Re: [VOTE] Apache ActiveMQ 6.0.0 release

[Jean-Baptiste Onofré]

Hi Chris

Good catch !

Let me cancel this release and prepare a new one.

Thanks !
Regards
JB

On Mon, Nov 13, 2023 at 11:48 PM Christopher Shannon
 wrote:
>
> Unfortunately I found a blocker so I have to -1 as this needs to be fixed
> first.
>
> See: https://issues.apache.org/jira/browse/AMQ-9388 and
> https://github.com/apache/activemq/pull/1117
>
> On Sun, Nov 12, 2023 at 2:42 AM Jean-Baptiste Onofré 
> wrote:
>
> > Hi guys,
> >
> > After several weeks of work, I'm glad to submit Apache ActiveMQ 6.0.0
> > release to your vote.
> >
> > This release is a big milestone for ActiveMQ, starting the new 6.x series.
> > This release includes a bunch of changes, especially:
> > - Jakarta Messaging 3.1, JMS 2.0, JMS 1.1 (still work to do to be
> > fully complete)
> > - Jakarta EE namespace support
> > - JDK17/21 support
> > - Spring 6.x
> > - Jetty 11.x
> > - Apache Camel 4.x
> > - Jolokia 2.x
> > - and much much more!
> >
> > Release Notes:
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12352570
> >
> > Maven Staging Repository:
> > https://repository.apache.org/content/repositories/orgapacheactivemq-1380/
> >
> > Dist Staging Repository:
> > https://dist.apache.org/repos/dist/dev/activemq/activemq/6.0.0/
> >
> > Git tag: activemq-6.0.0
> >
> > Please vote to approve this release:
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Thanks !
> > Regards
> > JB
> >

[VOTE] Apache ActiveMQ 6.0.0 release

[Jean-Baptiste Onofré]

Hi guys,

After several weeks of work, I'm glad to submit Apache ActiveMQ 6.0.0
release to your vote.

This release is a big milestone for ActiveMQ, starting the new 6.x series.
This release includes a bunch of changes, especially:
- Jakarta Messaging 3.1, JMS 2.0, JMS 1.1 (still work to do to be
fully complete)
- Jakarta EE namespace support
- JDK17/21 support
- Spring 6.x
- Jetty 11.x
- Apache Camel 4.x
- Jolokia 2.x
- and much much more!

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12352570

Maven Staging Repository:
https://repository.apache.org/content/repositories/orgapacheactivemq-1380/

Dist Staging Repository:
https://dist.apache.org/repos/dist/dev/activemq/activemq/6.0.0/

Git tag: activemq-6.0.0

Please vote to approve this release:
[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Thanks !
Regards
JB

Re: ASF board report due by Tues, April 9 - new procedure, please read

[Jean-Baptiste Onofré]

Hi Bruce,

Thanks ! It looks good !

I will do the review for the next board meeting :)

Regards
JB

On Wed, Apr 10, 2024 at 2:05 AM Bruce Snyder  wrote:
>
> The latest report to the ASF board has been published.
>
> Bruce
>
> On Tue, Apr 9, 2024 at 8:45 AM Bruce Snyder  wrote:
>
> > Today is the last day to contribute to the board report! Please get your
> > contributions in before end-of-day (EOD) today (5pm PDT) so I can submit it.
> >
> > Bruce
> >
> > On Thu, Apr 4, 2024 at 8:55 AM Jean-Baptiste Onofré 
> > wrote:
> >
> >> Hi Justin,
> >>
> >> GitHub Issues discussion is interesting for the board, but I would
> >> like more discussions between us.
> >>
> >> Regards
> >> JB
> >>
> >> On Thu, Apr 4, 2024 at 4:45 PM Justin Bertram 
> >> wrote:
> >> >
> >> > I added detail about Artemis based on JB's draft.
> >> >
> >> > I wondered if we might add a note about the fact we're considering
> >> moving
> >> > to GitHub Issues, but I wasn't sure that's something the board would
> >> care
> >> > about, and I wasn't sure where to add it.
> >> >
> >> >
> >> > Justin
> >> >
> >> > On Thu, Apr 4, 2024 at 8:56 AM Jean-Baptiste Onofré 
> >> wrote:
> >> >
> >> > > Hi Bruce,
> >> > >
> >> > > I created a new draft (based on yours) containing ActiveMQ "classic"
> >> > > details.
> >> > >
> >> > > Regards
> >> > > JB
> >> > >
> >> > > On Mon, Apr 1, 2024 at 3:48 PM Bruce Snyder 
> >> > > wrote:
> >> > > >
> >> > > > Hi folks,
> >> > > >
> >> > > > It is that time once again to assemble the latest ASF board report.
> >> As
> >> > > > mentioned previously, I would like us to begin using the Reporter
> >> tool to
> >> > > > assemble reports to the ASF board. The idea being that anyone with
> >> access
> >> > > > to the Reporter tool can log in and enter their contributions
> >> directly
> >> > > to a
> >> > > > given report. We will no longer be assembling the report using git.
> >> > > >
> >> > > > As you contribute to the report, you can reflow sections and then
> >> save
> >> > > your
> >> > > > contributions as a draft. This will leave the report in draft form
> >> (i.e.
> >> > > > not published). When the report is due, the PMC chair will log in to
> >> > > > Reporter to review and finalize the report as well as publish it to
> >> > > Whimsy.
> >> > > >
> >> > > > So, please log in to the Reporter tool via the following URL and
> >> begin
> >> > > > entering your contributions to this month's report and save them as
> >> a
> >> > > draft.
> >> > > >
> >> > > > https://reporter.apache.org/wizard/?activemq
> >> > > >
> >> > > > As noted above and previously, while logged in to the Reporter tool,
> >> > > please
> >> > > > DO NOT click the 'Publish to Whimsy' button.
> >> > > >
> >> > > > Please let me know if you have any questions.
> >> > > >
> >> > > > Bruce
> >> > > >
> >> > > > --
> >> > > > perl -e 'print
> >> > > >
> >> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E >> > > > http://bsnyder.org/ <http://bruceblog.org/>
> >> > >
> >> > >
> >>
> >
> >
> > --
> > perl -e 'print
> > unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E > http://bsnyder.org/ <http://bruceblog.org/>
> >
>
>
> --
> perl -e 'print
> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E http://bsnyder.org/ <http://bruceblog.org/>

[ANN] Apache ActiveMQ "Classic" 5.18.4 has been released!

[Jean-Baptiste Onofré]

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ
"Classic" 5.18.4 release.

It's a maintenance release on the ActiveMQ 5.18.x series, bringing:
- Spring 5.3.33 update (related to Spring CVEs)
- Jetty 9.4.54.v20240208 update
- Jackson 2.16.2 update
- log4j 2.23.1 update
- several bug fixes/improvements

You can find details on the Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353760

You can download ActiveMQ 5.18.4 here:
https://activemq.apache.org/components/classic/download/

Enjoy!
The Apache ActiveMQ Team

[RESULT][VOTE] Apache ActiveMQ "Classic" 5.18.4 release

[Jean-Baptiste Onofré]

Hi folks,

This vote passed with the following result:

+1 (binding): Chris Shannon, JB Onofré, Clebert Suconic
+1 (non binding): Jamie Goodyear, François Papon, Jean-Louis Monteiro

I'm promoting the artifacts on Maven Central and dist.apache.org.
Then, I will update Jira and the website, and I will send the
announcement.

Thanks all for your vote !

Regards
JB

On Mon, Apr 8, 2024 at 11:25 AM Jean-Baptiste Onofré  wrote:
>
> Hi folks,
>
> I submit Apache ActiveMQ "Classic" 5.18.4 to your vote.
>
> This release is a maintenance release on the 5.18.x series, bringing
> fixes and dependency updates, especially:
> - Spring 5.3.33 update (related to Spring CVEs)
> - Jetty 9.4.54.v20240208 update
> - Jackson 2.16.2 update
> - log4j 2.23.1 update
> - several bug fixes/improvements
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353760
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1394/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.4/
>
> Git tag: activemq-5.18.4
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

[VOTE] Apache ActiveMQ "Classic" 6.1.2 release

[Jean-Baptiste Onofré]

Hi folks,

I submit Apache ActiveMQ "Classic" 6.1.2 release to your vote.

This release includes 8 fixes, especially:
- secure Jolokia and REST API by default
- fix on runtimeConfigurationPlugin JMX MBean reload operation
- fix when consuming empty destination via REST API
- fix client/server SSL socket configuration via URI

You can take a look on Release Notes for details:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354480

Maven Staging Repository:
https://repository.apache.org/content/repositories/orgapacheactivemq-1395/

Dist Staging Repository:
https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.2/

Git tag: activemq-6.1.2

Please vote to approve this release:
[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Thanks !
Regards
JB

Re: [VOTE] Apache ActiveMQ "Classic" 6.1.2 release

[Jean-Baptiste Onofré]

+1 (binding)

Regards
JB

On Thu, Apr 11, 2024 at 10:08 PM Jean-Baptiste Onofré  wrote:
>
> Hi folks,
>
> I submit Apache ActiveMQ "Classic" 6.1.2 release to your vote.
>
> This release includes 8 fixes, especially:
> - secure Jolokia and REST API by default
> - fix on runtimeConfigurationPlugin JMX MBean reload operation
> - fix when consuming empty destination via REST API
> - fix client/server SSL socket configuration via URI
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354480
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1395/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.2/
>
> Git tag: activemq-6.1.2
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

[RESULT][VOTE] Apache ActiveMQ "Classic" 6.1.2 release

[Jean-Baptiste Onofré]

Hi folks,

This vote passed with the following result:

+1 (binding): Chris Shannon, Tim Bish, JB Onofré, Clebert Suconic,
Matt Pavlovich
+1 (non binding): François Papon, Cesar Hernandez, Jamie Goodyear

I'm promoting the artifacts on Maven Central and dist.apache.org. I
will update Jira and the website, then I will do the announcement.

Thanks all for your vote!

