On 05/18/2018 06:24 PM, Michael André Pearce wrote:
Hi All,
On upgrading to 2.5.0 we have found quite a blocking issue to 2.5.0 for anyone
who secures durable queue creation so clients cannot create, but doesn’t secure
non-durable.
https://issues.apache.org/jira/browse/ARTEMIS-1872
In summary prior to 2.5.0 the security check incorrectly always checked for
security rights for non-durable, even if the queue was a durable, this was
security hole was fixed in 2.5.0, but a knock on effect is it has
highlighted/exposed some logic issues in the CoreClient and also in AMQP and
OpenWire protocol managers, where in some cases a queue is not check for being
present before calling create queue, meaning if user is not allowed to create a
queue, but is allowed to consume, and the queue exists, the client still cannot
consume, as the code tries to create and throws exception.
We have created a test case that re-creates the issues, and also a possible
solution its in PR here.
https://github.com/apache/activemq-artemis/pull/2093
Whilst it is not technically caused by any changes in the just created RC for
2.6.0 since 2.5.0, i think the severity/impact of this may deem it worthy to
fix, and re-spin.
Cheers
Mike
This seems like a good opportunity to practice turning around a quick
2.6.1 release as this is not a blocking issue given it's been in the
code for quite some time already.
On 17 May 2018, at 20:02, Christopher Shannon <christopher.l.shan...@gmail.com>
wrote:
+1
On Thu, May 17, 2018 at 2:51 PM, Timothy Bish <tabish...@gmail.com> wrote:
On 05/16/2018 10:49 PM, Clebert Suconic wrote:
I would like to propose an Apache ActiveMQ Artemis 2.6.0 release.
The release notes can be found here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?versi
on=12342903&&projectId=12315920
There is a new commits report I made that I'm introducing on this release:
https://dist.apache.org/repos/dist/dev/activemq/activemq-art
emis/2.6.0/artemis-2.6.0.html
Source and binary distributions can be found here:
https://dist.apache.org/repos/dist/dev/activemq/activemq-artemis/2.6.0
The Maven repository is here:
https://repository.apache.org/content/repositories/orgapacheactivemq-1157
In case you want to give it a try with the maven repo on examples:
http://activemq.apache.org/artemis/docs/latest/hacking-guide
/validating-releases.html
The source tag:
https://git-wip-us.apache.org/repos/asf?p=activemq-artemis.g
it;a=tag;h=refs/tags/2.6.0
I will update the website after the vote has passed.
[ ] +1 approve the release as Apache Artemis 2.4.0
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Here's my +1
.
+1
* Validate the signatures and checksums
* Review license and notice files in the archives
* Build from source and ran some of the tests
* Ran binary broker and ran some samples and performance tests against it
* Used mvn apache-rat:check to validate license headers in place
--
Tim Bish
twitter: @tabish121
blog: http://timbish.blogspot.com/
--
Tim Bish
twitter: @tabish121
blog: http://timbish.blogspot.com/
