentication ActiveMQ Classic Webapps since V6.x
Hi Vilius
Thanks for confirmation. Lo
Hi Vilius
It's first time for me reporting issues to Apache and I must create Account for
Jira first. May I ask you or anyone else to create an official ticket?
I am also not sure if it should better be reported as vulnerability
(https://www.apache.org/security/#reporting-a-vulnerability). Beca
Hi
Thanks for the report.
Don’t worry about Jira and such I will do it for you.
I will work on a fix and submit 6.1.2 to vote asap.
Regards
JB
Le mer. 10 avr. 2024 à 14:05, Zeissig, Martin a
écrit :
> Hi Vilius
>
> It's first time for me reporting issues to Apache and I must create
> Account
Hi
We can consider a bug.
The reason of the change is because Jetty 11 doesn’t handle the patterns
the same way as Jetty 9.
So what we had as security constraint in Jetty 9 doesn’t work in Jetty 11.
Jetty 11 doesn’t allow wildcard matching the same way.
I will fix that by securing the root cont
H Martin
For the tracking, here's the Jira ticket:
https://issues.apache.org/jira/browse/AMQ-9477
The fix has been merged. We will move forward with the 6.1.2 release
including this.
Thanks for the report.
Regards
JB
On Wed, Apr 10, 2024 at 11:32 AM Zeissig, Martin
wrote:
>
> Dear Community
>
Dear ActiveMQ committers,
One question regarding 5.18.4: has this been released already?
Looking at https://activemq.apache.org/components/classic/download/ I get
confusing information:
* The Schedule & Status table shows 5.18.4 as "Last"
* Below this table I still see 5.18.3
Looking in
Hi JB
Thank you so much. Very appreciated.
Best regards
Martin
-Ursprüngliche Nachricht-
Von: Jean-Baptiste Onofré
Gesendet: Donnerstag, 11. April 2024 07:25
An: users@activemq.apache.org
Betreff: Re: Disabled authentication ActiveMQ Classic Webapps since V6.x
H Martin
For the trac
11 matches
Mail list logo
