Re: [VOTE] Apache ActiveMQ 5.18.0 release

[Jean-Louis Monteiro]

Looks good to me

+1

--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Tue, Mar 21, 2023 at 8:08 PM Matt Pavlovich  wrote:

> +1 (non-binding)
>
> - Internal test suite completed successfully
> - Downloaded tar.gz, confirmed scenarios using web console
>
> Thanks!
> Matt
>
> > On Mar 19, 2023, at 12:26 PM, Jean-Baptiste Onofré 
> wrote:
> >
> > Hi,
> >
> > After several weeks of work, I'm glad to submit ActiveMQ 5.18.0 to
> > your vote. This release is a major milestone for ActiveMQ bringing
> > major changes:
> > - JMS 2 API support (client)
> > - support Jakarta namespace (client)
> > - a lot of dependency updates and fixes
> > - and much much more!
> >
> > You can take a look on the Release Notes for details:
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12351380
> >
> > Maven Staging Repository:
> >
> https://repository.apache.org/content/repositories/orgapacheactivemq-1275/
> >
> > Dist Staging Repository:
> > https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.0/
> >
> > Git tag: activemq-5.18.0
> >
> > Please vote to approve this release:
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Thanks !
> > Regards
> > JB
>
>

Re: [VOTE] Apache ActiveMQ 5.18.0 release

[Matt Pavlovich]

+1 (non-binding)

- Internal test suite completed successfully
- Downloaded tar.gz, confirmed scenarios using web console

Thanks!
Matt

> On Mar 19, 2023, at 12:26 PM, Jean-Baptiste Onofré  wrote:
> 
> Hi,
> 
> After several weeks of work, I'm glad to submit ActiveMQ 5.18.0 to
> your vote. This release is a major milestone for ActiveMQ bringing
> major changes:
> - JMS 2 API support (client)
> - support Jakarta namespace (client)
> - a lot of dependency updates and fixes
> - and much much more!
> 
> You can take a look on the Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12351380
> 
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1275/
> 
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.0/
> 
> Git tag: activemq-5.18.0
> 
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
> 
> This vote will be open for at least 72 hours.
> 
> Thanks !
> Regards
> JB

[NuGet Gallery] Package published - Apache.NMS.AMQP 2.1.0

[NuGet Gallery]

The package Apache.NMS.AMQP 2.1.0 
(https://www.nuget.org/packages/Apache.NMS.AMQP/2.1.0) was recently published 
on NuGet Gallery by Havret. If this was not intended, please contact support 
(https://www.nuget.org/packages/Apache.NMS.AMQP/2.1.0/ReportMyPackage).

---
To stop receiving emails as an owner of this package, sign in to the NuGet 
Gallery and
change your email notification settings (https://www.nuget.org/account).

Privacy Statement (https://go.microsoft.com/fwlink/?LinkId=521839)
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA

[NuGet Gallery] Symbol package validation failed - Apache.NMS.AMQP 2.1.0

[NuGet Gallery]

The symbol package Apache.NMS.AMQP 2.1.0 
(https://www.nuget.org/packages/Apache.NMS.AMQP/2.1.0) failed validation 
because of the following reason(s):

- The uploaded symbols package contains one or more pdbs that are not portable.

Your symbol package was not published on NuGet Gallery and is not available for 
consumption.

You can reupload your symbol package once you've fixed the issue with it.

Privacy Statement (https://go.microsoft.com/fwlink/?LinkId=521839)
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA

Re: [VOTE] Release activemq-nms-amqp 2.1.0-rc1

[Havret]

Results of the activemq-nms-amqp 2.1.0-rc1 release vote.

The vote passes with 4 Binding Votes

Binding Votes:
Jeff Genender
Clebert Suconic - 2x ;)
Chris Porebski
Arthur Naseef

Non-Binding Votes:
none

Thank you for all the contributions and everyone's time reviewing the
release candidate and voting.

I will proceed with publishing the release now.