Regards
JB

On Thu, Apr 11, 2024 at 10:08 PM Jean-Baptiste Onofré  wrote:
>
> Hi folks,
>
> I submit Apache ActiveMQ "Classic" 6.1.2 release to your vote.
>
> This release includes 8 fixes, especially:
> - secure Jolokia and REST API by default
> - fix on runtimeConfigurationPlugin JMX MBean reload operation
> - fix when consuming empty destination via REST API
> - fix client/server SSL socket configuration via URI
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354480
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1395/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.2/
>
> Git tag: activemq-6.1.2
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

Re: [VOTE] Archive unused or out-of-date repos

[Jean-Baptiste Onofré]

+1

Regards
JB

On Tue, Apr 23, 2024 at 12:57 PM Justin Bertram  wrote:
>
> Following up from the previous discussion thread on this subject, I'd like
> to propose a vote for archiving the following repos:
>
>  - activemq-stomp - https://github.com/apache/activemq-stomp
>  - activemq-activeio - https://github.com/apache/activemq-activeio
>  - activemq-web - https://github.com/apache/activemq-web
>  - activemq-nms-ems - https://github.com/apache/activemq-nms-ems
>  - activemq-nms-xms - https://github.com/apache/activemq-nms-xms
>  - activemq-nms-zmq - https://github.com/apache/activemq-nms-zmq
>  - activemq-nms-msmq - https://github.com/apache/activemq-nms-msmq
>
> Here's my +1.
>
>
> Justin

Re: [VOTE] Apache ActiveMQ "Classic" 5.18.4 release

[Jean-Baptiste Onofré]

+1 (binding)

Regards
JB

On Mon, Apr 8, 2024 at 11:25 AM Jean-Baptiste Onofré  wrote:
>
> Hi folks,
>
> I submit Apache ActiveMQ "Classic" 5.18.4 to your vote.
>
> This release is a maintenance release on the 5.18.x series, bringing
> fixes and dependency updates, especially:
> - Spring 5.3.33 update (related to Spring CVEs)
> - Jetty 9.4.54.v20240208 update
> - Jackson 2.16.2 update
> - log4j 2.23.1 update
> - several bug fixes/improvements
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353760
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1394/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.4/
>
> Git tag: activemq-5.18.4
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

Re: [VOTE] Apache ActiveMQ "Classic" 5.18.4 release

[Jean-Baptiste Onofré]

Gentle reminder on this vote: we would need one more binding vote.

Thanks !
Regards
JB

On Mon, Apr 8, 2024 at 11:25 AM Jean-Baptiste Onofré  wrote:
>
> Hi folks,
>
> I submit Apache ActiveMQ "Classic" 5.18.4 to your vote.
>
> This release is a maintenance release on the 5.18.x series, bringing
> fixes and dependency updates, especially:
> - Spring 5.3.33 update (related to Spring CVEs)
> - Jetty 9.4.54.v20240208 update
> - Jackson 2.16.2 update
> - log4j 2.23.1 update
> - several bug fixes/improvements
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353760
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1394/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.4/
>
> Git tag: activemq-5.18.4
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

Re: [PROPOSAL] Enable GH issues

[Jean-Baptiste Onofré]

Hi Matt

Imho, we are mixing two topics here:
1. The ticket management system
2. The contribution guide

So, let me try to clarify:

[PROPOSAL]

I'm in favor of GH Issues, but we don't yet have a strong consensus
about that. I would propose a new thread about that to give a chance
to anyone to speak, and move to a vote.

[README/CONTRIBUTION GUIDE]

First, ICLA is not strictly required before committership (the Apache
2.0 license already covered contributor, it has been discussed on
LEGAL Jira).
Second, you don't report security issues on a mailing list, you go to
secur...@apache.org.
Explaining how to report issue, create PR, contribute (e.g.
contribution guide) is fine and welcome.

Regards
JB

On Tue, Apr 16, 2024 at 5:37 PM Matt Pavlovich  wrote:
>
> @dev-
>
> I appreciate all the good feedback and discussion. A number of good points, 
> suggestions and perspectives. Overall, I see an uptick in community interest 
> in contributing to ActiveMQ and that’s a great thing! I believe that 
> modernizing the toolkit, reducing contribution friction and lowering load on 
> committers/PMC will help keep the community healthy going forward =).
>
> I've made a pass at summarizing the points and take-aways from the [DISCUSS] 
> thread below. Please reply with suggested add/edit/removes.
>
> [Key community Use Cases]
>
> UC-1. Issue - User opens an Issue and may or may not intend (or be able) to 
> produce a PR to address the report.
>
> UC-2. PR-onl - User opens a PR without an Issue to address their requested 
> fix.
>
> UC-3. Security report - User identifies a security issue and needs to report
>
>
> [Proposal]
>
> Action-1. Enable GH issues and flip JIRA to read-only
>
> Action-2. Update README in repo to be more of a 'how to engage with the 
> community' vs a project overview
>
>
> [Update README document to include]
>
> Update-1. Provide a link for users to create an issue
>
> Update-2. Provide a link to the mailing list for reporting a security issue
>
> Update-3. Provide a link for users to submit a CLA
>
>
> [Committer/PMC operating]
>
> Op-A. For use case #2 where user creates a PR without an issue, before 
> approval committer/pmc may instruct contributor to provide signed CLA and 
> open a corresponding issue if the complexity warrants. The PR comment can 
> then be updated with the issue id for reference and linking.
>
> Op-B. Use of GHT Project(s) for planning and tracking Issue & PR for releases.
>
> Thanks,
> Matt Pavlovich

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Jean-Baptiste Onofré]

Hi Matt,

Thanks for that.

If I may, I don't see a strong consensus yet about GH Issues. The
other thread you started contains some non accurate points (we should
have clear statements to the community for clarity).

Regards
JB

On Tue, Apr 16, 2024 at 5:26 PM Matt Pavlovich  wrote:
>
> @dev-
>
> I’m summarizing the good points here and starting [PROPOSAL] thread to draft 
> up potential next steps.
>
> Thanks,
> Matt
>
> > On Apr 16, 2024, at 9:58 AM, Matt Pavlovich  wrote:
> >
> > Robbie-
> >
> > One option with GH issues is we can have them prompted with a ’type’ (for 
> > example, an issue or security report). Security report workflow could take 
> > them to the readme with email link to direct users to the mailing list and 
> > (hopefully) getting better adherence to the requested security process.
> >
> > -Matt
> >
> >> On Apr 8, 2024, at 12:29 PM, Robbie Gemmell  
> >> wrote:
> >>
> >> The security reporting/followup follow the process/requirements set
> >> out by security@ so we cant really just change things around
> >> that...though if there ideas, then perhaps they can be discussed with
> >> them toward being generally applicable.
> >>
> >> I believe there are private subversion repo areas for PMCs (never use
> >> it though), not sure whether there are facilities yet for PMC git
> >> repos.
> >>
> >> On Mon, 8 Apr 2024 at 17:27, Matt Pavlovich  wrote:
> >>>
> >>> Got it, that makes sense. I think we could achieve the same effect w/ a 
> >>> private repo (ie "activmeq-pmc”) and enable what ever product features 
> >>> makes sense— issues, discussion, etc.
> >>>
> >>> I agree, moving off of mailing list would be beneficial for certain 
> >>> discussions (esp security reports) b/c of things like attachments, links, 
> >>> etc often become a security challenge w/ email.
> >>>
> >>> -Matt
> >>>
>  On Apr 5, 2024, at 6:58 PM, Clebert Suconic  
>  wrote:
> 
>  I haven’t used it on the Apache Jira but I use private comments all the
>  time on my company JIRA for things that would be related to security and
>  injeritently private.
> 
>  I thought we could eventually start using a feature like that and I 
>  thought
>  it would be a nice feature to keep.  But if everybody think we should 
>  keep
>  everything open and just use private list for private comments that’s 
>  fine.
> 
>  On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
> 
> > Hi Clebert-
> >
> > How widely used are private comments today?
> >
> > I ran a search and I do not see any private comments in use with the
> > ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got 
> > the
> > JQL incorrect?
> >
> > project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
> > project = ARTEMIS AND issueFunction in commented(“role PMC")
> >
> > An available solution would be to use a private GH repo would secure all
> > the items — code, issues, etc.. from unprivileged users. A PMC-only repo
> > could have issues-only or discussion-only for CVE discussions.
> >
> > I think private comment is a wonky concept, as it is easy to get that
> > toggled incorrectly. I think it is better to restrict access to a 
> > secured
> > area vs trying to feather comments.
> >
> > Thanks,
> > Matt
> >
> >> On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
> >> 
> > wrote:
> >>
> >> Is there a private comment capability on GitHub?  To me that’s a 
> >> breaking
> >> deal feature and I have never seen it.
> >>
> >> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> >> bruscin...@gmail.com> wrote:
> >>
> >>> I don't have a strong opinion on migrating from Jira to GitHub Issues.
> >>> I would prefer GitHub Issues only for its better integration and 
> >>> because
> >>> new users that reach from the GitHub repository could be confused to 
> >>> not
> >>> find the `Issues` tabs (most of the GitHub projects use it).
> >>>
> >>> Also GitHub Issues has a good REST interface, I'm using it in
> >>> GithubIssueManager[1].
> >>>
> >>> @Justin Bertram  thanks the detailed doc!!!
> >>>
> >>> [1]
> >>>
> >>>
> > https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> >>>
> >>> On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
> >>>  >>
> >>> wrote:
> >>>
>  I would prefer to keep JIRA for their REST interface.
> 
>  Also: one thing to notice is the possibility of using private 
>  comments
>  in JIRA. Say you ever have a security issue. I think you can have PMC
>  private comments on JIRAs. I'm not sure you have the same in github
>  issues.
> 
> 
>  I didn't see a note about private comments on Justin's 

Re: [RESULT][VOTE] Apache ActiveMQ "Classic" 6.1.2 release

[Jean-Baptiste Onofré]

I gonna do the website update and docker push, then I will do the
announcement.

Sorry I was travelling and forget to do that.

