ActiveMQ Developers, A quick question regarding cross-site script vulnerabilities in the web interface. Is the Web interface intended to be accessible during production, or is that simply used during development? If it is intended to be used in production, is there a reason for the lack of input filtering (html) in places such as the /camel/endpoints (uri field). I am tasked with assessing the security of an ActiveMQ deployment, are there any best practices guidelines that you could link me to?
Thanks, Javier
