Re: MDB Activation Properties
Hey Alex, Would be great to get a doc update PR ;-) Thanks Richard > Am 09.07.2024 um 11:02 schrieb Alex The Rocker : > > What a "funny" coincidence! > > Today I was investigating ways of setting up JMS parameters in TomEE, > and I too found quite outdated (if not in contradiction) pages. > > This say understatement: "there's plenty of improvement opportunity in > TomEE JMS-related documentation"... > > I'll see if I can recap all the "gotchas" which I found... > > Alex > > Le mar. 9 juil. 2024 à 10:28, Richard Zowalla a écrit : >> >> Hi, >> >> at a first glance, it looks like the docs are just out-dated. >> >> I would check the docs of the latest activemq (classic) version used in >> TomEE 8 and compare, if these properties are still available or have >> changed: >> https://activemq.apache.org/components/classic/documentation/redelivery-policy >> >> Gruß >> Richard >> >> On 2024/06/17 11:47:31 chege wrote: >>> Hi, >>> >>> I have tried deploying this mdb in tomee 8.0.15 but keeps failing. >>> >>> MDB >>> >>> @MessageDriven(activationConfig = { >>>@ActivationConfigProperty(propertyName = "useJndi", propertyValue = >>> "false"), >>>@ActivationConfigProperty(propertyName = "destination", >>> propertyValue = "getnews"), >>>@ActivationConfigProperty(propertyName = "destinationType", >>> propertyValue = "javax.jms.Queue"), >>>@ActivationConfigProperty(propertyName = "initialRedeliveryDelay", >>> propertyValue = "6"), >>>@ActivationConfigProperty(propertyName = "maximumRedeliveries", >>> propertyValue = "20"), >>>@ActivationConfigProperty(propertyName = >>> "redeliveryBackOffMultiplier", propertyValue = "2"), >>>@ActivationConfigProperty(propertyName = >>> "redeliveryUseExponentialBackOff", propertyValue = "true") >>> }) >>> public class A implements MessageListener { >>> >>>@Override >>>public void onMessage(Message msg) { >>> >>> >>> >>>} >>> >>> } >>> >>> >>> tomee.xml >>> >>> >>> # Do not start the embedded ActiveMQ broker >>> BrokerXmlConfig = >>> ServerUrl = tcp://localhost:61616 >>> >>> >>> Error: >>> >>> Caused by: org.apache.openejb.OpenEJBException: Unable to create >>> activation spec: No setter found for the activation spec properties: >>> [RedeliveryUseExponentialBackOff, redeliveryBackOffMultiplier] >>> >>> >>> Acccording to the error [redeliveryBackOffMultiplier, >>> redeliveryUseExponentialBackOff] are unknown. >>> >>> I am refering to this documentation >>> https://tomee.apache.org/latest/docs/jms-resources-and-mdb-container.html >>> >>> What I am doing wrong? >>> >>> Chege >>> >>>
Re: CVE-2024-34750
To clarify a bit more: Feel free to provide a PR backporting the required changes (may also be relevant for bouncycastle). We have recently updated our download page and now explicitly state: "SECURITY NOTICE: This software is developed and maintained by unpaid volunteers who donate time as they have it. There is no guarantee security vulnerabilities will be fixed on any timeline or at all." In addition, there is the option to contact the vendors listed in [1] if enterprise-level support is required, or to support the active community in the ways already discussed on this list. [1] https://tomee.apache.org/community/commercial.html On 2024/07/09 08:21:12 Richard Zowalla wrote: > Hello, > > most likely yes (haven't checked in detail). > > Personally, I'm not going to port anything back to TomEE 9.x as I'm currently > focused on 10.x work. However, I am available to review any community driven > patches/initiatives via PRs targeting tomee-9.x branch. > > Best regards > Richard > > On 2024/07/09 08:10:59 COURTAULT Francois wrote: > > THALES GROUP LIMITED DISTRIBUTION to email recipients > > > > Hello everyone, > > > > TomEE 9.1.3 is based on Tomcat 10.0.27. > > So the question is: Is TomEE 9.1.3 vulnerable to this CVE ? > > If the answer is yes, will you provide a fix for Tomcat 10.0.27 which is > > not maintained anymore ? and so will you release a new TomEE 9.x version ? > > > > This CVE has been fixed by Tomcat 9.0.90+ and 10.1.25+. > > > > Best Regards. > > > > > > > > >
Re: MDB Activation Properties