Regards
JB

Le ven. 26 avr. 2024 à 21:31, Justin Bertram  a écrit :

> JB, I haven't seen an announcement, and the website has not been updated.
> Can you clarify the status of this release? Thanks!
>
>
> Justin
>
> On Mon, Apr 15, 2024 at 12:59 AM Jean-Baptiste Onofré 
> wrote:
>
>> Hi folks,
>>
>> This vote passed with the following result:
>>
>> +1 (binding): Chris Shannon, Tim Bish, JB Onofré, Clebert Suconic,
>> Matt Pavlovich
>> +1 (non binding): François Papon, Cesar Hernandez, Jamie Goodyear
>>
>> I'm promoting the artifacts on Maven Central and dist.apache.org. I
>> will update Jira and the website, then I will do the announcement.
>>
>> Thanks all for your vote!
>>
>> Regards
>> JB
>>
>> On Thu, Apr 11, 2024 at 10:08 PM Jean-Baptiste Onofré 
>> wrote:
>> >
>> > Hi folks,
>> >
>> > I submit Apache ActiveMQ "Classic" 6.1.2 release to your vote.
>> >
>> > This release includes 8 fixes, especially:
>> > - secure Jolokia and REST API by default
>> > - fix on runtimeConfigurationPlugin JMX MBean reload operation
>> > - fix when consuming empty destination via REST API
>> > - fix client/server SSL socket configuration via URI
>> >
>> > You can take a look on Release Notes for details:
>> >
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354480
>> >
>> > Maven Staging Repository:
>> >
>> https://repository.apache.org/content/repositories/orgapacheactivemq-1395/
>> >
>> > Dist Staging Repository:
>> > https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.2/
>> >
>> > Git tag: activemq-6.1.2
>> >
>> > Please vote to approve this release:
>> > [ ] +1 Approve the release
>> > [ ] -1 Don't approve the release (please provide specific comments)
>> >
>> > This vote will be open for at least 72 hours.
>> >
>> > Thanks !
>> > Regards
>> > JB
>>
>>

[ANN] Apache ActiveMQ Classic 6.1.2 has been released!

[Jean-Baptiste Onofré]

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ
Classic 6.1.2 release.

It's a maintenance release on the ActiveMQ 6.1.x series, bringing:
- secure Jolokia and REST Message API by default
- fix on runtimeConfigurationPlugin JMX MBean reload operation
- fix when consuming empty destination via REST Message API
- fix client/server SSL socket configuration via URI

You can find details on the Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354480

You can download ActiveMQ 6.1.2 here:
https://activemq.apache.org/components/classic/download/

Enjoy!
The Apache ActiveMQ Team

Re: [VOTE] Apache ActiveMQ 6.1.0 release

[Jean-Baptiste Onofré]

Hi Matt,

I tested it on MacOS with zsh. I didn't have any issues.

Let me double check.

Thanks for the report!

Regards
JB

On Thu, Mar 7, 2024 at 10:47 PM Matt Pavlovich  wrote:
>
> Heads up— while working on another fix, I may have stubbled on a regression 
> caused by the change below and may need to revert my +1 to a -1
>
> Support space in filename:
> https://github.com/apache/activemq/pull/1162
>
> INFO: Using default configuration
>   Configurations are loaded in the following order: /etc/default/activemq 
> /Users/activemq/.activemqrc 
> "/Users/activemq/apache-activemq-6.1.0/"/bin/setenv
>
> This appears to cause the setenv to not be sourced and configs (such as JAAS 
> login.config and JMX settings are not picked up at boot)
>
> I’m doing some additional testing and will report back, but I believe we need 
> to hold the release until this is verified.
>
> Thanks,
> Matt
>
> > On Mar 7, 2024, at 2:05 PM, Matt Pavlovich  wrote:
> >
> > +1 (binding)
> >
> > - Downloaded dist tar.gz archive and confirmed various configurations using 
> > JDK 21
> > - Tested web console demo examples
> > - Tested web console functions
> > - Reviewed JIRA and release notes
> >
> > Thanks,
> > Matt Pavlovich
> >
> >> On Mar 5, 2024, at 11:38 AM, Jean-Baptiste Onofré  
> >> wrote:
> >>
> >> Hi guys,
> >>
> >> I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.
> >>
> >> This release includes:
> >> - New JMS2/3 operations support
> >> - Mapping javax / jakarta exception in openwire protocol
> >> - Add destination field on the job scheduler
> >> - Add org.apache.activemq.broker.BouncyCastleNotAdded property to
> >> control the bouncycastle addition in BrokerService classloader
> >> - Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
> >> - and a lot more !
> >>
> >> You can take a look on Release Notes for details:
> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745
> >>
> >> Maven Staging Repository:
> >> https://repository.apache.org/content/repositories/orgapacheactivemq-1387/
> >>
> >> Dist Staging Repository:
> >> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/
> >>
> >> Git tag: activemq-6.1.0
> >>
> >> Please vote to approve this release:
> >> [ ] +1 Approve the release
> >> [ ] -1 Don't approve the release (please provide specific comments)
> >>
> >> This vote will be open for at least 72 hours.
> >>
> >> Thanks !
> >> Regards
> >> JB
> >
>

Re: [VOTE] Apache ActiveMQ 6.1.0 release

[Jean-Baptiste Onofré]

+1 (binding)

Regards
JB

On Tue, Mar 5, 2024 at 6:38 PM Jean-Baptiste Onofré  wrote:
>
> Hi guys,
>
> I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.
>
> This release includes:
> - New JMS2/3 operations support
> - Mapping javax / jakarta exception in openwire protocol
> - Add destination field on the job scheduler
> - Add org.apache.activemq.broker.BouncyCastleNotAdded property to
> control the bouncycastle addition in BrokerService classloader
> - Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
> - and a lot more !
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1387/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/
>
> Git tag: activemq-6.1.0
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

[CANCEL][VOTE] Apache ActiveMQ 6.1.0 release

[Jean-Baptiste Onofré]

Hi all,

due to an issue on the activemq script, I cancel this vote.

I will fix and recut the release.

Regards
JB

On Tue, Mar 5, 2024 at 6:38 PM Jean-Baptiste Onofré  wrote:
>
> Hi guys,
>
> I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.
>
> This release includes:
> - New JMS2/3 operations support
> - Mapping javax / jakarta exception in openwire protocol
> - Add destination field on the job scheduler
> - Add org.apache.activemq.broker.BouncyCastleNotAdded property to
> control the bouncycastle addition in BrokerService classloader
> - Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
> - and a lot more !
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1387/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/
>
> Git tag: activemq-6.1.0
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

Re: [VOTE] Apache ActiveMQ 6.1.0 release

[Jean-Baptiste Onofré]

Yeah, I just reproduced the issue. My bad, I missed it.

Let me cancel this vote, fix and recut.

Sorry about that,
Regards
JB

On Fri, Mar 8, 2024 at 11:33 AM Robbie Gemmell  wrote:
>
> I was going to vote positively, but after seeing the earlier mails and
> trying things out further I see the same issue as Matt has reported.
>
> The quotes added on this line:
> https://github.com/apache/activemq/blob/6bae734088d70b8e1a72ab6f3a763199d38af306/assembly/src/release/bin/activemq#L174
> in https://github.com/apache/activemq/pull/1162 breaks loading of the
> setenv config (and presumably the earlier config paths if they were
> present).
>
> With the quotes in place, I edited the setenv file to also set a
> custom system property, and observed that it wasnt applied due to the
> setenv file not being used and the "INFO: Using default configuration"
> message Matt referenced below being printed.
>
> Removing the quotes on that line, the setenv config was actually found
> and used (and my custom property in it was then set on the JVM):
> INFO: Loading '/path/to/6.1.0-rc1/apache-activemq-6.1.0//bin/setenv'
>
> (I wasnt using a dir with spaces)
>
> Robbie
>
> On Thu, 7 Mar 2024 at 21:48, Matt Pavlovich  wrote:
> >
> > Heads up— while working on another fix, I may have stubbled on a regression 
> > caused by the change below and may need to revert my +1 to a -1
> >
> > Support space in filename:
> > https://github.com/apache/activemq/pull/1162
> >
> > INFO: Using default configuration
> >   Configurations are loaded in the following order: 
> > /etc/default/activemq /Users/activemq/.activemqrc 
> > "/Users/activemq/apache-activemq-6.1.0/"/bin/setenv
> >
> > This appears to cause the setenv to not be sourced and configs (such as 
> > JAAS login.config and JMX settings are not picked up at boot)
> >
> > I’m doing some additional testing and will report back, but I believe we 
> > need to hold the release until this is verified.
> >
> > Thanks,
> > Matt
> >
> > > On Mar 7, 2024, at 2:05 PM, Matt Pavlovich  wrote:
> > >
> > > +1 (binding)
> > >
> > > - Downloaded dist tar.gz archive and confirmed various configurations 
> > > using JDK 21
> > > - Tested web console demo examples
> > > - Tested web console functions
> > > - Reviewed JIRA and release notes
> > >
> > > Thanks,
> > > Matt Pavlovich
> > >
> > >> On Mar 5, 2024, at 11:38 AM, Jean-Baptiste Onofré  
> > >> wrote:
> > >>
> > >> Hi guys,
> > >>
> > >> I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.
> > >>
> > >> This release includes:
> > >> - New JMS2/3 operations support
> > >> - Mapping javax / jakarta exception in openwire protocol
> > >> - Add destination field on the job scheduler
> > >> - Add org.apache.activemq.broker.BouncyCastleNotAdded property to
> > >> control the bouncycastle addition in BrokerService classloader
> > >> - Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
> > >> - and a lot more !
> > >>
> > >> You can take a look on Release Notes for details:
> > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745
> > >>
> > >> Maven Staging Repository:
> > >> https://repository.apache.org/content/repositories/orgapacheactivemq-1387/
> > >>
> > >> Dist Staging Repository:
> > >> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/
> > >>
> > >> Git tag: activemq-6.1.0
> > >>
> > >> Please vote to approve this release:
> > >> [ ] +1 Approve the release
> > >> [ ] -1 Don't approve the release (please provide specific comments)
> > >>
> > >> This vote will be open for at least 72 hours.
> > >>
> > >> Thanks !
> > >> Regards
> > >> JB
> > >
> >

[VOTE] Apache ActiveMQ 6.1.0 release (take #2)

[Jean-Baptiste Onofré]

Hi guys,

I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.
This is the second RC including the fix on bin/activemq script.

This release includes:
- New JMS2/3 operations support
- Mapping javax / jakarta exception in openwire protocol
- Add destination field on the job scheduler
- Add org.apache.activemq.broker.BouncyCastleNotAdded property to
control the bouncycastle addition in BrokerService classloader
- Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
- and a lot more !

