There is no re-release. There would be a v6.1.8 release with the fix. I don’t have time to tackle it right now, but we should add a note to the download page to the doc and note with the fix to the config file to get users of v6.1.7 unblocked.
Matt Pavlovich > On Jul 9, 2025, at 6:35 AM, William Crowell <wcrow...@perforce.com.INVALID> > wrote: > > Would 6.1.7 be re-released due to this bug or just tagged as "do not use"? > > > Regards, > > > William Crowell > > > > From: Sérgio Damo de Lemos <sergio.d.le...@gmail.com> > Date: Friday, July 4, 2025 at 12:33 PM > To: users@activemq.apache.org <users@activemq.apache.org> > Cc: Jéan-Baptiste Onofre <j...@nanthrax.net> > Subject: Re: What changed between ActiveMQ Classic 6.1.6 and 6.1.7 where the > images do not show up on the web user interface? > > [You don't often get email from sergio.d.le...@gmail.com. Learn why this is > important at https://aka.ms/LearnAboutSenderIdentification ] > > Hi Matt, > > Yes, I am preparing a PR for that. I also noticed that some other pages in > the web console are broken in the main branch (only in main, 6.1.7 release > is working fine). I documented both issues and I am looking at them today: > 1. > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FAMQ-9739&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436122789472%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=nZ6HAPe05PakeQWMEj2oD7eAaWXnhOkgXnE8QpffA5s%3D&reserved=0<https://issues.apache.org/jira/browse/AMQ-9739> > 2. > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FAMQ-9740&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436122845598%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=1hfFh1wzGCMw%2BxdKDJuKlJfnapMAYfVciOrhddLK8cY%3D&reserved=0<https://issues.apache.org/jira/browse/AMQ-9740> > > I suspect it was a side-effect of when we removed the dependency > on commons-lang3, but only adding this dependency to the web console > pom.xml did not solve the problem, so I'm looking at it as well. > > Would you mind assigning both Jiras to me? > > Thanks > Sérgio > > Em sex., 4 de jul. de 2025 às 09:18, Matt Pavlovich <mattr...@apache.org> > escreveu: > >> Hi Sergio- >> >> Thank you for monitoring the list and providing the fix. Are you able to >> make another PR for this fix? >> >> Thanks, >> Matt Pavlovich >> >>> On Jul 3, 2025, at 1:14 PM, Sérgio Damo de Lemos < >> sergio.d.le...@gmail.com> wrote: >>> >>> Hello everyone, >>> >>> I was the author of the change in the Web Console. I apologize if my >> chance >>> broke any functionality. I have created a JIRA issue >>> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FAMQ-9739&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436122889790%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=iwUTT3QdM9X%2FR1ZlHJk%2FkgbrEUHx7yi6JqX%2Bq3IPqY0%3D&reserved=0<https://issues.apache.org/jira/browse/AMQ-9739>>for >>> this, I believe I >> don't >>> have permission to assign the issue, could anyone assign it to me? I will >>> submit a pull request today. >>> >>> The issue happens because of the "upgrade-insecure-requests" CSP >>> header, which tells the browser to automatically upgrade to HTTPS. >> Changing >>> the jetty.xml from >>> >>> ``` >>> ... >>> <bean id="header" >>> class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> >>> <property name="pattern" value="*"/> >>> <property name="name" >> value="Content-Security-Policy"/> >>> <property name="value" >>> value="upgrade-insecure-requests; style-src-elem 'self'; style-src >> 'self'; >>> img-src 'self'; script-src-elem 'self'; default-src 'none'; object-src >>> 'none'; frame-ancestors 'none'; base-uri 'none';" /> >>> </bean> >>> <!-- More relaxed rules to allow browsers to properly >>> render XML --> >>> <bean id="header" >>> class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> >>> <property name="pattern" value="/admin/xml/*"/> >>> <property name="name" >> value="Content-Security-Policy"/> >>> <property name="value" >>> value="upgrade-insecure-requests; style-src-elem 'self' 'unsafe-inline'; >>> style-src 'self'; img-src 'self' data:; script-src-elem 'self'; >> default-src >>> 'none'; object-src 'none'; frame-ancestors 'none'; base-uri 'none';" /> >>> </bean> >>> ... >>> ``` >>> >>> to >>> >>> ``` >>> ... >>> <bean id="header" >>> class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> >>> <property name="pattern" value="*"/> >>> <property name="name" >> value="Content-Security-Policy"/> >>> <property name="value" value="style-src-elem 'self'; >>> style-src 'self'; img-src 'self'; script-src-elem 'self'; default-src >>> 'none'; object-src 'none'; frame-ancestors 'none'; base-uri 'none';" /> >>> </bean> >>> <!-- More relaxed rules to allow browsers to properly >>> render XML --> >>> <bean id="header" >>> class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> >>> <property name="pattern" value="/admin/xml/*"/> >>> <property name="name" >> value="Content-Security-Policy"/> >>> <property name="value" value="style-src-elem 'self' >>> 'unsafe-inline'; style-src 'self'; img-src 'self' data:; script-src-elem >>> 'self'; default-src 'none'; object-src 'none'; frame-ancestors 'none'; >>> base-uri 'none';" /> >>> </bean> >>> ... >>> ``` >>> >>> Should solve the problem. Apparently Chrome handles this with no issues, >>> but I was able to reproduce on Safari. >>> >>> Regards, >>> Sérgio >>> >>> >>> Em qui., 3 de jul. de 2025 às 05:41, William Crowell >>> <wcrow...