Chris

On Wed, Mar 15, 2023 at 10:48 PM Arthur Naseef  wrote:

> +1 (binding)
>
> Built and did a quick comparison of the file sizes in the published zip.
>
> Art
>
>
> On Wed, Mar 15, 2023 at 9:21 AM Clebert Suconic  >
> wrote:
>
> > (hmm.. I had already sent the previous +1, sorry, I thought this was
> > another spin or something).
> >
> > please make sure you only consider one vote from me.. my bad
> >
> > On Wed, Mar 15, 2023 at 12:19 PM Clebert Suconic
> >  wrote:
> > >
> > > +1
> > >
> > > On Wed, Mar 15, 2023 at 9:42 AM Michael André Pearce
> > >  wrote:
> > > >
> > > > +1  (Binding0
> > > >
> > > > Best
> > > > Mike
> > > >
> > > > On 2023/03/12 21:21:41 Clebert Suconic wrote:
> > > > > +1
> > > > >
> > > > > On Sun, Mar 12, 2023 at 6:27 AM Havret  wrote:
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > I have put together another release of activemq-nms-amqp. Please
> > review it
> > > > > > and vote accordingly.
> > > > > >
> > > > > > This release includes an important new feature that allows users
> > to specify
> > > > > > an allow/deny list of types for binary serialization. This can
> > help prevent
> > > > > > potential security vulnerabilities.
> > > > > >
> > > > > > The feature is implemented in the same way as in qpid-jms, using
> a
> > > > > > deserialization policy that controls which types can be trusted
> for
> > > > > > deserialization from an incoming NMS IObjectMessage containing
> > serialized
> > > > > > .NET Object content. By default, all types are trusted during
> > > > > > deserialization. However, the default Deserialization Policy
> object
> > > > > > provides URI options for specifying an allow list and a deny list
> > of .NET
> > > > > > classes or namespaces.
> > > > > >
> > > > > > The following options are available:
> > > > > >
> > > > > > - nms.deserializationPolicy.allowList: A comma-separated list of
> > > > > > classes/namespaces that are allowed during deserialization,
> unless
> > they are
> > > > > > overridden by the deny list. Names in this list are not pattern
> > values; the
> > > > > > exact class or namespace name must be configured (e.g.
> > > > > > "System.Collections.Queue" or "System.Collections"). Namespace
> > matches
> > > > > > include sub-namespaces. The default is to allow all.
> > > > > > - nms.deserializationPolicy.denyList: A comma-separated list of
> > > > > > classes/namespaces that are rejected during deserialization.
> Names
> > in this
> > > > > > list are not pattern values; the exact class or namespace name
> > must be
> > > > > > configured (e.g. "System.Collections.Queue" or
> > "System.Collections").
> > > > > > Namespace matches include sub-namespaces. The default is to
> reject
> > none.
> > > > > >
> > > > > > This release contains the following change:
> > > > > >
> > > > > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311201&version=12353001
> > > > > >
> > > > > > The files can be grabbed from:
> > > > > >
> > > > > >
> >
> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/2.1.0-rc1/
> > > > > >
> > > > > > Regards,
> > > > > > Chris
> > > > > >
> > > > > > Here's mine +1 (binding)
> > > > > >
> > > > > --
> > > > > Clebert Suconic
> > > > >
> > >
> > >
> > >
> > > --
> > > Clebert Suconic
> >
> >
> >
> > --
> > Clebert Suconic
> >
>

Re: [VOTE] Apache ActiveMQ 5.18.0 release

[Jean-Baptiste Onofré]

+1 (binding)

Obviously I did a bunch of tests with standalone brokers scenarios.

Regards
JB

On Sun, Mar 19, 2023 at 6:26 PM Jean-Baptiste Onofré  wrote:
>
> Hi,
>
> After several weeks of work, I'm glad to submit ActiveMQ 5.18.0 to
> your vote. This release is a major milestone for ActiveMQ bringing
> major changes:
> - JMS 2 API support (client)
> - support Jakarta namespace (client)
> - a lot of dependency updates and fixes
> - and much much more!
>
> You can take a look on the Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12351380
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1275/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.0/
>
> Git tag: activemq-5.18.0
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

Re: Truncated messages in 5.16.1 when using Postman

[Doug Whitfield]

Hi folks,

This is still an issue. I believe the setting to fix this is in 
https://github.com/apache/activemq/blob/d48cf3758312a25122508854946c399a2e6f6f69/activemq-web/src/main/java/org/apache/activemq/web/MessageServletSupport.java
 but I am not a java developer and a little confused about how we would 
actually change this. Would we have to recompile or is there a config file?