You can take a look on Release Notes for details:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745

Maven Staging Repository:
https://repository.apache.org/content/repositories/orgapacheactivemq-1389/

Dist Staging Repository:
https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/

Git tag: activemq-6.1.0

Please vote to approve this release:
[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Thanks !
Regards
JB

Re: [VOTE] Apache ActiveMQ 6.1.0 release (take #2)

[Jean-Baptiste Onofré]

+1 (binding)

Regards
JB

On Mon, Mar 11, 2024 at 9:50 PM Jean-Baptiste Onofré  wrote:
>
> Hi guys,
>
> I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.
> This is the second RC including the fix on bin/activemq script.
>
> This release includes:
> - New JMS2/3 operations support
> - Mapping javax / jakarta exception in openwire protocol
> - Add destination field on the job scheduler
> - Add org.apache.activemq.broker.BouncyCastleNotAdded property to
> control the bouncycastle addition in BrokerService classloader
> - Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
> - and a lot more !
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1389/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/
>
> Git tag: activemq-6.1.0
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

Re: ActiveMQ Assignee List

[Jean-Baptiste Onofré]

Hi,

Please create a Jira account first (see
https://selfserve.apache.org/jira-account.html).

Then, create PR, we will assign the corresponding ticket when we will
receive your PRs and they are good.

Thanks,
Regards
JB

On Sun, Mar 17, 2024 at 8:55 PM Anubhav Mishra
 wrote:
>
> Hello Team,
>
> Please add Akki1902, in activemq assignee list as I would love to
> contribute to the community.
> I have over 2 years of experience working on ActiveMQ, and have developed
> several plugins and have Identified several enhancements.
>
> Would love to contribute back to the community.
>
> Thanks
> Anubhav

[RESULT][VOTE] Apache ActiveMQ 6.1.0 release (take #2)

[Jean-Baptiste Onofré]

Hi all,

this vote passed with the following result:

+1 (binding): Chris Shannon, JB Onofré, Matt Pavlovich
+1 (non binding): Jamie Goodyear

I'm promoting the artifacts on Maven Central and dist.apache.org.
Then, I will update Jira and the website, and I will do the
announcement.

Thanks all for your vote,

Regards
JB

NB: I will already prepare a 6.1.1 soon in order to update Spring
version (a CVE has been published)

On Mon, Mar 11, 2024 at 9:50 PM Jean-Baptiste Onofré  wrote:
>
> Hi guys,
>
> I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.
> This is the second RC including the fix on bin/activemq script.
>
> This release includes:
> - New JMS2/3 operations support
> - Mapping javax / jakarta exception in openwire protocol
> - Add destination field on the job scheduler
> - Add org.apache.activemq.broker.BouncyCastleNotAdded property to
> control the bouncycastle addition in BrokerService classloader
> - Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
> - and a lot more !
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1389/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/
>
> Git tag: activemq-6.1.0
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

Re: Re: CVE-2024-22243 Spring Framework Open Redirect Vulnerability - ActiveMQ 5.3.30

[Jean-Baptiste Onofré]

Hi Stefan

Here's the Jira: https://issues.apache.org/jira/browse/AMQ-9453

I will close ActiveMQ 6.1.0 vote and promote the release, then I will
submit 5.18.4 to vote.

Regards
JB

On Thu, Mar 14, 2024 at 4:29 PM Boeltl, Stefan
 wrote:
>
> Hi Jean-Baptiste,
>
> Looking at 
> https://mvnrepository.com/artifact/org.springframework/spring-web/5.3.31 I 
> can see that 
> CVE-2024-22243 
> is still there and fixed only in 5.3.32: 
> https://mvnrepository.com/artifact/org.springframework/spring-web/5.3.32
>
> Additionally, I can't find any ticket for the upgrade for 5.18.x.
>
> Thanks!
>
> Kind regards
> Stefan
> The information contained in this message is proprietary and/or confidential. 
> If you are not the intended recipient, please: (i) delete the message and all 
> copies; (ii) do not disclose, distribute or use the message in any manner; 
> and (iii) notify the sender immediately. In addition, please be aware that 
> any message addressed to our domain is subject to archiving and review by 
> persons other than the intended recipient. Thank you. Message Encrypted via 
> TLS connection

Re: [VOTE] Apache ActiveMQ 6.1.0 release (take #2)

[Jean-Baptiste Onofré]

Gentle reminder, last chance to cast your vote :)

Thanks,
Regards
JB

On Mon, Mar 11, 2024 at 9:50 PM Jean-Baptiste Onofré  wrote:
>
> Hi guys,
>
> I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.
> This is the second RC including the fix on bin/activemq script.
>
> This release includes:
> - New JMS2/3 operations support
> - Mapping javax / jakarta exception in openwire protocol
> - Add destination field on the job scheduler
> - Add org.apache.activemq.broker.BouncyCastleNotAdded property to
> control the bouncycastle addition in BrokerService classloader
> - Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
> - and a lot more !
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1389/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/
>
> Git tag: activemq-6.1.0
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

Re: [VOTE] Apache ActiveMQ Artemis 2.33.0

[Jean-Baptiste Onofré]

+1 (binding) jbonofre

Regards
JB

On Wed, Mar 20, 2024 at 6:40 PM Timothy Bish  wrote:
>
> On 3/19/24 19:12, Justin Bertram wrote:
> > I would like to propose an Apache ActiveMQ Artemis 2.33.0 release.
> >
> > Here are some noteworthy updates in 2.33.0:
> >
> >   - Support for JSON formatted typed properties on CLI producer command
> >   - New CLI command pwd for showing directories related to the current
> > instance
> >   - Maven Bill of Materials (BOM) artemis-bom to simplify integration
> >   - "FirstMessage" API for scheduled messages
> >   - New "view" and "edit" permissions for management operations configurable
> > via security-settings in broker.xml
> >   - New sslAutoReload parameter for the embedded web server configured in
> > `bootstrap.xml` to detect and automatically reload when SSL stores change
> > on disk
> >   - Performance improvements on mirroring and paging
> >   - Logging metrics to mitigate the risk of missing WARN or ERROR messages
> > in the log.
> >   - Much improved documentation on network isolation (aka split brain)
> >   - Pluggable lock manager (aka pluggable quorum voting) out of
> > "experimental" status and ready for general use
> >
> > The release notes can be found here:
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920=12354184
> >
> > Ths git commit report is here:
> > https://activemq.apache.org/components/artemis/download/commit-report-2.33.0
> >
> > Source and binary distributions can be found here:
> > https://dist.apache.org/repos/dist/dev/activemq/activemq-artemis/2.33.0/
> >
> > The Maven staging repository is here:
> > https://repository.apache.org/content/repositories/orgapacheactivemq-1391/
> >
> > If you would like to validate the release:
> > https://activemq.apache.org/components/artemis/documentation/hacking-guide/#validating-releases
> >
> > It is tagged in the git repo as 2.33.0
> >
> > [ ] +1 approve this release
> > [ ] +0 no opinion
> > [ ] -1 disapprove (and reason why)
> >
> > Here's my +1
> >
> >
> > Justin
> >
> +1
>
> * Validated signatures and checksums
> * Verified license and notice files in archives
> * Checked source for license headers with 'mvn apache-rat:check'
> * Ran the broker from the binary archive and exercised the web console
> * Ran some the qpid-proton-dotnet client examples against the running
> broker
> * Ran some the qpid-protonj2 client examples against the running broker
> * Ran all the AMQP tests using: mvn clean install -DskipTests && cd
> tests/integration-tests/ && mvn test -Ptests
> -Dtest=org.apache.activemq.artemis.tests.integration.amqp.**
>
>
> --
> Tim Bish
>

Re: Re: CVE-2024-22243 Spring Framework Open Redirect Vulnerability - ActiveMQ 5.3.30

[Jean-Baptiste Onofré]

Hi,

By the way, I will update to Spring 6.1.5, 6.0.18, 5.3.33 as a new CVE
has been published.

As ActiveMQ 6.1.0 vote is almost complete, I will release this one and
prepare 6.1.1 including Spring 6.1.5 update.

Regards
JB

On Thu, Mar 14, 2024 at 5:09 PM Jean-Baptiste Onofré  wrote:
>
> Hi Stefan
>
> Here's the Jira: https://issues.apache.org/jira/browse/AMQ-9453
>
> I will close ActiveMQ 6.1.0 vote and promote the release, then I will
> submit 5.18.4 to vote.
>
> Regards
> JB
>
> On Thu, Mar 14, 2024 at 4:29 PM Boeltl, Stefan
>  wrote:
> >
> > Hi Jean-Baptiste,
> >
> > Looking at 
> > https://mvnrepository.com/artifact/org.springframework/spring-web/5.3.31 I 
> > can see that 
> > CVE-2024-22243<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22243>
> >  is still there and fixed only in 5.3.32: 
> > https://mvnrepository.com/artifact/org.springframework/spring-web/5.3.32
> >
> > Additionally, I can't find any ticket for the upgrade for 5.18.x.
> >
> > Thanks!
> >
> > Kind regards
> > Stefan
> > The information contained in this message is proprietary and/or 
> > confidential. If you are not the intended recipient, please: (i) delete the 
> > message and all copies; (ii) do not disclose, distribute or use the message 
> > in any manner; and (iii) notify the sender immediately. In addition, please 
> > be aware that any message addressed to our domain is subject to archiving 
> > and review by persons other than the intended recipient. Thank you. Message 
> > Encrypted via TLS connection

[ANN] Apache ActiveMQ 6.1.0 has been released!

[Jean-Baptiste Onofré]

The ActiveMQ team is pleased to announce Apache ActiveMQ 6.1.0 release.

It's a new milestone, bringing:
- New JMS 2/3 operations support
- Mapping javax / jakarta exception in openwire protocol
- Add destination field on the job scheduler
- Add org.apache.activemq.broker.BouncyCastleNotAdded property to
control the bouncycastle addition in BrokerService classloader
- A lot of dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, …)
- ... and much more !

You can find details on the Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745

You can download ActiveMQ 6.1.0 here:
https://activemq.apache.org/components/classic/download/

Enjoy!

Regards
--
The Apache ActiveMQ team

Re: CVE-2024-22243 Spring Framework Open Redirect Vulnerability - ActiveMQ 5.3.30

[Jean-Baptiste Onofré]

Hi Matt,

I think you are missing the ActiveMQ version and Spring version.

5.3.30 is the Spring version, used in ActiveMQ 5.18.x. ActiveMQ 5.18.4
will upgrade to Spring 5.3.31 fixing the CVE.

