+1 Security is critically important to our users which is why we did the Java 17 + Jetty 12 upgrade in the last release. I don't see any issue with jumping to Hawtio 4 in the console assuming the new console is functionally equivalent to the old one (which, according to my tests, it is).
Justin On Thu, Jan 23, 2025 at 9:38 AM Andy Taylor <andy.tayl...@gmail.com> wrote: > I would like to raise the discussion as to whether it would be possible to > upgrade Artemis to use the new Console in the next Minor release. > > The changes to use a new console is a significant upgrade to a component > and would also require migrating Jetty from Javax to Jakarta but I think in > the most part there would be little disruption to users apart from access > to a better console. My arguments for doing this in a minor are: > > 1. The current Console is based on HawtIO 2 which is no longer maintained > which itself is based on a version of Bootstrap which is also not > maintained and also has many security flaws. > 2 we have upgraded in a minor before, for HawtIO2. > > I would love to hear your thoughts on this. > > Also I have raised a Draft PR if anyone wants to take a look: > https://github.com/apache/activemq-artemis/pull/5467. > > Andy >
