Return-Path: Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: (qmail 57643 invoked from network); 8 Jul 2010 15:38:47 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 8 Jul 2010 15:38:47 -0000 Received: (qmail 8301 invoked by uid 500); 8 Jul 2010 15:38:47 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 8253 invoked by uid 500); 8 Jul 2010 15:38:46 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 8245 invoked by uid 99); 8 Jul 2010 15:38:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jul 2010 15:38:46 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jul 2010 15:38:44 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o68FUqVr019746 for ; Thu, 8 Jul 2010 15:30:53 GMT Message-ID: <27753516.35991278603052331.JavaMail.jira@thor> Date: Thu, 8 Jul 2010 11:30:52 -0400 (EDT) From: "James Casey (JIRA)" To: dev@activemq.apache.org Subject: [jira] Created: (AMQ-2817) STOMP headers need sanitization MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: ae95407df07c98740808b2ef9da0087c X-Virus-Checked: Checked by ClamAV on apache.org STOMP headers need sanitization ------------------------------- Key: AMQ-2817 URL: https://issues.apache.org/activemq/browse/AMQ-2817 Project: ActiveMQ Issue Type: Bug Components: Transport Affects Versions: 5.3.2 Reporter: James Casey Currently STOMP on a SEND extracts out the JMS headers and put the rest of the headers into the message properties. If a STOMP consumer starts to consume the messages, the JMS fields are put into the header and the the properties are put in. This can lead to a situation where if the client has provided a header that it shouldn't have (e.g. message-id) it overwrites the one provided by the broker. This can lead to problems with e.g. ACKs where the wrong message-id is sent back. This patch sanitizes all headers for a MESSAGE frame when they come into the broker so they never get set in the properties. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.