Regards
JB

On Thu, Mar 7, 2024 at 2:25 PM Matthew Gay
 wrote:
>
> Good Morning,
>
> We are receiving scan reports regarding ActiveMQ being vulnerable to the 
> above CVE.
> We have seen a couple emails that allude to ActiveMQ not being vulnerable.
>
> However, we are looking for a more official response indicating if it is, or 
> is not vulnerable.
> And to add - when an updated version of ActiveMQ will be available on the 
> 5.3.x line for this vulnerability.
>
> Thank you!
> Matt
>
> This electronic communication and the information and any files transmitted 
> with it, or attached to it, are confidential and are intended solely for the 
> use of the individual or entity to whom it is addressed and may contain 
> information that is confidential, legally privileged, protected by privacy 
> laws, or otherwise restricted from disclosure to anyone else. If you are not 
> the intended recipient or the person responsible for delivering the e-mail to 
> the intended recipient, you are hereby notified that any use, copying, 
> distributing, dissemination, forwarding, printing, or copying of this e-mail 
> is strictly prohibited. If you received this e-mail in error, please return 
> the e-mail to the sender, delete it from your computer, and destroy any 
> printed copy of it.

[VOTE] Apache ActiveMQ "Classic" 6.1.1 release

[Jean-Baptiste Onofré]

Hi folks,

I submit Apache ActiveMQ "Classic" 6.1.1 release to your vote.

This release includes:
- fix on the StatisticPlugin to include firstMessageTimestamp field
- Add missing JVM arg for sun.nio (required for some transport connectors)
- remove "old" client jakarta module
- fix authentication on Docker images
- Spring 6.1.5 update (including CVE fix)
- several other dependency updates (log4j 2.23.1, slf4j 2.0.12, ...)

You can take a look on Release Notes for details:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354418

Maven Staging Repository:
https://repository.apache.org/content/repositories/orgapacheactivemq-1393/

Dist Staging Repository:
https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.1/

Git tag: activemq-6.1.1

Please vote to approve this release:
[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Thanks !
Regards
JB

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Jean-Baptiste Onofré]

Hi Justin

Fantastic work and great summary !

I do a quick pass, I will do a more detailed read.

Thanks !
Regards
JB

On Tue, Apr 2, 2024 at 9:52 PM Justin Bertram  wrote:
>
> There's been a few threads about this general subject, but most have
> concentrated on Classic in particular. I think it's worth discussing
> migration of ActiveMQ as a whole and diving a bit deeper into the details
> of why a migration makes (or doesn't make) sense and what the challenges
> may be.
>
> To this end I've put together this document [1]. I hope it will be of
> service to the community as we consider this option.
>
>
> Justin
>
> [1]
> https://github.com/jbertram/activemq-website/wiki/Apache-ActiveMQ-GitHub-Issues-Migration-Review

Re: [VOTE] Apache ActiveMQ "Classic" 6.1.1 release

[Jean-Baptiste Onofré]

+1 (binding)

Regards
JB

On Tue, Apr 2, 2024 at 7:40 AM Jean-Baptiste Onofré  wrote:
>
> Hi folks,
>
> I submit Apache ActiveMQ "Classic" 6.1.1 release to your vote.
>
> This release includes:
> - fix on the StatisticPlugin to include firstMessageTimestamp field
> - Add missing JVM arg for sun.nio (required for some transport connectors)
> - remove "old" client jakarta module
> - fix authentication on Docker images
> - Spring 6.1.5 update (including CVE fix)
> - several other dependency updates (log4j 2.23.1, slf4j 2.0.12, ...)
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354418
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1393/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.1/
>
> Git tag: activemq-6.1.1
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

[RESULT][VOTE] Apache ActiveMQ "Classic" 6.1.1 release

[Jean-Baptiste Onofré]

Hi folks,

this vote passed with the following result:

+1 (binding): Christopher Shannon, JB Onofré, Matt Pavlovich, Clebert Suconic
+1 (non binding): Jamie Goodyear, François Papon, Cesar Hernandez

I'm promoting the artifacts on Maven Central and dist, then, I will
update the website and Jira. The announcement will follow.

Thanks all for your vote !

PS: 5.18.4 will start tonight or tomorrow morning my time :)

Regards
JB

On Tue, Apr 2, 2024 at 7:40 AM Jean-Baptiste Onofré  wrote:
>
> Hi folks,
>
> I submit Apache ActiveMQ "Classic" 6.1.1 release to your vote.
>
> This release includes:
> - fix on the StatisticPlugin to include firstMessageTimestamp field
> - Add missing JVM arg for sun.nio (required for some transport connectors)
> - remove "old" client jakarta module
> - fix authentication on Docker images
> - Spring 6.1.5 update (including CVE fix)
> - several other dependency updates (log4j 2.23.1, slf4j 2.0.12, ...)
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354418
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1393/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.1/
>
> Git tag: activemq-6.1.1
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Thanks !
> Regards
> JB

[ANN] Apache ActiveMQ "Classic" 6.1.1 has been released!

[Jean-Baptiste Onofré]

The ActiveMQ team is pleased to announce Apache ActiveMQ 6.1.1 release.

It's a maintenance release on the ActiveMQ 6.1.x series, bringing:
- add firstMessageTimestamp in the StatisticsPlugin
- fix on Docker images authentication
- add sun.nio.* opens classes required for some transports
- important dependency updates, especially Spring 6.1.5
- and much more !

You can find details on the Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354418

You can download ActiveMQ 6.1.1 here:
https://activemq.apache.org/components/classic/download/

Enjoy!

Regards
--
The Apache ActiveMQ team

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Jean-Baptiste Onofré]

Hi,

Thanks again Justin for the detailed doc, that's a great one !
I understand the gaps you identified and agree with your points.

Regarding the comments and feedback, I think we don't have a strong
enough consensus for this move.
So I would propose to stay with Jira for now.

Thoughts ?

Regards
JB

On Fri, Apr 5, 2024 at 6:47 PM Clebert Suconic
 wrote:
>
> Is there a private comment capability on GitHub?  To me that’s a breaking
> deal feature and I have never seen it.
>
> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> bruscin...@gmail.com> wrote:
>
> > I don't have a strong opinion on migrating from Jira to GitHub Issues.
> > I would prefer GitHub Issues only for its better integration and because
> > new users that reach from the GitHub repository could be confused to not
> > find the `Issues` tabs (most of the GitHub projects use it).
> >
> > Also GitHub Issues has a good REST interface, I'm using it in
> > GithubIssueManager[1].
> >
> > @Justin Bertram  thanks the detailed doc!!!
> >
> > [1]
> >
> > https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> >
> > On Fri, 5 Apr 2024 at 17:41, Clebert Suconic 
> > wrote:
> >
> > > I would prefer to keep JIRA for their REST interface.
> > >
> > > Also: one thing to notice is the possibility of using private comments
> > > in JIRA. Say you ever have a security issue. I think you can have PMC
> > > private comments on JIRAs. I'm not sure you have the same in github
> > > issues.
> > >
> > >
> > > I didn't see a note about private comments on Justin's detailed doc
> > > (nice Doc BTW), but the private comments may be handy on handling
> > > sensitive issues.
> > >
> > > On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell 
> > > wrote:
> > > >
> > > > The 'track version as Project' thing is interesting, though kinda
> > > > further underscores the limitations of Milestones which are really the
> > > > main surfaced way of handling versions.
> > > >
> > > > I'll bet some folks on the 'users' side of things looking at released
> > > > issues later would even miss that you are doing that (I would), since
> > > > Projects are kinda separate and get even further hidden away upon
> > > > completion; closed Projects are hidden/collapsed in the Issue/PR view
> > > > on expectations they are no longer 'interesting', requiring you to
> > > > spot that and expand the closed-projects view on each Issue/PR to see
> > > > the Project later. Which to be fair I think is actually decent
> > > > behaviour in general for their main use cases, since they aren't
> > > > really aimed to be used as versions but more for using the 'swimlane'
> > > > etc views given for managing/planning overall outstanding tasks to a
> > > > point of completion and will then most typically be
> > > > forgotten/less-interesting detail.
> > > >
> > > > On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
> > > >  wrote:
> > > > >
> > > > > I am also on the Accumulo PMC and on that project we use Github
> > issues
> > > > > and no longer use Jira. This switch was made before my time so I'm
> > not
> > > > > sure of the reasoning. Personally, I don't really care too much
> > either
> > > > > way as I've used both but I will just point out 2 things from my
> > > > > experience with it.
> > > > >
> > > > > 1) For version tracking, we use projects and not milestones. I don't
> > > > > know if this is the best way to do things but that's what we have
> > been
> > > > > using and seems to work ok as you can list multiple projects
> > > > > (versions) for an Issue or PR:
> > > > > https://github.com/apache/accumulo/projects?type=classic
> > > > >
> > > > > 2) Robbie's point about whether or not Issues get opened is a really
> > > > > good point and something that is not consistent at all in Accumulo.
> > > > > What I have found is it is all over the place. In some cases people
> > > > > just open PRs and essentially are self documenting issues with the
> > > > > fix. In other cases people open up issues and then open up PRs. It
> > > > > does get confusing sometimes since they share the same numbering and
> > > > > name space. It may make sense to try and establish some guidelines if
> > > > > we go with Github Issues just so we are consistent about it.
> > > > >
> > > > > On Thu, Apr 4, 2024 at 2:40 PM Matt Pavlovich 
> > > wrote:
> > > > > >
> > > > > >
> > > > > > > On Apr 4, 2024, at 1:26 PM, Robbie Gemmell <
> > > robbie.gemm...@gmail.com> wrote:
> > > > > > >
> > > > > > > To the later point around Discussions, I do think enabling those
> > > could
> > > > > > > be good either way since, just like with Jira, people will often
> > > > > > > create Issues to ask questions rather than e.g mail a mailing
> > list.
> > > > > > > They might use a Discussion instead though.
> > > > > >
> > > > > > +1 agree that having discussions enabled would be an upgrade for
> > > users, big improvement over mailing lists.
> > > > > >
> > > 

Re: [DISCUSS] Migrate from Jira to GitHub Issues

[Jean-Baptiste Onofré]

Just a reminder: even if we use GitHub Discussions, we should always
send a pointer on the mailing list. As we say at Apache: "if it
doesn't occur on the mailing list, it never occurred".