What a "funny" coincidence! Today I was investigating ways of setting up JMS parameters in TomEE, and I too found quite outdated (if not in contradiction) pages. This say understatement: "there's plenty of improvement opportunity in TomEE JMS-related documentation"... I'll see if I can recap all the "gotchas" which I found... Alex Le mar. 9 juil. 2024 à 10:28, Richard Zowalla a écrit : > > Hi, > > at a first glance, it looks like the docs are just out-dated. > > I would check the docs of the latest activemq (classic) version used in TomEE > 8 and compare, if these properties are still available or have changed: > https://activemq.apache.org/components/classic/documentation/redelivery-policy > > Gruß > Richard > > On 2024/06/17 11:47:31 chege wrote: > > Hi, > > > > I have tried deploying this mdb in tomee 8.0.15 but keeps failing. > > > > MDB > > > > @MessageDriven(activationConfig = { > > @ActivationConfigProperty(propertyName = "useJndi", propertyValue = > > "false"), > > @ActivationConfigProperty(propertyName = "destination", > > propertyValue = "getnews"), > > @ActivationConfigProperty(propertyName = "destinationType", > > propertyValue = "javax.jms.Queue"), > > @ActivationConfigProperty(propertyName = "initialRedeliveryDelay", > > propertyValue = "6"), > > @ActivationConfigProperty(propertyName = "maximumRedeliveries", > > propertyValue = "20"), > > @ActivationConfigProperty(propertyName = > > "redeliveryBackOffMultiplier", propertyValue = "2"), > > @ActivationConfigProperty(propertyName = > > "redeliveryUseExponentialBackOff", propertyValue = "true") > > }) > > public class A implements MessageListener { > > > > @Override > > public void onMessage(Message msg) { > > > > > > > > } > > > > } > > > > > > tomee.xml > > > > > > # Do not start the embedded ActiveMQ broker > > BrokerXmlConfig = > > ServerUrl = tcp://localhost:61616 > > > > > > Error: > > > > Caused by: org.apache.openejb.OpenEJBException: Unable to create > > activation spec: No setter found for the activation spec properties: > > [RedeliveryUseExponentialBackOff, redeliveryBackOffMultiplier] > > > > > > Acccording to the error [redeliveryBackOffMultiplier, > > redeliveryUseExponentialBackOff] are unknown. > > > > I am refering to this documentation > > https://tomee.apache.org/latest/docs/jms-resources-and-mdb-container.html > > > > What I am doing wrong? > > > > Chege > > > >
Re: MDB Activation Properties
Hi, at a first glance, it looks like the docs are just out-dated. I would check the docs of the latest activemq (classic) version used in TomEE 8 and compare, if these properties are still available or have changed: https://activemq.apache.org/components/classic/documentation/redelivery-policy Gruß Richard On 2024/06/17 11:47:31 chege wrote: > Hi, > > I have tried deploying this mdb in tomee 8.0.15 but keeps failing. > > MDB > > @MessageDriven(activationConfig = { > @ActivationConfigProperty(propertyName = "useJndi", propertyValue = > "false"), > @ActivationConfigProperty(propertyName = "destination", > propertyValue = "getnews"), > @ActivationConfigProperty(propertyName = "destinationType", > propertyValue = "javax.jms.Queue"), > @ActivationConfigProperty(propertyName = "initialRedeliveryDelay", > propertyValue = "6"), > @ActivationConfigProperty(propertyName = "maximumRedeliveries", > propertyValue = "20"), > @ActivationConfigProperty(propertyName = > "redeliveryBackOffMultiplier", propertyValue = "2"), > @ActivationConfigProperty(propertyName = > "redeliveryUseExponentialBackOff", propertyValue = "true") > }) > public class A implements MessageListener { > > @Override > public void onMessage(Message msg) { > > > > } > > } > > > tomee.xml > > > # Do not start the embedded ActiveMQ broker > BrokerXmlConfig = > ServerUrl = tcp://localhost:61616 > > > Error: > > Caused by: org.apache.openejb.OpenEJBException: Unable to create > activation spec: No setter found for the activation spec properties: > [RedeliveryUseExponentialBackOff, redeliveryBackOffMultiplier] > > > Acccording to the error [redeliveryBackOffMultiplier, > redeliveryUseExponentialBackOff] are unknown. > > I am refering to this documentation > https://tomee.apache.org/latest/docs/jms-resources-and-mdb-container.html > > What I am doing wrong? > > Chege > >
Re: CVE-2024-34750
Hello, most likely yes (haven't checked in detail). Personally, I'm not going to port anything back to TomEE 9.x as I'm currently focused on 10.x work. However, I am available to review any community driven patches/initiatives via PRs targeting tomee-9.x branch. Best regards Richard On 2024/07/09 08:10:59 COURTAULT Francois wrote: > THALES GROUP LIMITED DISTRIBUTION to email recipients > > Hello everyone, > > TomEE 9.1.3 is based on Tomcat 10.0.27. > So the question is: Is TomEE 9.1.3 vulnerable to this CVE ? > If the answer is yes, will you provide a fix for Tomcat 10.0.27 which is not > maintained anymore ? and so will you release a new TomEE 9.x version ? > > This CVE has been fixed by Tomcat 9.0.90+ and 10.1.25+. > > Best Regards. > > > >
CVE-2024-34750
THALES GROUP LIMITED DISTRIBUTION to email recipients Hello everyone, TomEE 9.1.3 is based on Tomcat 10.0.27. So the question is: Is TomEE 9.1.3 vulnerable to this CVE ? If the answer is yes, will you provide a fix for Tomcat 10.0.27 which is not maintained anymore ? and so will you release a new TomEE 9.x version ? This CVE has been fixed by Tomcat 9.0.90+ and 10.1.25+. Best Regards.