activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Timothy Bish <tabish...@gmail.com>
Subject Re: [VOTE] Apache ActiveMQ Artemis 2.6.0
Date Sat, 19 May 2018 14:27:19 GMT
On 05/18/2018 06:24 PM, Michael André Pearce wrote:
> Hi All,
>
> On upgrading to 2.5.0 we have found quite a blocking issue to 2.5.0 for anyone who secures
durable queue creation so clients cannot create, but doesn’t secure non-durable.
>
> https://issues.apache.org/jira/browse/ARTEMIS-1872
>
> In summary prior to 2.5.0 the security check incorrectly always checked for security
rights for non-durable, even if the queue was a durable, this was security hole was fixed
in 2.5.0, but a knock on effect is it has highlighted/exposed some logic issues in the CoreClient
and also in AMQP and OpenWire protocol managers, where in some cases a queue is not check
for being present before calling create queue, meaning if user is not allowed to create a
queue, but is allowed to consume, and the queue exists, the client still cannot consume, as
the code tries to create and throws exception.
>
> We have created a test case that re-creates the issues, and also a possible solution
its in PR here.
>
> https://github.com/apache/activemq-artemis/pull/2093
>
> Whilst it is not technically caused by any changes in the just created RC for 2.6.0 since
2.5.0, i think the severity/impact of this may deem it worthy to fix, and re-spin.
>
> Cheers
> Mike

This seems like a good opportunity to practice turning around a quick 
2.6.1 release as this is not a blocking issue given it's been in the 
code for quite some time already.


>> On 17 May 2018, at 20:02, Christopher Shannon <christopher.l.shannon@gmail.com>
wrote:
>>
>> +1
>>
>> On Thu, May 17, 2018 at 2:51 PM, Timothy Bish <tabish121@gmail.com> wrote:
>>
>>> On 05/16/2018 10:49 PM, Clebert Suconic wrote:
>>>
>>>> I would like to propose an Apache ActiveMQ Artemis 2.6.0 release.
>>>>
>>>> The release notes can be found here:
>>>>
>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?versi
>>>> on=12342903&&projectId=12315920
>>>>
>>>> There is a new commits report I made that I'm introducing on this release:
>>>> https://dist.apache.org/repos/dist/dev/activemq/activemq-art
>>>> emis/2.6.0/artemis-2.6.0.html
>>>>
>>>> Source and binary distributions can be found here:
>>>> https://dist.apache.org/repos/dist/dev/activemq/activemq-artemis/2.6.0
>>>>
>>>> The Maven repository is here:
>>>> https://repository.apache.org/content/repositories/orgapacheactivemq-1157
>>>>
>>>> In case you want to give it a try with the maven repo on examples:
>>>> http://activemq.apache.org/artemis/docs/latest/hacking-guide
>>>> /validating-releases.html
>>>>
>>>> The source tag:
>>>> https://git-wip-us.apache.org/repos/asf?p=activemq-artemis.g
>>>> it;a=tag;h=refs/tags/2.6.0
>>>>
>>>> I will update the website after the vote has passed.
>>>>
>>>>
>>>> [ ] +1 approve the release as Apache Artemis 2.4.0
>>>> [ ] +0 no opinion
>>>> [ ] -1 disapprove (and reason why)
>>>>
>>>>
>>>> Here's my +1
>>>> .
>>>>
>>>>
>>> +1
>>>
>>> * Validate the signatures and checksums
>>> * Review license and notice files in the archives
>>> * Build from source and ran some of the tests
>>> * Ran binary broker and ran some samples and performance tests against it
>>> * Used mvn apache-rat:check to validate license headers in place
>>>
>>>
>>> --
>>> Tim Bish
>>> twitter: @tabish121
>>> blog: http://timbish.blogspot.com/
>>>
>>>
>

-- 
Tim Bish
twitter: @tabish121
blog: http://timbish.blogspot.com/


Mime
View raw message