Thanks
Regards
JB

On Mon, Apr 8, 2024 at 6:27 PM Matt Pavlovich  wrote:
>
> Got it, that makes sense. I think we could achieve the same effect w/ a 
> private repo (ie "activmeq-pmc”) and enable what ever product features makes 
> sense— issues, discussion, etc.
>
> I agree, moving off of mailing list would be beneficial for certain 
> discussions (esp security reports) b/c of things like attachments, links, etc 
> often become a security challenge w/ email.
>
> -Matt
>
> > On Apr 5, 2024, at 6:58 PM, Clebert Suconic  
> > wrote:
> >
> > I haven’t used it on the Apache Jira but I use private comments all the
> > time on my company JIRA for things that would be related to security and
> > injeritently private.
> >
> > I thought we could eventually start using a feature like that and I thought
> > it would be a nice feature to keep.  But if everybody think we should keep
> > everything open and just use private list for private comments that’s fine.
> >
> > On Fri, Apr 5, 2024 at 2:47 PM Matt Pavlovich  wrote:
> >
> >> Hi Clebert-
> >>
> >> How widely used are private comments today?
> >>
> >> I ran a search and I do not see any private comments in use with the
> >> ActiveMQ project. I tried searching the ARTEMIS project, perhaps I got the
> >> JQL incorrect?
> >>
> >> project = ARTEMIS AND issueFunction in commented("group activemq-pmc”)
> >> project = ARTEMIS AND issueFunction in commented(“role PMC")
> >>
> >> An available solution would be to use a private GH repo would secure all
> >> the items — code, issues, etc.. from unprivileged users. A PMC-only repo
> >> could have issues-only or discussion-only for CVE discussions.
> >>
> >> I think private comment is a wonky concept, as it is easy to get that
> >> toggled incorrectly. I think it is better to restrict access to a secured
> >> area vs trying to feather comments.
> >>
> >> Thanks,
> >> Matt
> >>
> >>> On Apr 5, 2024, at 11:47 AM, Clebert Suconic 
> >> wrote:
> >>>
> >>> Is there a private comment capability on GitHub?  To me that’s a breaking
> >>> deal feature and I have never seen it.
> >>>
> >>> On Fri, Apr 5, 2024 at 12:15 PM Domenico Francesco Bruscino <
> >>> bruscin...@gmail.com> wrote:
> >>>
>  I don't have a strong opinion on migrating from Jira to GitHub Issues.
>  I would prefer GitHub Issues only for its better integration and because
>  new users that reach from the GitHub repository could be confused to not
>  find the `Issues` tabs (most of the GitHub projects use it).
> 
>  Also GitHub Issues has a good REST interface, I'm using it in
>  GithubIssueManager[1].
> 
>  @Justin Bertram  thanks the detailed doc!!!
> 
>  [1]
> 
> 
> >> https://github.com/brusdev/downstream-updater/blob/main/src/main/java/dev/brus/downstream/updater/issue/GithubIssueManager.java
> 
>  On Fri, 5 Apr 2024 at 17:41, Clebert Suconic  >>>
>  wrote:
> 
> > I would prefer to keep JIRA for their REST interface.
> >
> > Also: one thing to notice is the possibility of using private comments
> > in JIRA. Say you ever have a security issue. I think you can have PMC
> > private comments on JIRAs. I'm not sure you have the same in github
> > issues.
> >
> >
> > I didn't see a note about private comments on Justin's detailed doc
> > (nice Doc BTW), but the private comments may be handy on handling
> > sensitive issues.
> >
> > On Fri, Apr 5, 2024 at 5:19 AM Robbie Gemmell <
> >> robbie.gemm...@gmail.com>
> > wrote:
> >>
> >> The 'track version as Project' thing is interesting, though kinda
> >> further underscores the limitations of Milestones which are really the
> >> main surfaced way of handling versions.
> >>
> >> I'll bet some folks on the 'users' side of things looking at released
> >> issues later would even miss that you are doing that (I would), since
> >> Projects are kinda separate and get even further hidden away upon
> >> completion; closed Projects are hidden/collapsed in the Issue/PR view
> >> on expectations they are no longer 'interesting', requiring you to
> >> spot that and expand the closed-projects view on each Issue/PR to see
> >> the Project later. Which to be fair I think is actually decent
> >> behaviour in general for their main use cases, since they aren't
> >> really aimed to be used as versions but more for using the 'swimlane'
> >> etc views given for managing/planning overall outstanding tasks to a
> >> point of completion and will then most typically be
> >> forgotten/less-interesting detail.
> >>
> >> On Thu, 4 Apr 2024 at 22:52, Christopher Shannon
> >>  wrote:
> >>>
> >>> I am also on the Accumulo PMC and on that project we use Github
> 

[VOTE] Apache ActiveMQ "Classic" 5.18.4 release

[Jean-Baptiste Onofré]

Hi folks,

I submit Apache ActiveMQ "Classic" 5.18.4 to your vote.

This release is a maintenance release on the 5.18.x series, bringing
fixes and dependency updates, especially:
- Spring 5.3.33 update (related to Spring CVEs)
- Jetty 9.4.54.v20240208 update
- Jackson 2.16.2 update
- log4j 2.23.1 update
- several bug fixes/improvements

You can take a look on Release Notes for details:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353760

Maven Staging Repository:
https://repository.apache.org/content/repositories/orgapacheactivemq-1394/

Dist Staging Repository:
https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.4/

Git tag: activemq-5.18.4

Please vote to approve this release:
[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Thanks !
Regards
JB

Re: ASF board report due by Tues, April 9 - new procedure, please read

[Jean-Baptiste Onofré]

Hi Justin,

GitHub Issues discussion is interesting for the board, but I would
like more discussions between us.

Regards
JB

On Thu, Apr 4, 2024 at 4:45 PM Justin Bertram  wrote:
>
> I added detail about Artemis based on JB's draft.
>
> I wondered if we might add a note about the fact we're considering moving
> to GitHub Issues, but I wasn't sure that's something the board would care
> about, and I wasn't sure where to add it.
>
>
> Justin
>
> On Thu, Apr 4, 2024 at 8:56 AM Jean-Baptiste Onofré  wrote:
>
> > Hi Bruce,
> >
> > I created a new draft (based on yours) containing ActiveMQ "classic"
> > details.
> >
> > Regards
> > JB
> >
> > On Mon, Apr 1, 2024 at 3:48 PM Bruce Snyder 
> > wrote:
> > >
> > > Hi folks,
> > >
> > > It is that time once again to assemble the latest ASF board report. As
> > > mentioned previously, I would like us to begin using the Reporter tool to
> > > assemble reports to the ASF board. The idea being that anyone with access
> > > to the Reporter tool can log in and enter their contributions directly
> > to a
> > > given report. We will no longer be assembling the report using git.
> > >
> > > As you contribute to the report, you can reflow sections and then save
> > your
> > > contributions as a draft. This will leave the report in draft form (i.e.
> > > not published). When the report is due, the PMC chair will log in to
> > > Reporter to review and finalize the report as well as publish it to
> > Whimsy.
> > >
> > > So, please log in to the Reporter tool via the following URL and begin
> > > entering your contributions to this month's report and save them as a
> > draft.
> > >
> > > https://reporter.apache.org/wizard/?activemq
> > >
> > > As noted above and previously, while logged in to the Reporter tool,
> > please
> > > DO NOT click the 'Publish to Whimsy' button.
> > >
> > > Please let me know if you have any questions.
> > >
> > > Bruce
> > >
> > > --
> > > perl -e 'print
> > > unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E > > http://bsnyder.org/ <http://bruceblog.org/>
> >
> >

Re: [PROPOSAL] ActiveMQ 6.0.x/6.1.x/... roadmap

[Jean-Baptiste Onofré]

Yeah, you are right: it's better to not take any commitment for a
specific version.

Let's do our best to add the missing parts, and we will do the
releases on the fly.

Regards
JB

On Thu, Feb 29, 2024 at 1:31 PM Christopher Shannon
 wrote:
>
> Everything seems fine as a general guideline but I wouldn't guarantee "full
> compliance" on any specific 6.x release as it's just hard to say when it
> will happen. It's a goal that is being worked on each release and there's
> still a good amount of work to do so hopefully we get there but it's hard
> to say if it will be 6.5 or 6.6 etc. Certainly if/when a 7.0 release
> happens I would expect that to be fully Jakarta compliant with the spec.
>
> On Thu, Feb 29, 2024 at 2:02 AM Jean-Baptiste Onofré 
> wrote:
>
> > Hi Matt
> >
> > Yeah, agree. It sounds good.
> >
> > I'm on the releases right now. Votes will come soon :)
> >
> > Regards
> > JB
> >
> > On Tue, Feb 27, 2024 at 8:16 PM Matt Pavlovich  wrote:
> > >
> > > Hi JB-
> > >
> > > Thanks for kicking off the convo, I think we are mostly in agreement.
> > >
> > > We have more headroom with versions, so I think it would be good to be
> > closer to SEMVER going forward.
> > >
> > > 6.0.x - Dependency updates (non-major changes). ActiveMQ bug and
> > security fixes only. No new config flags (unless as part of a fix) or new
> > features.
> > >
> > > 6.1.x - New features, new config flags, new JMS 2.x features, etc
> > >
> > > I think 6.5.x is probably reasonable for full JMS 2.0 compliance. Chris
> > started on the openwire modernization work, and I’ve got a couple tasks to
> > kick-in over there as well.
> > >
> > > Main changes for openwire — deliveryDelay field and shared subscription
> > flag.
> > >
> > > I have a PR for Virtual Thread support and plan on updating it to make
> > it something that can be releasable without having to move everyone to JDK
> > 21 in 6.x. Getting some runtime testing with Virtual Threads in 6.x will be
> > good and give data to consider it for the default in 7.x/8.x.
> > >
> > > Regarding 7.x — I think we can move more towards ‘services’ and
> > DestinationPolicy add-ons vs ‘plugins'. I plan to start implementing more
> > features under destination policy to replace more plugins (timestamp,
> > forced persistence mode, etc). A config service that re-uses a lot from
> > runtime config plugin would provide a lot of transition support towards an
> > activemq-boot mini-kernel to replace Spring/XBean.
> > >
> > > Thanks,
> > > Matt Pavlovich
> > >
> > > > On Jan 12, 2024, at 12:22 PM, Jean-Baptiste Onofré 
> > wrote:
> > > >
> > > > Hi guys,
> > > >
> > > > Happy new year to all !
> > > >
> > > > After the festive break, I'm back on ActiveMQ :)
> > > > I would like to discuss about the roadmap for ActiveMQ
> > > > 6.0.x/6.1.x/6.2.x/7.x(future):
> > > >
> > > > - For 6.0.x branch, I propose to include fixes and minor dependencies
> > > > updates (I have some PRs on the way, Matt also worked on different
> > > > topics)
> > > > - For 6.1.x branch, I propose to add a new round of JMS 2.x/3.x
> > > > features support and include major dependencies updates (if there are
> > > > :)). It can also include non breaking change refactoring.
> > > > - For 6.2.x branch, I propose to add another round of JMS 2.x/3.x
> > > > features support and new major updates compared to 6.1.x
> > > > It would be great to target 6.5.x for instance for full JMS 2.x/3.x
> > support.
> > > >
> > > > - For 7.x, I started a prototype to set Spring as optional, having a
> > > > core loader and new configuration format (in addition to activemq.xml,
> > > > I have activemq.json and activemq.yml for instance). As this is a
> > > > major milestone, we could have some breaking changes. Even if 7.x is
> > > > not the top priority for now (I think we have to focus on full JMS 2/3
> > > > support right now), it gives perspective to the community.
> > > >
> > > > Thoughts ?
> > > >
> > > > Regards
> > > > JB
> > >
> >

Re: [PROPOSAL] ActiveMQ 6.0.x/6.1.x/... roadmap

[Jean-Baptiste Onofré]

Hi Matt

Yeah, agree. It sounds good.

