AW: Disabled authentication ActiveMQ Classic Webapps since V6.x

Hi JB Thank you so much. Very appreciated. Best regards Martin -Ursprüngliche Nachricht- Von: Jean-Baptiste Onofré Gesendet: Donnerstag, 11. April 2024 07:25 An: users@activemq.apache.org Betreff: Re: Disabled authentication ActiveMQ Classic Webapps since V6.x H Martin For the trac

ActiveMQ Classic 5.18.4

Dear ActiveMQ committers, One question regarding 5.18.4: has this been released already? Looking at https://activemq.apache.org/components/classic/download/ I get confusing information: * The Schedule & Status table shows 5.18.4 as "Last" * Below this table I still see 5.18.3 Looking in

Re: Disabled authentication ActiveMQ Classic Webapps since V6.x

H Martin For the tracking, here's the Jira ticket: https://issues.apache.org/jira/browse/AMQ-9477 The fix has been merged. We will move forward with the 6.1.2 release including this. Thanks for the report. Regards JB On Wed, Apr 10, 2024 at 11:32 AM Zeissig, Martin wrote: > > Dear Community >

Re: Disabled authentication ActiveMQ Classic Webapps since V6.x

Hi We can consider a bug. The reason of the change is because Jetty 11 doesn’t handle the patterns the same way as Jetty 9. So what we had as security constraint in Jetty 9 doesn’t work in Jetty 11. Jetty 11 doesn’t allow wildcard matching the same way. I will fix that by securing the root cont

Re: Disabled authentication ActiveMQ Classic Webapps since V6.x

Hi Thanks for the report. Don’t worry about Jira and such I will do it for you. I will work on a fix and submit 6.1.2 to vote asap. Regards JB Le mer. 10 avr. 2024 à 14:05, Zeissig, Martin a écrit : > Hi Vilius > > It's first time for me reporting issues to Apache and I must create > Account

AW: Disabled authentication ActiveMQ Classic Webapps since V6.x

Hi Vilius It's first time for me reporting issues to Apache and I must create Account for Jira first. May I ask you or anyone else to create an official ticket? I am also not sure if it should better be reported as vulnerability (https://www.apache.org/security/#reporting-a-vulnerability). Beca

RE: Disabled authentication ActiveMQ Classic Webapps since V6.x

You should probably create a bug ticket first :) -- Vilius -Original Message- From: Zeissig, Martin Sent: Wednesday, April 10, 2024 2:46 PM To: users@activemq.apache.org Subject: AW: Disabled authentication ActiveMQ Classic Webapps since V6.x Hi Vilius Thanks for confirmation. Lo

AW: Disabled authentication ActiveMQ Classic Webapps since V6.x

Hi Vilius Thanks for confirmation. Looking forward to see the fix in next releases ;) Best regards -Ursprüngliche Nachricht- Von: Vilius Šumskas Gesendet: Mittwoch, 10. April 2024 13:34 An: users@activemq.apache.org Betreff: RE: Disabled authentication ActiveMQ Classic Webapps since V

RE: Disabled authentication ActiveMQ Classic Webapps since V6.x

Hi, oh, I remember this. This is exactly what I did in https://github.com/apache/activemq/commit/c67ada04c77e9379ef25ac62d5ea1fcf20cf8b8f , and at least /admin endpoint was tested and was properly protected after that fix. However, I see that configuration went through couple of changes again

Disabled authentication ActiveMQ Classic Webapps since V6.x

Dear Community I have updated from ActiveMQ Classic 5.x to 6.1.1. Since update to 6.1.1 the API (webapps jolokia) is unprotected and can be accessed without basic authentication: Example: http://localhost:8161/api In previous ActiveMQ Classic versions (5.x) the API was protected with authentic

R: Possibility to remove "expiry-address" setting its value to ""

I've tested it now (setting the corresponding value on the Artemis CRD to ""), and it works. The resulting broker.xml contains: Many thanks Andrea Da: Justin Bertram Inviato: martedì 9 aprile 2024 20:45 A: users@activemq.apache.or