@perforce.com.invalid> escreveu: >>> >>>> JB, >>>> >>>> Thanks for your reply. Is there any documentation on how to set this >> up? >>>> This was a bit of a surprise. >>>> >>>> >>>> Regards, >>>> >>>> >>>> William Crowell >>>> >>>> >>>> >>>> From: Jean-Baptiste Onofré <j...@nanthrax.net> >>>> Date: Thursday, July 3, 2025 at 7:56 AM >>>> To: wcrow...@perforce.com.invalid <wcrow...@perforce.com.INVALID> >>>> Cc: users@activemq.apache.org <users@activemq.apache.org> >>>> Subject: Re: What changed between ActiveMQ Classic 6.1.6 and 6.1.7 where >>>> the images do not show up on the web user interface? >>>> >>>> Hi >>>> >>>> This is due to new "security" enforcement added to the WebConsole. >>>> >>>> If you have "custom" images, then you have to update the configuration >>>> in the jetty.xml to allow this. >>>> >>>> Regards >>>> JB >>>> >>>> On Wed, Jul 2, 2025 at 6:37 PM William Crowell >>>> <wcrow...@perforce.com.invalid> wrote: >>>>> >>>>> Good afternoon, >>>>> >>>>> What changed between ActiveMQ Classic 6.1.6 and 6.1.7 where the images >>>> do not show up on the web user interface? >>>>> >>>>> 6.1.7 release notes: >>>>> >>>> >> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fsecure%2FReleaseNote.jspa%3FprojectId%3D12311210%26version%3D12355749&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436122930041%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=qGv8Xtyc5c6d01r%2BkucAX6jG0vBanrFfycY2TMUhViI%3D&reserved=0<https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12355749> >>>> < >>>> >> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fsecure%2FReleaseNote.jspa%3FprojectId%3D12311210%26version%3D12355749&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436122963146%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=joBZbGYUC2L1BQkkGz64BKM6q3NGZEjpO%2Fgtw%2FlEqFM%3D&reserved=0<https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12355749> >>>>> >>>>> >>>>> I have changed jetty.xml (which is the only thing I have changed since >>>> untarring apache-activemq-6.1.7-bin.tar.gz), so that the broker listens >> on >>>> all IP addresses. It appears that the images and .css are not rendering >>>> correctly on the 8161 port management console, and everything seems to >> want >>>> to use https. >>>>> >>>>> Was it this change? >>>> >> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FAMQ-9697&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436122995160%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=8QjrTzD42PDE394QDH8oG1gixwvraz7Piwexl5J%2BI2I%3D&reserved=0<https://issues.apache.org/jira/browse/AMQ-9697> >>>> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FAMQ-9697&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436123024043%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OhHA2Z3Y1XnCuf2UOepEa6KgLw8Xn5TZiHj8i8Ei7S4%3D&reserved=0<https://issues.apache.org/jira/browse/AMQ-9697>> >>>>> >>>>> How do you fix this? >>>>> >>>>> Regards, >>>>> >>>>> William Crowell >>>>> >>>>> >>>>> This e-mail may contain information that is privileged or confidential. >>>> If you are not the intended recipient, please delete the e-mail and any >>>> attachments and notify us immediately. >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@activemq.apache.org >>>> For additional commands, e-mail: users-h...@activemq.apache.org >>>> For further information, visit: >>>> >> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Factivemq.apache.org%2Fcontact&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436123053682%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=d6h3VtqdDyiQkzsLFEhoJY0c1o6hsq4PSgKM8F8XqYU%3D&reserved=0<https://activemq.apache.org/contact> >>>> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Factivemq.apache.org%2Fcontact&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436123082807%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=6BHzyT0J57dFe4mwIPiZzoYfu8ihltTdz4CgNTAR66A%3D&reserved=0<https://activemq.apache.org/contact>> >>>> >>>> >>>> >>>> >>>> CAUTION: This email originated from outside of the organization. Do not >>>> click on links or open attachments unless you recognize the sender and >> know >>>> the content is safe. >>>> >>>> >>>> This e-mail may contain information that is privileged or confidential. >> If >>>> you are not the intended recipient, please delete the e-mail and any >>>> attachments and notify us immediately. >>>> >>>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@activemq.apache.org >> For additional commands, e-mail: users-h...@activemq.apache.org >> For further information, visit: >> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Factivemq.apache.org%2Fcontact&data=05%7C02%7CWCrowell%40perforce.com%7Cab52294eb654460d7af308ddbb188215%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C638872436123113198%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=W3cFiMS0UNlw2N6AiISyRh1ldiXcTzoESxS1XCG0lw0%3D&reserved=0<https://activemq.apache.org/contact> >> >> >> > > > CAUTION: This email originated from outside of the organization. Do not click > on links or open attachments unless you recognize the sender and know the > content is safe. > > > This e-mail may contain information that is privileged or confidential. If > you are not the intended recipient, please delete the e-mail and any > attachments and notify us immediately. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@activemq.apache.org For additional commands, e-mail: users-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
