ActiveMQ releases - releaseport

Upgrade now

activemq-5.19.7 Breaking risk 7d

Dependencies

Remove java.lang serialization

Open

Review required

activemq-6.2.6 Breaking risk 7d

Auth RBAC RCE / SSRF

Serializable package removal + hardened access

patches CVE-2016-3088 patches CVE-2016-4437 patches CVE-2021-39144 +5 more

Open

activemq-5.19.6 Security relevant 1mo

Security fixes

XBeanBrokerFactory URL protocol type restrictions
Remote file filtering for XBeanBrokerFactory

Full changelog

What's Changed

Bump to 5.19.6-SNAPSHOT version by @jbonofre in https://github.com/apache/activemq/pull/1893
[5.19.x] SSL handshake write timeout enforcement (#1883) by @cshannon in https://github.com/apache/activemq/pull/1896
[5.19.x] Minor bug fix for BrokerView#validateAllowedUri (#1900) by @cshannon in https://github.com/apache/activemq/pull/1903
[5.19.x] Restrict URL protocol types loaded by XBeanBrokerFactory (#1910) by @cshannon in https://github.com/apache/activemq/pull/1916
[5.19.x] Make brokerName immutable in RegionBroker (#1917) by @cshannon in https://github.com/apache/activemq/pull/1924
[5.19.x] Add Http discovery transport to denied list for JMX (#1918) by @cshannon in https://github.com/apache/activemq/pull/1926
[5.19.x] Update resource cleanup on queueBrowse servlet (#1912) by @cshannon in https://github.com/apache/activemq/pull/1927
[5.19.x] Update DestinationView uri resolution (#1914) by @cshannon in https://github.com/apache/activemq/pull/1929
fix(webconsole): the webconsole now redirect to the slave.jsp when required [5.19.x] by @jbonofre in https://github.com/apache/activemq/pull/1936
[5.19.x] Queue browse improvements in webconsole (#1938) by @cshannon in https://github.com/apache/activemq/pull/1943
[5.19.x] Add more transport types to the denied list for JMX (#1949) by @cshannon in https://github.com/apache/activemq/pull/1953
[5.19.x] Add remote file filtering for XBeanBrokerFactory (#1950) by @cshannon in https://github.com/apache/activemq/pull/1955

Full Changelog: https://github.com/apache/activemq/compare/activemq-5.19.5...activemq-5.19.6

View release on GitHub

activemq-6.2.5 Security relevant 1mo

Security fixes

XBeanBrokerFactory URL protocol type restrictions
Remote file filtering for XBeanBrokerFactory

Full changelog

What's Changed

Bump to 6.2.5-SNAPSHOT version by @jbonofre in https://github.com/apache/activemq/pull/1892
[6.2.x] SSL handshake write timeout enforcement (#1883) by @cshannon in https://github.com/apache/activemq/pull/1894
[6.2.x] Minor bug fix for BrokerView#validateAllowedUri (#1900) by @cshannon in https://github.com/apache/activemq/pull/1902
[6.2.x] Restrict URL protocol types loaded by XBeanBrokerFactory (#1910) by @cshannon in https://github.com/apache/activemq/pull/1915
compilation-fix by @cshannon in https://github.com/apache/activemq/pull/1919
[6.2.x] Make brokerName immutable in RegionBroker (#1917) by @cshannon in https://github.com/apache/activemq/pull/1923
[6.2.x] Add Http discovery transport to denied list for JMX (#1918) by @cshannon in https://github.com/apache/activemq/pull/1925
[6.2.x] Update resource cleanup on queueBrowse servlet (#1912) by @cshannon in https://github.com/apache/activemq/pull/1928
[6.2.x] Update DestinationView uri resolution (#1914) by @cshannon in https://github.com/apache/activemq/pull/1930
fix(webconsole): the webconsole now redirect to the slave.jsp when required (slave broker with startAsync="true") [6.2.x] by @jbonofre in https://github.com/apache/activemq/pull/1934
[6.2.x] Queue browse improvements in webconsole (#1938) by @cshannon in https://github.com/apache/activemq/pull/1942
[6.2.x] Add more transport types to the denied list for JMX (#1949) by @cshannon in https://github.com/apache/activemq/pull/1952
[6.2.x] Add remote file filtering for XBeanBrokerFactory (#1950) by @cshannon in https://github.com/apache/activemq/pull/1954