We upgraded activemq 5.13.1 to activemq 5.15.7 to over come the security vulnerable to CVE-2015-5254 and CVE-2014-3612. for ref: here are the links for each CVE: http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2 http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2
After upgrading we hit with following issues while getting LDAP user informations . Following are the stack trace : 05:23:14.576 0x14d7a00 j9trc_aux.1 - [53] org.eclipse.core.launcher.Main.basicRun (Main.java:282) 05:23:14.576 0x14d7a00 j9trc_aux.1 - [54] org.eclipse.core.launcher.Main.run (Main.java:981) 05:23:14.576 0x14d7a00 j9trc_aux.1 - [55]com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse (WSPreLauncher.java:411) 05:23:14.576 0x14d7a00 j9trc_aux.1 - [56] com.ibm.wsspi.bootstrap.WSPreLauncher.main (WSPreLauncher.java:173) *05:23:14.576 0x14d7a00 mt.9 < java/security/Security.insertProviderAt(Ljava/security/Provider;I)I bytecode static method* *05:23:14.576 0x14d7a00 mt.9 < java/security/Security.addProvider(Ljava/security/Provider;)I bytecode static method* *05:23:18.255*0x3251c00 mt.3 > java/security/Security.insertProviderAt(Ljava/security/Provider;I)I bytecode static method* *05:23:18.255 0x3251c00 j9trc_aux.0 - jstacktrace:* *05:23:18.255 0x3251c00 j9trc_aux.1 - [1] java.security.Security.insertProviderAt (Security.java:369)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [2] org.apache.activemq.broker.BrokerService.<clinit> (BrokerService.java:275)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [3]com.ibm.tivoli.rest.event.amq.AMQPropertiesBrokerFactory.createBroker (AMQPropertiesBrokerFactory.java:30)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [4]org.apache.activemq.broker.BrokerFactory.createBroker (BrokerFactory.java:71)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [5]org.apache.activemq.broker.BrokerFactory.createBroker (BrokerFactory.java:54)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [6]com.ibm.tivoli.rest.event.amq.AMQEventRouterFactory.startBroker (AMQEventRouterFactory.java:430)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [7]com.ibm.tivoli.rest.event.amq.AMQEventRouterFactory.start (AMQEventRouterFactory.java:151)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [8]com.ibm.tivoli.rest.event.EventRouterFactory.getInstance (EventRouterFactory.java:43)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [9] com.ibm.tivoli.rest.amq.AjaxServlet.<init> (AjaxServlet.java:59)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [10] java.lang.J9VMInternals.newInstanceImpl (Native Method)* *05:23:18.255 0x3251c00 j9trc_aux.1 - [11] java.lang.Class.newInstance (Class.java:1843)* (Compiled Code) 05:23:18.255 0x3251c00 j9trc_aux.1 - [12] java.beans.Beans.instantiate (Beans.java:240) 05:23:18.255 0x3251c00 j9trc_aux.1 - [13] java.beans.Beans.instantiate (Beans.java:88) 05:23:18.255 0x3251c00 j9trc_aux.1 - [14]com.ibm.ws.webcontainer.servlet.ServletWrapper$1.run (ServletWrapper.java:1489) 05:23:18.255 0x3251c00 j9trc_aux.1 - [15]com.ibm.ws.security.util.AccessController.doPrivileged (AccessController.java:118) (Compiled Code) 05:23:18.255 0x3251c00 j9trc_aux.1 - [16]com.ibm.ws.webcontainer.servlet.ServletWrapper.loadServlet (ServletWrapper.java:1478) 05:23:18.255 0x3251c00 j9trc_aux.1 - [17]com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck (ServletWrapper.java:1357) 05:23:18.255 0x3251c00 j9trc_aux.1 - [18]com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions (WebApp.java:642) 05:23:18.255 0x3251c00 j9trc_aux.1 - [19]com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally (WebApp.java:608) 05:23:18.255 0x3251c00 j9trc_aux.1 - [20]com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize (WebAppImpl.java:426) 05:23:18.255 0x3251c00 j9trc_aux.1 - [21]com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication (WebGroupImpl.java:88) 05:23:18.255 0x3251c00 j9trc_aux.1 - [22]com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication (VirtualHostImpl.java:171) 05:23:18.255 0x3251c00 j9trc_aux.1 - [23]com.ibm.ws.webcontainer.WSWebContainer.addWebApp (WSWebContainer.java:904) 05:23:18.255 0x3251c00 j9trc_aux.1 - [24]com.ibm.ws.webcontainer.WSWebContainer.addWebApplication (WSWebContainer.java:789) 05:23:18.255 0x3251c00 j9trc_aux.1 - [25]com.ibm.ws.webcontainer.component.WebContainerImpl.install (WebContainerImpl.java:427) 05:23:18.255 0x3251c00 j9trc_aux.1 - [26]com.ibm.ws.webcontainer.component.WebContainerImpl.start (WebContainerImpl.java:719) 05:23:18.255 0x3251c00 j9trc_aux.1 - [27]com.ibm.ws.runtime.component.ApplicationMgrImpl.start (ApplicationMgrImpl.java:1211) 05:23:18.255 0x3251c00 j9trc_aux.1 - [28]com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart (DeployedApplicationImpl.java:1450) 05:23:18.255 0x3251c00 j9trc_aux.1 - [29]com.ibm.ws.runtime.component.DeployedModuleImpl.start (DeployedModuleImpl.java:639) 05:23:18.255 0x3251c00 j9trc_aux.1 - [30]com.ibm.ws.runtime.component.DeployedApplicationImpl.start (DeployedApplicationImpl.java:1032) 05:23:18.255 0x3251c00 j9trc_aux.1 - [31]com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication (ApplicationMgrImpl.java:795) 05:23:18.255 0x3251c00 j9trc_aux.1 - [32]com.ibm.ws.runtime.component.ApplicationMgrImpl$5.run (ApplicationMgrImpl.java:2279) 05:23:18.255 0x3251c00 j9trc_aux.1 - [33]com.ibm.ws.security.auth.ContextManagerImpl.runAs (ContextManagerImpl.java:5572) 05:23:18.255 0x3251c00 j9trc_aux.1 - [34]com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem (ContextManagerImpl.java:5698) 05:23:18.255 0x3251c00 j9trc_aux.1 - [35]com.ibm.ws.security.core.SecurityContext.runAsSystem (SecurityContext.java:255) 05:23:18.255 0x3251c00 j9trc_aux.1 - [36]com.ibm.ws.runtime.component.ApplicationMgrImpl.start (ApplicationMgrImpl.java:2284) 05:23:18.255 0x3251c00 j9trc_aux.1 - [37]com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start (CompositionUnitMgrImpl.java:436) 05:23:18.255 0x3251c00 j9trc_aux.1 - [38]com.ibm.ws.runtime.component.CompositionUnitImpl.start (CompositionUnitImpl.java:123) 05:23:18.255 0x3251c00 j9trc_aux.1 - [39]com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start (CompositionUnitMgrImpl.java:379) 05:23:18.255 0x3251c00 j9trc_aux.1 - [40]com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$500 (CompositionUnitMgrImpl.java:127) 05:23:18.255 0x3251c00 j9trc_aux.1 - [41]com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run (CompositionUnitMgrImpl.java:985) 05:23:18.255 0x3251c00 j9trc_aux.1 - [42]com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run (WsComponentImpl.java:524) 05:23:18.255 0x3251c00 j9trc_aux.1 - [43] com.ibm.ws.util.ThreadPool$Worker.run (ThreadPool.java:1892) 05:23:18.255 0x3251c00 mt.9 < java/security/Security.insertProviderAt(Ljava/security/Provider;I)I bytecode static method If we rollback to old ActiveMq Jars(i.e 5.5.1) its working fine. Please help us in identifying and fixing this issue. Products involved are : WAS 8.5.5.9 - 8.5.5.14 LDAP/Active directory JazzSM(DASH) 3.1.3 CP5 -CP7 ActiveMQ 5.15.7 and ActiveMQ 5.13.1,ActiveMQ 5.5.1, -- Thanks Sunil Kumar G S
