Return-Path: X-Original-To: apmail-activemq-dev-archive@www.apache.org Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2D32718A23 for ; Mon, 7 Dec 2015 10:04:44 +0000 (UTC) Received: (qmail 35961 invoked by uid 500); 7 Dec 2015 10:04:44 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 35904 invoked by uid 500); 7 Dec 2015 10:04:43 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 35892 invoked by uid 99); 7 Dec 2015 10:04:43 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Dec 2015 10:04:43 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 3C5AA1A0866 for ; Mon, 7 Dec 2015 10:04:43 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.751 X-Spam-Level: *** X-Spam-Status: No, score=3.751 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=3, KAM_INFOUSMEBIZ=0.75, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id z9ycV2vs8xRM for ; Mon, 7 Dec 2015 10:04:30 +0000 (UTC) Received: from mail-ob0-f177.google.com (mail-ob0-f177.google.com [209.85.214.177]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 2316920DB9 for ; Mon, 7 Dec 2015 10:04:29 +0000 (UTC) Received: by obbnk6 with SMTP id nk6so111375801obb.2 for ; Mon, 07 Dec 2015 02:04:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=ugkCv0mt/ixt3Cf1k5Nzo2qOQIVisI7YmgMb7/1OOEI=; b=u+FxqfQ1gKkmGvceFpWeMvO9m77l6q+VWvwYxmVbp2Oqr26RJ9LwDf8bMhtIjFGKc0 rs3GBPR20i3Ib1nU0cXAMKc7/UONDqLshUqHzpxrCykw2ldp1/qBW8i30EblSwBzoo/I yEZerDsPl8hFWLOQJMET2u5zTwFjQeJWvca9F/C7HukyenxMWgdIS7UdvHsDsaI+7cw3 lUPwClLFB06Z32LCbXQEeI4UBj3nEo7OoQ5hkPkBgut+0PHoPdF7pb+zDJiHA0c8htAz xqCskuh4KRxCvSCBMW0289dhrtoN2eOoLOXvVXYQ270pZYktE05oAMXUErJh4Rj6abUp k7lg== MIME-Version: 1.0 X-Received: by 10.182.251.130 with SMTP id zk2mr17998294obc.57.1449482661640; Mon, 07 Dec 2015 02:04:21 -0800 (PST) Sender: chubrilo@gmail.com Received: by 10.60.48.8 with HTTP; Mon, 7 Dec 2015 02:04:21 -0800 (PST) In-Reply-To: References: Date: Mon, 7 Dec 2015 11:04:21 +0100 X-Google-Sender-Auth: I4gUu4Z27NBMStsO-q2XzxzgVBo Message-ID: Subject: Re: [ANNOUNCE] Apache ActiveMQ 5.13.0 Released From: Dejan Bosanac To: "dev@activemq.apache.org" Content-Type: multipart/alternative; boundary=089e01634c2a27bfca05264bfbc2 --089e01634c2a27bfca05264bfbc2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Claus, restrictions were necessary for the CVE that was reported. We=E2=80=99re ab= out to disclose it fully now after the release. AFAIK the change should not affect ObjectMessages in general, just the cases where those objects are serialized/unserialized inside of the broker, like web console or stomp transformations. I=E2=80=99ll create a proper doc= s for the change now and the security aspect of it and we can see later whet else we can do to improve the user experience. Are there any Camel related tests that fails due to this change? I can take a look at that as well. Regards -- Dejan Bosanac about.me/dejanb On Sat, Dec 5, 2015 at 11:19 AM, Claus Ibsen wrote: > I really think you guys should add something about those object > serialization resitrcitions. Any end users that uses java objects over > JMS is affected. Nothing works anymore. > > Its because of > https://issues.apache.org/jira/browse/AMQ-6013 > > So there should be some text in the release notes, and ideally AMQ > broker / client should have some kind of INFO logging that openwire > with objects is restricted or not. Otherwise its even harder for end > users to spot what is going on. > > > > On Fri, Dec 4, 2015 at 3:57 PM, Timothy Bish wrote: > > It's probably a good idea to add a new page in the "New Features" secti= on > > on the site to cover the additions in 5.13.0. I know you added the > 'auto' > > transport along with some other work for some additional metrics etc, a= ll > > good things that would be nice to advertise a bit. > > > > See: http://activemq.apache.org/new-features.html > > > > On Thu, Dec 3, 2015 at 3:51 PM, Christopher Shannon < > > christopher.l.shannon@gmail.com> wrote: > > > >> Hi everyone, > >> > >> Apache ActiveMQ 5.13.0 has now been released. > >> > >> This release contains a number of resolved issues and new features sin= ce > >> the 5.12.1 release. > >> > >> A list of issues resolved in this release is available here: > >> > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=3D123112= 10&version=3D12329848 > >> > >> The Wiki page for the release is here: > >> http://activemq.apache.org/activemq-5130-release.html > >> > >> API documentation for 5.12.1 is located here: > >> http://activemq.apache.org/maven/5.13.0/apidocs/index.html > >> > > > > > > > > -- > > -- > > Tim Bish > > > > -- > Claus Ibsen > ----------------- > http://davsclaus.com @davsclaus > Camel in Action 2: https://www.manning.com/ibsen2 > --089e01634c2a27bfca05264bfbc2--