This is the same issue list at https://issues.apache.org/jira/browse/AMQ-8611

This seems to be caused by https://issues.apache.org/jira/browse/AMQ-8029



From: Doug Whitfield 
Date: Wednesday, June 16, 2021 at 4:28 PM
To: dev@activemq.apache.org 
Subject: Re: Truncated messages in 5.16.1 when using Postman
Hi JB,

Thanks for taking a look at this.

Here are the steps to reproduce:
1. Download ActiveMQ 5.15.14 or later OR 5.16.1 or later.
2. Untar the package
3. Start ActiveMQ
4*. Send payload (as size-described in the initial email) to 
http://localhost:8161/api/message/orders.input?type=queue (I assume this is the 
REST API given the URL. Also, doesn’t need to be localhost)*
5. Look at the message in the ActiveMQ UI.
6. Note that the message is truncated

To clarify, there is no need to involve a consumer to see the issue. We haven’t 
tested using a producer, just the API.

Since you are asking about the consumer, I assume you are concerned about the 
ultimate use case. In the customer use case, once MDB processes, it puts that 
to dlq since the queue doesn’t has complete(required) XML messages.

*We’ve played around with part 4 a bit. We can get curl to truncate if we set a 
different Content-Type. We can get postman to work in some cases. One thing we 
noticed is that the payload from postman is much larger than that of curl.  
Whatever curl does with x-www-form-urlencoded works but we can’t get postman to 
replicate that exactly. Currently, we are thinking it might be related to 
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FAMQ-8029&data=04%7C01%7Cdwhitfield%40perforce.com%7C6c1b5348b196484b460108d9310d8df9%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637594757017880030%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=vcTw9Qe2f748qrQVYGJQvZvXHklL2AoHqyyZtkTm%2BJY%3D&reserved=0
 -- with the urlencoding, it could be larger, and in some cases things could 
get compressed. It seems like it should be throwing an error, but those fix 
versions line up with where the issue exists and when it doesn’t. We haven’t 
tested the 5.17.0 builds yet. That’s probably on the horizon though if we can’t 
get this resolved in the next couple of days. Maybe it’s a bystander bug that’s 
gotten fixed.

The fact that the payload piece of the XML is random might play into this if 
there is compression. Also, the fact that this is XML, might play into the 
exact numbers.

Another piece I want to be clear about is that this is not a postman issue. The 
customer is seeing this with their production workloads. Postman was just an 
easy way to replicate and at the beginning we didn’t understand that 
Content-Type played some role here. We still don’t know what role exactly it 
plays, but we do know it plays some role.

Best Regards,
Doug Whitfield


From: Jean-Baptiste Onofre 
Date: Wednesday, June 16, 2021 at 10:55 AM
To: dev@activemq.apache.org 
Subject: Re: Truncated messages in 5.16.1 when using Postman
Hi Doug,

Sorry, but I don’t fully understand what you are doing ;)

My understanding (correct me if I’m wrong) is:

1. You have a http related transport connector in activemq.xml 
(https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2F0.0.0.0%3A%2F&data=04%7C01%7Cdwhitfield%40perforce.com%7C6c1b5348b196484b460108d9310d8df9%7C95b666d19a7549ab95a38969fbcdc08c%7C0%7C0%7C637594757017880030%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=9ctFB%2FmJ%2FTAYgCmxb7A3sJMce19g11XTrAXrv9AhD%2Fc%3D&reserved=0
 
"/

Re: [VOTE] Apache ActiveMQ 5.18.0 release

[Jamie G.]