I'm on the releases right now. Votes will come soon :)

Regards
JB

On Tue, Feb 27, 2024 at 8:16 PM Matt Pavlovich  wrote:
>
> Hi JB-
>
> Thanks for kicking off the convo, I think we are mostly in agreement.
>
> We have more headroom with versions, so I think it would be good to be closer 
> to SEMVER going forward.
>
> 6.0.x - Dependency updates (non-major changes). ActiveMQ bug and security 
> fixes only. No new config flags (unless as part of a fix) or new features.
>
> 6.1.x - New features, new config flags, new JMS 2.x features, etc
>
> I think 6.5.x is probably reasonable for full JMS 2.0 compliance. Chris 
> started on the openwire modernization work, and I’ve got a couple tasks to 
> kick-in over there as well.
>
> Main changes for openwire — deliveryDelay field and shared subscription flag.
>
> I have a PR for Virtual Thread support and plan on updating it to make it 
> something that can be releasable without having to move everyone to JDK 21 in 
> 6.x. Getting some runtime testing with Virtual Threads in 6.x will be good 
> and give data to consider it for the default in 7.x/8.x.
>
> Regarding 7.x — I think we can move more towards ‘services’ and 
> DestinationPolicy add-ons vs ‘plugins'. I plan to start implementing more 
> features under destination policy to replace more plugins (timestamp, forced 
> persistence mode, etc). A config service that re-uses a lot from runtime 
> config plugin would provide a lot of transition support towards an 
> activemq-boot mini-kernel to replace Spring/XBean.
>
> Thanks,
> Matt Pavlovich
>
> > On Jan 12, 2024, at 12:22 PM, Jean-Baptiste Onofré  
> > wrote:
> >
> > Hi guys,
> >
> > Happy new year to all !
> >
> > After the festive break, I'm back on ActiveMQ :)
> > I would like to discuss about the roadmap for ActiveMQ
> > 6.0.x/6.1.x/6.2.x/7.x(future):
> >
> > - For 6.0.x branch, I propose to include fixes and minor dependencies
> > updates (I have some PRs on the way, Matt also worked on different
> > topics)
> > - For 6.1.x branch, I propose to add a new round of JMS 2.x/3.x
> > features support and include major dependencies updates (if there are
> > :)). It can also include non breaking change refactoring.
> > - For 6.2.x branch, I propose to add another round of JMS 2.x/3.x
> > features support and new major updates compared to 6.1.x
> > It would be great to target 6.5.x for instance for full JMS 2.x/3.x support.
> >
> > - For 7.x, I started a prototype to set Spring as optional, having a
> > core loader and new configuration format (in addition to activemq.xml,
> > I have activemq.json and activemq.yml for instance). As this is a
> > major milestone, we could have some breaking changes. Even if 7.x is
> > not the top priority for now (I think we have to focus on full JMS 2/3
> > support right now), it gives perspective to the community.
> >
> > Thoughts ?
> >
> > Regards
> > JB
>

[VOTE] Apache ActiveMQ 6.1.0 release

[Jean-Baptiste Onofré]

Hi guys,

I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote.

This release includes:
- New JMS2/3 operations support
- Mapping javax / jakarta exception in openwire protocol
- Add destination field on the job scheduler
- Add org.apache.activemq.broker.BouncyCastleNotAdded property to
control the bouncycastle addition in BrokerService classloader
- Dependency upgrades (Spring 6.1.4, log4j 2.23.0, Jetty 11.0.20, ...)
- and a lot more !

You can take a look on Release Notes for details:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12353745

Maven Staging Repository:
https://repository.apache.org/content/repositories/orgapacheactivemq-1387/

Dist Staging Repository:
https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.0/

Git tag: activemq-6.1.0

Please vote to approve this release:
[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Thanks !
Regards
JB

Re: [VOTE] Include unsubscribe me on all ActiveMQ mail lists..

[Jean-Baptiste Onofré]

+1

Regards
JB

On Thu, May 16, 2024 at 8:19 PM Clebert Suconic
 wrote:
>
> I want to propose having all of our user lists including an
> Unsubscribe-me link at the end of the messages. Such unsubscribe-me
> should include the link with enough information to remove such
> subscriptions. Something like:
>
>
> Click here To unsubscribe you from the  :
>
> - link to unsubscribe
>
>
>
> That way users will stop asking to be unsubscribed.. and any users not
> knowing which alias was subscribed to the list wouldn't need to look
> into the source of his email.
>
>
> Apache Infra can do that but only after we got consensus from the
> community, for that I'm starting a vote.
>
> Please indicate your vote with a +1 or -1. In case of a -1 please
> indicate your reasoning for such.
>
>
>
> Here goes my +1 Binding Vote.
>
>
>
>
> --
> Clebert Suconic

Re: Disable stack traces on HTTP Transport

[Jean-Baptiste Onofré]

Hi Colm

Let me check but I don't think so.

Can you please create a Jira ? I will fix that.

Thanks !
Regards
JB

On Fri, May 17, 2024 at 12:39 PM Colm O hEigeartaigh
 wrote:
>
> Hi,
>
> Is there a way to disable stack traces being returned with the HTTP
> Transport. Using 5.18.x I configure AMQ with   name="http" uri="http://localhost:12345"/
>
> Then with curl if I post some XML data I get:
>
> 
> 
> 
> Error 500
> com.thoughtworks.xstream.security.ForbiddenClassException:
> jdk.nashorn.internal.objects.NativeString
> 
> HTTP ERROR 500
> com.thoughtworks.xstream.security.ForbiddenClassException:
> jdk.nashorn.internal.objects.NativeString
> 
> URI:/
> STATUS:500
> MESSAGE:com.thoughtworks.xstream.security.ForbiddenClassException:
> jdk.nashorn.internal.objects.NativeString
> SERVLET:org.apache.activemq.transport.http.HttpTunnelServlet-1fdca564
> CAUSED 
> BY:com.thoughtworks.xstream.security.ForbiddenClassException:
> jdk.nashorn.internal.objects.NativeString
> 
> Caused 
> by:com.thoughtworks.xstream.security.ForbiddenClassException:
> jdk.nashorn.internal.objects.NativeString
> at 
> com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
>
> etc.
>
> It's a bad practice from a security point of view to return detailed
> error messages to clients. I didn't see an obvious way of turning this
> off though.
>
> Colm.

Re: [VOTE] ActiveMQ Artemis 2.34.0 release

[Jean-Baptiste Onofré]

+1 (binding)

Regards
JB

On Wed, May 29, 2024 at 7:42 PM Clebert Suconic
 wrote:
>
> I would like to propose an Apache ActiveMQ Artemis 2.34.0 release.
>
>
> I would like to highlight the following improvements as part of this release:
>
> * https://issues.apache.org/jira/browse/ARTEMIS-4758 - Extensive
> resiliency tests and hardening on Mirroring.
> * https://issues.apache.org/jira/browse/ARTEMIS-4773 - Paging
> performance improvements on sync.
> * https://issues.apache.org/jira/browse/ARTEMIS-4306 - Statics about
> security events
> * https://issues.apache.org/jira/browse/ARTEMIS-4675 - Replication
> status metrics
>
>
> For a full release notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920=12354426
>
> The commit report:
> https://activemq.apache.org/components/artemis/download/commit-report-2.34.0
>
> Source and binary distributions can be found here:
> https://dist.apache.org/repos/dist/dev/activemq/activemq-artemis/2.34.0/
>
>
> The Maven staged repository is here:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1396
>
> If you would like to validate the release:
> https://activemq.apache.org/components/artemis/documentation/hacking-guide/#validating-releases
>
>
> It is tagged in the git repo as 2.34.0
>
> If you could please vote as usually:
>
> [ ] +1 approve this release
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
> For additional commands, e-mail: dev-h...@activemq.apache.org
> For further information, visit: https://activemq.apache.org/contact
>
>

-
To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
For additional commands, e-mail: dev-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact

Re: ASF board report due by Tues, April 9 - new procedure, please read

[Jean-Baptiste Onofré]

Hi Bruce,

I created a new draft (based on yours) containing ActiveMQ "classic" details.