+1

Cheers,
Jamie

On Tue, Mar 21, 2023 at 8:27 AM Christopher Shannon
 wrote:
>
> +1 (binding)
>
> Overall things look pretty good to me.
>
> * Validated signatures and checksums
> * Verified license and notice files in archives
> * Checked source license headers with 'mvn apache-rat:check'
> * Built from source archive and ran several automated custom tests to
> verify things look good
> * Ran the broker from the binary archive and exercised the web console
>
> As a side note I did notice one issue that showed up with the slf4j2
> upgrade. It looks like the activemq-partition module has a compile time
> dependency on the log4j2 impl jar. This caused an issue when I first
> updated in a project that used slf4j1 as it pulled in the transitive
> dependency so I ended up with both impls on the classpath. This dependency
> should only be test scope (like all the other modules) except for the
> assembly jar, of course.
>
> While we should fix this in my opinion I don't think we need to stop the
> vote and can just fix it in 5.18.1 and 5.19.0 unless others object because:
>
> A) the binary distribution still works fine as it only is in issue if you
> have dependency on that module
> B) This has been an issue for a while going back to slf4j1, it just shows
> up now because of the upgrade
> C) activemq-partition is essentially deprecated and useless so is
> probably not widely used and should be removed in the future. It was almost
> removed when we removed LevelDB as it doesn't really serve much purpose.
> 4) If it's a problem for someone they should be able to easily add an
> exclusion on that transitive dependency
>
> On Sun, Mar 19, 2023 at 1:27 PM Jean-Baptiste Onofré 
> wrote:
>
> > Hi,
> >
> > After several weeks of work, I'm glad to submit ActiveMQ 5.18.0 to
> > your vote. This release is a major milestone for ActiveMQ bringing
> > major changes:
> > - JMS 2 API support (client)
> > - support Jakarta namespace (client)
> > - a lot of dependency updates and fixes
> > - and much much more!
> >
> > You can take a look on the Release Notes for details:
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12351380
> >
> > Maven Staging Repository:
> > https://repository.apache.org/content/repositories/orgapacheactivemq-1275/
> >
> > Dist Staging Repository:
> > https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.0/
> >
> > Git tag: activemq-5.18.0
> >
> > Please vote to approve this release:
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Thanks !
> > Regards
> > JB
> >

Re: [VOTE] Apache ActiveMQ 5.18.0 release

[Christopher Shannon]

+1 (binding)

Overall things look pretty good to me.

* Validated signatures and checksums
* Verified license and notice files in archives
* Checked source license headers with 'mvn apache-rat:check'
* Built from source archive and ran several automated custom tests to
verify things look good
* Ran the broker from the binary archive and exercised the web console

As a side note I did notice one issue that showed up with the slf4j2
upgrade. It looks like the activemq-partition module has a compile time
dependency on the log4j2 impl jar. This caused an issue when I first
updated in a project that used slf4j1 as it pulled in the transitive
dependency so I ended up with both impls on the classpath. This dependency
should only be test scope (like all the other modules) except for the
assembly jar, of course.

While we should fix this in my opinion I don't think we need to stop the
vote and can just fix it in 5.18.1 and 5.19.0 unless others object because:

A) the binary distribution still works fine as it only is in issue if you
have dependency on that module
B) This has been an issue for a while going back to slf4j1, it just shows
up now because of the upgrade
C) activemq-partition is essentially deprecated and useless so is
probably not widely used and should be removed in the future. It was almost
removed when we removed LevelDB as it doesn't really serve much purpose.
4) If it's a problem for someone they should be able to easily add an
exclusion on that transitive dependency

On Sun, Mar 19, 2023 at 1:27 PM Jean-Baptiste Onofré 
wrote:

> Hi,
>
> After several weeks of work, I'm glad to submit ActiveMQ 5.18.0 to
> your vote. This release is a major milestone for ActiveMQ bringing
> major changes:
> - JMS 2 API support (client)
> - support Jakarta namespace (client)
> - a lot of dependency updates and fixes
> - and much much more!
>
> You can take a look on the Release Notes for details:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12351380
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1275/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.0/
>
> Git tag: activemq-5.18.0
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB
>