Regards
JB

On Mon, Apr 1, 2024 at 3:48 PM Bruce Snyder  wrote:
>
> Hi folks,
>
> It is that time once again to assemble the latest ASF board report. As
> mentioned previously, I would like us to begin using the Reporter tool to
> assemble reports to the ASF board. The idea being that anyone with access
> to the Reporter tool can log in and enter their contributions directly to a
> given report. We will no longer be assembling the report using git.
>
> As you contribute to the report, you can reflow sections and then save your
> contributions as a draft. This will leave the report in draft form (i.e.
> not published). When the report is due, the PMC chair will log in to
> Reporter to review and finalize the report as well as publish it to Whimsy.
>
> So, please log in to the Reporter tool via the following URL and begin
> entering your contributions to this month's report and save them as a draft.
>
> https://reporter.apache.org/wizard/?activemq
>
> As noted above and previously, while logged in to the Reporter tool, please
> DO NOT click the 'Publish to Whimsy' button.
>
> Please let me know if you have any questions.
>
> Bruce
>
> --
> perl -e 'print
> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E http://bsnyder.org/ 

Re: Disable stack traces on HTTP Transport

[Jean-Baptiste Onofré]

Hi Colm,

Thanks ! I will work on this :)

Regards
JB

On Mon, May 20, 2024 at 1:08 PM Colm O hEigeartaigh  wrote:
>
> Thanks JB, here it is: https://issues.apache.org/jira/browse/AMQ-9503
>
> Colm.
>
> On Fri, May 17, 2024 at 5:22 PM Jean-Baptiste Onofré  
> wrote:
> >
> > Hi Colm
> >
> > Let me check but I don't think so.
> >
> > Can you please create a Jira ? I will fix that.
> >
> > Thanks !
> > Regards
> > JB
> >
> > On Fri, May 17, 2024 at 12:39 PM Colm O hEigeartaigh
> >  wrote:
> > >
> > > Hi,
> > >
> > > Is there a way to disable stack traces being returned with the HTTP
> > > Transport. Using 5.18.x I configure AMQ with   > > name="http" uri="http://localhost:12345"/
> > >
> > > Then with curl if I post some XML data I get:
> > >
> > > 
> > > 
> > > 
> > > Error 500
> > > com.thoughtworks.xstream.security.ForbiddenClassException:
> > > jdk.nashorn.internal.objects.NativeString
> > > 
> > > HTTP ERROR 500
> > > com.thoughtworks.xstream.security.ForbiddenClassException:
> > > jdk.nashorn.internal.objects.NativeString
> > > 
> > > URI:/
> > > STATUS:500
> > > MESSAGE:com.thoughtworks.xstream.security.ForbiddenClassException:
> > > jdk.nashorn.internal.objects.NativeString
> > > SERVLET:org.apache.activemq.transport.http.HttpTunnelServlet-1fdca564
> > > CAUSED 
> > > BY:com.thoughtworks.xstream.security.ForbiddenClassException:
> > > jdk.nashorn.internal.objects.NativeString
> > > 
> > > Caused 
> > > by:com.thoughtworks.xstream.security.ForbiddenClassException:
> > > jdk.nashorn.internal.objects.NativeString
> > > at 
> > > com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
> > >
> > > etc.
> > >
> > > It's a bad practice from a security point of view to return detailed
> > > error messages to clients. I didn't see an obvious way of turning this
> > > off though.
> > >
> > > Colm.

Re: Report to the ASF board for July

[Jean-Baptiste Onofré]

Sorry, I forgot to send an update on the mailing list: I added the
activemq-classic section.

Thanks for submitting the report !

Regards
JB

On Tue, Jul 9, 2024 at 6:14 PM Bruce Snyder  wrote:
>
> The report is looking very thin and it needs to be submitted by tomorrow at
> the very latest.
>
> Please contribute to the report today before end of business PDT!
>
> Bruce
>
> On Mon, Jul 1, 2024 at 3:36 PM Bruce Snyder  wrote:
>
> > It's time to assemble the latest report to the board. Let's aim to submit
> > this report by July 9.
> >
> > Please log in to the Reporter tool via the following URL, begin entering
> > your contributions and then be sure to save your contributions as a draft.
> > Please DO NOT PUBLISH the report yet.
> >
> > https://reporter.apache.org/wizard/?activemq
> >
> > PLEASE NOTE: While logged in to the Reporter tool, please DO NOT click the
> > 'Publish to Whimsy' button. I will plan to review and submit the report on
> > July 9.
> >
> > Please let me know if you have any questions.
> >
> > Bruce
> > --
> > perl -e 'print
> > unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E >
>
>
> --
> perl -e 'print
> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61Ehttps://activemq.apache.org/contact

Re: [VOTE] Apache ActiveMQ "Classic" 5.18.5 release

[Jean-Baptiste Onofré]

+1 (binding)

Regards
JB

On Sat, Jul 20, 2024 at 9:28 AM Jean-Baptiste Onofré  wrote:
>
> Hi everyone,
>
> I submit Apache ActiveMQ "Classic" 5.18.5 release to your vote.
>
> This release includes 20 fixes and updates, especially:
> - fixes on the Message REST API
> - fix ClassNotFoundException on the runtimeConfigurationPlugin
> - Spring 5.3.37 update fixing CVE-2024-22262
> - fix NoClassDefFound on bin/activemq export command line
> - several dependency updates
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354398
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1398/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.5/
>
> Git tag: activemq-5.18.5
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] 0 I don't care
> [ ] -1 Don't approve the release (please provide specific comment)
>
> This vote will be open for at least 72 hours.
>
> Thanks!
> Regards
> JB

-
To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
For additional commands, e-mail: dev-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact

[RESULT][VOTE] Apache ActiveMQ "Classic" 5.18.5 release

[Jean-Baptiste Onofré]

Hi everyone,

this vote passed with the following result:

+1 (binding): Matt Pavlovich, Christopher Shannon, JB Onofré, Tim
Bish, Clebert Suconic
+1 (non binding): Ken Liao, Jean-Louis Monteiro, Jamie Goodyear

I'm promoting the artifacts on dist.apache.org and Maven Central. I
will update Jira and announce the release.

Thanks all for your vote!

Regards
JB

On Sat, Jul 20, 2024 at 9:28 AM Jean-Baptiste Onofré  wrote:
>
> Hi everyone,
>
> I submit Apache ActiveMQ "Classic" 5.18.5 release to your vote.
>
> This release includes 20 fixes and updates, especially:
> - fixes on the Message REST API
> - fix ClassNotFoundException on the runtimeConfigurationPlugin
> - Spring 5.3.37 update fixing CVE-2024-22262
> - fix NoClassDefFound on bin/activemq export command line
> - several dependency updates
>
> You can take a look on Release Notes for details:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354398
>
> Maven Staging Repository:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1398/
>
> Dist Staging Repository:
> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.5/
>
> Git tag: activemq-5.18.5
>
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] 0 I don't care
> [ ] -1 Don't approve the release (please provide specific comment)
>
> This vote will be open for at least 72 hours.
>
> Thanks!
> Regards
> JB

-
To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
For additional commands, e-mail: dev-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact

[ANN] Apache ActiveMQ 5.18.5 has been released!

[Jean-Baptiste Onofré]

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.18.5 release.

It's a maintenance release on the ActiveMQ 5.18.x series, bringing:
- Fix 500 Server Error while polling empty destination via Message REST
- Fix ClassNotFoundException when using runtimeConfigurationPlugin with Java 17
- Spring 5.3.37 update
- Jetty 9.4.55.v20240627 update
- Jackson 2.17.2 update
- several bug fixes/improvements and much more!

You can find details on the Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354398

You can download ActiveMQ 5.18.5 here:
https://activemq.apache.org/components/classic/download/

Enjoy!

Regards
--
The Apache ActiveMQ team

-
To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
For additional commands, e-mail: dev-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact

[VOTE] Apache ActiveMQ "Classic" 5.18.5 release

[Jean-Baptiste Onofré]

Hi everyone,

I submit Apache ActiveMQ "Classic" 5.18.5 release to your vote.

This release includes 20 fixes and updates, especially:
- fixes on the Message REST API
- fix ClassNotFoundException on the runtimeConfigurationPlugin
- Spring 5.3.37 update fixing CVE-2024-22262
- fix NoClassDefFound on bin/activemq export command line
- several dependency updates

You can take a look on Release Notes for details:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354398

Maven Staging Repository:
https://repository.apache.org/content/repositories/orgapacheactivemq-1398/

Dist Staging Repository:
https://dist.apache.org/repos/dist/dev/activemq/activemq/5.18.5/

Git tag: activemq-5.18.5

Please vote to approve this release:
[ ] +1 Approve the release
[ ] 0 I don't care
[ ] -1 Don't approve the release (please provide specific comment)

This vote will be open for at least 72 hours.

Thanks!
Regards
JB

-
To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
For additional commands, e-mail: dev-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact

Re: [VOTE] Apache ActiveMQ Artemis 2.36.0 release

[Jean-Baptiste Onofré]

+1 (binding)

Regards
JB

On Fri, Jul 26, 2024 at 2:00 AM Clebert Suconic
 wrote:
>
> I would like to propose an Apache ActiveMQ Artemis 2.36.0 release.
>
>
> I would like to highlight the following:
>
> * Numerous dependency upgrades triggered by integration with GitHub's
> Dependabot.
> * Stability improvement for use-cases involving slower IO devices
> (e.g. NFS) and the NIO journal via
> https://issues.apache.org/jira/browse/ARTEMIS-4949
> * Code optimization in the address manager to decrease CPU utilization
> and increase broker scalability for use-cases involving a large number
> of addresses and queues courtesy of
> https://issues.apache.org/jira/browse/ARTEMIS-4814
> * Stability improvement for use-cases involving STOMP clients
> connecting over WebSockets via
> https://issues.apache.org/jira/browse/ARTEMIS-3509.
> * Lots of internal "code gardening" improvements for developers to
> make the code-base simpler and more consistent.
>
>
>
> The release notes can be found here:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version==12315920
>
>
> Ths git commit report is here:
> https://activemq.apache.org/components/artemis/download/commit-report-2.36.0
>
>
> Source and binary distributions can be found here:
> https://dist.apache.org/repos/dist/dev/activemq/activemq-artemis/2.36.0
>
>
> The Maven staging repository is here:
> https://repository.apache.org/content/repositories/orgapacheactivemq-1399
>
>
> If you would like to validate the release:
> https://activemq.apache.org/components/artemis/documentation/hacking-guide/#validating-releases
>
>
> It is tagged in the git repo as  2.36.0
>
>
> [ ] +1 approve this release
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
> For additional commands, e-mail: dev-h...@activemq.apache.org
> For further information, visit: https://activemq.apache.org/contact
>
>

-
To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
For additional commands, e-mail: dev-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact

[VOTE] Apache ActiveMQ Classic 6.1.3 release

[Jean-Baptiste Onofré]

Hi everyone,

I submit Apache ActiveMQ Classic 6.1.3 release to your vote.

This release includes 16 fixes and updates, especially:
- add a BoM
- fixes on the Message REST API, especially concurrent access
- Spring 6.1.11 update
- fix NoClassDefFound on bin/activemq export command line
- several dependency updates

You can take a look on Release Notes for details:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210=12354559

Maven Staging Repository:
https://repository.apache.org/content/repositories/orgapacheactivemq-1400/

Dist Staging Repository:
https://dist.apache.org/repos/dist/dev/activemq/activemq/6.1.3/

Git tag: activemq-6.1.3

Please vote to approve this release:
[ ] +1 Approve the release
[ ] 0 I don't care
[ ] -1 Don't approve the release (please provide specific comment)

This vote will be open for at least 72 hours.

Thanks!
Regards
JB

-
To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
For additional commands, e-mail: dev-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact