AMQ 7 - 7.4.x Resolved Issues
Updated
The AMQ Broker 7.4.6 release is now available for download from the Customer Support Portal. AMQ Broker 7.4.6 is a patch release for AMQ Broker 7.4.0 and can be applied as a patch to an existing broker instance or can be used to create new broker instances. Note, AMQ Broker patches are cumulative and include fixes from previous patch releases as noted below.
The following issues have been resolved in the AMQ 7.4.6 release:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.ENTMQBR-3707 | CVE-2020-13932 mqtt-client: activemq: remote XSS in web console diagram plugin [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3923 | [LTS] AMQ 7.7 concurrent jolokia operations can incorrectly update artemis-roles.properties or artemis-users.properties | |
| Content from issues.jboss.org is not included.ENTMQBR-3972 | [LTS][ARTEMIS-2910] consider routing type annotations during node auto-creation for AMQP anonymous producers | |
| Content from issues.jboss.org is not included.ENTMQBR-4022 | [LTS] Temporary Queue Leak With OpenWire Request-Reply Clients | |
| Content from issues.jboss.org is not included.ENTMQBR-4075 | [LTS] Addresses that includes temporary queue keep to remain If the broker is shut down | |
| Content from issues.jboss.org is not included.ENTMQBR-4076 | [LTS] LegacyLDAPSecuritySettingPlugin ignore group changes | |
| Content from issues.jboss.org is not included.ENTMQBR-4132 | [LTS] RA doesn't use the RA specified prefix when setting up a destination | |
| Content from issues.jboss.org is not included.ENTMQBR-4168 | [LTS] shared durable subscriptions - unsubscribe() method does not remove the subscriber queue | |
| Content from issues.jboss.org is not included.ENTMQBR-4194 | [LTS] Server start exception before activation can cause a zombie broker | |
| Content from issues.jboss.org is not included.ENTMQBR-4318 | [LTS] NPE during broker initialization: getCreateDurableQueueRoles | |
| Content from issues.jboss.org is not included.ENTMQBR-4403 | [LTS] ARTEMIS-3037 JournalImpl#checkKnownRecordID() implementation can leave a thread hanging in WAITING state | |
| Content from issues.jboss.org is not included.ENTMQBR-4420 | [LTS] [ARTEMIS-2927] LVQ broken after restart | |
| Content from issues.jboss.org is not included.ENTMQBR-4421 | [LTS] Tests related to ttl messages are failed | |
| Content from issues.jboss.org is not included.ENTMQBR-4422 | [LTS] Audit message shows a wrong messages in the log | |
| Content from issues.jboss.org is not included.ENTMQBR-4423 | [LTS] Adding Wildcard Subscriptions Can Take Too Long, Resulting in Connections Closures Due to Exceeded KeepAlive | |
| Content from issues.jboss.org is not included.ENTMQBR-4424 | CVE-2020-27216 jetty: local temporary directory hijacking vulnerability [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-4425 | [LTS] Deleted scheduled message reappears after AMQ broker restart. | |
| Content from issues.jboss.org is not included.ENTMQBR-4426 | [LTS] Inconsistent and negative address size | |
| Content from issues.jboss.org is not included.ENTMQBR-4427 | [LTS] destination header replaced for wildcard address during paging | |
| Content from issues.jboss.org is not included.ENTMQBR-4428 | [LTS] [ARTEMIS-3004] Repeating WARN log message "Notified of connection failure" after every xa recovery when read-timeout is configure with a smaller value than default client-failure-check-period (30 seconds) | |
| Content from issues.jboss.org is not included.ENTMQBR-4429 | [LTS] Leak of HttpAcceptorHandler instances when using websocket connections | |
| Content from issues.jboss.org is not included.ENTMQBR-4430 | CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-4446 | [LTS] Inconsistencies between Replication Catchup and PagingStore.stopPaging(); |
The following issues have been resolved in the AMQ 7.4.5 release:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.ENTMQBR-3953 | [LTS] Wrong formatting Strings in class LoggingResultSet | |
| Content from issues.jboss.org is not included.ENTMQBR-3951 | [LTS] [JDBC-STORE] Adding index on txId | |
| Content from issues.jboss.org is not included.ENTMQBR-3950 | [LTS] JDBC store query append-to-file not correct for mysql | |
| Content from issues.jboss.org is not included.ENTMQBR-3949 | [LTS] DB2 isn't replacing Blob data | |
| Content from issues.jboss.org is not included.ENTMQBR-3916 | [LTS] Non-durable subscribers may stop receiving after failover | |
| Content from issues.jboss.org is not included.ENTMQBR-3869 | [LTS] CVE-2015-5183 Hawtio: HTTPOnly and Secure attributes not set on cookies [amq-7] | |
| Content from issues.jboss.org is not included.ENTMQBR-3866 | [LTS] different "audit logging message" between openwire & amqp protocol | |
| Content from issues.jboss.org is not included.ENTMQBR-3865 | [LTS] Enabling group rebalancing with default / non-zero consumer-window-size can lead to out-of-order message consumption | |
| Content from issues.jboss.org is not included.ENTMQBR-3864 | [LTS] Potential deadlock when destroying a queue and depaging concurrently | |
| Content from issues.jboss.org is not included.ENTMQBR-3863 | [LTS] Configuration-managed queues are being auto deleted | |
| Content from issues.jboss.org is not included.ENTMQBR-3862 | [LTS] LegacyLDAPSecuritySettingPlugin allows new user to access any newly created destinations | |
| Content from issues.jboss.org is not included.ENTMQBR-3861 | [LTS] JDBC XML config can't use custom password codec | |
| Content from issues.jboss.org is not included.ENTMQBR-3860 | [LTS] JVM property hawtio.role doesn't parse a role with space and hyphen | |
| Content from issues.jboss.org is not included.ENTMQBR-3859 | [LTS] LVQ + non-destructive not deliverying message to existing consumer | |
| Content from issues.jboss.org is not included.ENTMQBR-3858 | [LTS] Prometheus shows inconsistent figures in master-slave, shared-store configuration | |
| Content from issues.jboss.org is not included.ENTMQBR-3857 | [LTS] Met NPE when trying to export the messages | |
| Content from issues.jboss.org is not included.ENTMQBR-3856 | [LTS] Null pointer exception on queue update | |
| Content from issues.jboss.org is not included.ENTMQBR-3855 | [LTS] [EAP - postgresql115] java.sql.SQLException: Couldn't access org.postgresql.largeobject.LargeObject | |
| Content from issues.jboss.org is not included.ENTMQBR-3817 | [LTS] The createSession() method throws java.lang.NullPointerException | |
| Content from issues.jboss.org is not included.ENTMQBR-3816 | [LTS] MDB Durable Subscriber error in AMQ 7 | |
| Content from issues.jboss.org is not included.ENTMQBR-3815 | [LTS] Activation failure can result in zombie broker | |
| Content from issues.jboss.org is not included.ENTMQBR-3803 | [LTS] Backup broker cannot reestablish connection with its master | |
| Content from issues.jboss.org is not included.ENTMQBR-3799 | [LTS] AMQ broker creating consumers with destroyed sessions | |
| Content from issues.jboss.org is not included.ENTMQBR-3783 | [LTS] page-max-concurrent-io cannot be disabled | |
| Content from issues.jboss.org is not included.ENTMQBR-3728 | [LTS] ARTEMIS-2835 - Fix new connection establishment after failure during failover / Adding proper log message to SharedNothingLiveActivation.isNodeIdUsed | |
| Content from issues.jboss.org is not included.ENTMQBR-3725 | [LTS] Porting ENTMQBR-3516 | |
| Content from issues.jboss.org is not included.ENTMQBR-3138 | CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI [amq-7.4.0] |
The following issues have been resolved in the AMQ 7.4.4 release:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.ENTMQBR-2580 | [AMQ7, message expiry, auto-delete] auto-created queue may not auto-deleted when message expire | |
| Content from issues.jboss.org is not included.ENTMQBR-3213 | Failback does not work master/slave cluster using NFS shared store | |
| Content from issues.jboss.org is not included.ENTMQBR-3275 | Regression: Backup doesn't activate after shared store is reconnected | |
| Content from issues.jboss.org is not included.ENTMQBR-3309 | NMS / Openwire Client Runs Out of Credits Even though Broker Shows All Messages Acked | |
| Content from issues.jboss.org is not included.ENTMQBR-3381 | [ARTEMIS-2665] AMQP Shared Non Durable queues are not being created same as CORE | |
| Content from issues.jboss.org is not included.ENTMQBR-3402 | CVE-2020-1953 commons-configuration2: apache-commons-configuration: uncontrolled class instantiation when loading YAML files [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3428 | [AMQ7, AMQP, Openwire] issue consuming amqp message using openwire consumer | |
| Content from issues.jboss.org is not included.ENTMQBR-3431 | CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes [amq-7-LTS] | |
| Content from issues.jboss.org is not included.ENTMQBR-3435 | [LTS] resetUsers operation stores password in plain text | |
| Content from issues.jboss.org is not included.ENTMQBR-3437 | AMQP consumption stalls under during high message throughput | |
| Content from issues.jboss.org is not included.ENTMQBR-3438 | OpenWire consumption stalls under during high message throughput | |
| Content from issues.jboss.org is not included.ENTMQBR-3481 | [LTS] Incorrect Behavior when verifyHost is Configured on Acceptor | |
| Content from issues.jboss.org is not included.ENTMQBR-3488 | resetUsers operation stores password in plain text | |
| Content from issues.jboss.org is not included.ENTMQBR-3489 | [LTS] JMX/Jolokia addSecuritySettings - permissions are not processed until broker restart | |
| Content from issues.jboss.org is not included.ENTMQBR-3505 | [LTS] AMQ224000: Failure in initialisation: java.lang.IllegalStateException: com.microsoft.sqlserver.jdbc.SQLServerException: The conversion from timestamp to TIMESTAMP is unsupported. | |
| Content from issues.jboss.org is not included.ENTMQBR-3522 | CVE-2020-10727 broker: resetUsers operation stores password in plain text [amq-7-LTS] | |
| Content from issues.jboss.org is not included.ENTMQBR-3559 | Dont delete auto created queues when FORCE is used for configuration changes | |
| Content from issues.jboss.org is not included.ENTMQBR-3565 | [LTS] Openwire Temporary Queues may not work if you change wildcard settings | |
| Content from issues.jboss.org is not included.ENTMQBR-3570 | [AMQ 7.2, shared store, scale down] NullPointer exception when slave activates and tries to scale down | |
| Content from issues.jboss.org is not included.ENTMQBR-3572 | In jolokia-access.xml, allowing a remote access using FQDN doesn't work. | |
| Content from issues.jboss.org is not included.ENTMQBR-3574 | [AMQ7, AMQP, Openwire] issue consuming amqp message using openwire consumer | |
| Content from issues.jboss.org is not included.ENTMQBR-3592 | killing (kill -9) AMQ causes tmp space usage to increase - webapp folders are not removed | |
| Content from issues.jboss.org is not included.ENTMQBR-3623 | [LTS] io.netty.util.internal.OutOfDirectMemoryError during uncompress | |
| Content from issues.jboss.org is not included.ENTMQBR-3630 | human-readable timestamp in hawtio is incorrect | |
| Content from issues.jboss.org is not included.ENTMQBR-3634 | OpenWire producerId leak in session state | |
| Content from issues.jboss.org is not included.ENTMQBR-3636 | The names returned by AddressControl.getQueueNames() also include remote forward queue | |
| Content from issues.jboss.org is not included.ENTMQBR-3637 | Default network pinger command uses -t argument for timeout | |
| Content from issues.jboss.org is not included.ENTMQBR-3638 | [AMQ7 Examples] Readme file is missing from all the exmaples | |
| Content from issues.jboss.org is not included.ENTMQBR-3639 | [LTS] Broker logs "quorum" messages even when there is no cluster | |
| Content from issues.jboss.org is not included.ENTMQBR-3680 | CVE-2018-15756 springframework: DoS Attack via Range Requests [amq-7.3.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3688 | SIGSEGV in libaio when running RHEL 7.8 | |
| Content from issues.jboss.org is not included.ENTMQBR-3691 | Metrics exporter switches address and queue name | |
| Content from issues.jboss.org is not included.ENTMQBR-3694 | Avoid notifications when shutting down on critical IO error | |
| Content from issues.jboss.org is not included.ENTMQBR-3776 | CVE-2020-1953 commons-configuration2: apache-commons-configuration: uncontrolled class instantiation when loading YAML files [amq-7-LTS] |
The following issues have been resolved in the AMQ 7.4.3 release:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.ENTMQBR-2456 | CVE-2018-10899 jolokia-core: jolokia: system-wide CSRF that could lead to Remote Code Execution [amq-7.2.4] | |
| Content from issues.jboss.org is not included.ENTMQBR-2706 | ARTEMIS-2176 - Repeating WARN log message "Notified of connection failure" after every xa recovery when read-timeout is configure with a smaller value than default client-failure-check-period (30 seconds) | |
| Content from issues.jboss.org is not included.ENTMQBR-2906 | Upgrade Jetty to fix CVEs related to version 9.4.3.v20170317 [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-2981 | CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3151 | CVE-2019-0222 mqtt-client: activemq: Corrupt MQTT frame can cause broker shutdown [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3157 | CVE-2019-10241 jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3158 | CVE-2019-10247 jetty: error path information disclosure [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3159 | Jetty CVEs | |
| Content from issues.jboss.org is not included.ENTMQBR-3226 | CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3227 | LTS: Memory Leak when Opening and Closing AMQP Consumers in the Same Session / Context | |
| Content from issues.jboss.org is not included.ENTMQBR-3243 | CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3244 | CVE-2019-20444 netty: HTTP request smuggling [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3257 | LTS: AMQ119217: Cant write to closed file: {0} | |
| Content from issues.jboss.org is not included.ENTMQBR-3258 | [amqp] when receiver client connects without source being set, broker prints NPE | |
| Content from issues.jboss.org is not included.ENTMQBR-3259 | CVE-2012-6708 vulnerability in jQuery | |
| Content from issues.jboss.org is not included.ENTMQBR-3260 | AMQ Hawtio : Could not retrieve queue list. Wrong MBean selected. | |
| Content from issues.jboss.org is not included.ENTMQBR-3261 | AMQ broker does not clean the connection(MQTT) when the connection is broken | |
| Content from issues.jboss.org is not included.ENTMQBR-3263 | Improper Quoting in Generated artemis.profile File - Causing Start Failures in Some Environments | |
| Content from issues.jboss.org is not included.ENTMQBR-3264 | broker rejects reconnect on broker stop/start | |
| Content from issues.jboss.org is not included.ENTMQBR-3267 | Large message's copy may be interfered by other threads | |
| Content from issues.jboss.org is not included.ENTMQBR-3282 | server-side AMQP interceptor returns false, but message is still enqueued | |
| Content from issues.jboss.org is not included.ENTMQBR-3344 | CVE-2019-9511 jetty: HTTP/2: large amount of data requests leads to denial of service [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3345 | CVE-2019-9512 jetty: HTTP/2: flood using PING frames results in unbounded memory growth [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3347 | CVE-2019-9514 jetty: HTTP/2: flood using HEADERS frames results in unbounded memory growth [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3348 | CVE-2019-9515 jetty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3349 | CVE-2019-9516 jetty: HTTP/2: 0-length headers lead to denial of service [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3350 | CVE-2019-9517 jetty: HTTP/2: request for large response leads to denial of service [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3351 | CVE-2019-9518 jetty: HTTP/2: flood using empty frames results in excessive resource consumption [amq-7.4.0] |
The following issues have been resolved in the AMQ 7.4.2 release:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.ENTMQBR-522 | Broker running on windows write problems with remove temp files when shutting down | |
| Content from issues.jboss.org is not included.ENTMQBR-2711 | ServerSessionImpl cache does not clear names of deleted temporary destinations & there's no limit on producer target cache | |
| Content from issues.jboss.org is not included.ENTMQBR-2777 | Marking a message as changed during expansion could lead to issues during AMQP to Core Conversion. | |
| Content from issues.jboss.org is not included.ENTMQBR-3073 | OpenWire session close doesn't cleanup consumer refs | |
| Content from issues.jboss.org is not included.ENTMQBR-3090 | Eliminate knownDestinations cache | |
| Content from issues.jboss.org is not included.ENTMQBR-3091 | Editing AMQPMessages or Diverts will cause Message Body Loss and its side effects | |
| Content from issues.jboss.org is not included.ENTMQBR-3093 | Cancelling pre-fetch buffer will break ordering with AMQP | |
| Content from issues.jboss.org is not included.ENTMQBR-3094 | Add option to override InetAddress.isReachable() with purePing() | |
| Content from issues.jboss.org is not included.ENTMQBR-3095 | CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3097 | In multiple scale up/down scenario the broker will have lots of store_and_forward(sf) queues | |
| Content from issues.jboss.org is not included.ENTMQBR-3098 | JDBC HA shared store does not take credentials from the jdbc-user and jdbc-password tags | |
| Content from issues.jboss.org is not included.ENTMQBR-3099 | [AMQ7, openwire, nullpointer] Errors occurred during the buffering operation : java.lang.NullPointerException | |
| Content from issues.jboss.org is not included.ENTMQBR-3100 | [AMQ 7.4, KQUEUE] Unable to check KQueue availability : java.lang.NoClassDefFoundError: io/netty/channel/kqueue/KQueue | |
| Content from issues.jboss.org is not included.ENTMQBR-3101 | [artemis-jms-client] if connecting to a list, and if a node is off, initialConnectAttempts=-1 would retry forever once it tried a dead node | |
| Content from issues.jboss.org is not included.ENTMQBR-3102 | java.lang.NullPointerException with message replication | |
| Content from issues.jboss.org is not included.ENTMQBR-3107 | java.lang.OutOfMemoryError: Direct buffer memory | |
| Content from issues.jboss.org is not included.ENTMQBR-3108 | [AMQ7, large messages] LargeMessage doesn't make a full copy of its props | |
| Content from issues.jboss.org is not included.ENTMQBR-3109 | DuplicateIDCacheImpl leak | |
| Content from issues.jboss.org is not included.ENTMQBR-3111 | AMQ broker does not clean the connection(MQTT) when the connection is broken | |
| Content from issues.jboss.org is not included.ENTMQBR-3112 | [AMQ7, purge message, OutOfMemoryException] with a large queue size, removeAllMessages() takes a long time and eventually results in an OOM exception (if enough messages on the queue) | |
| Content from issues.jboss.org is not included.ENTMQBR-3113 | Remote JMX server on slave shuts down during failback | |
| Content from issues.jboss.org is not included.ENTMQBR-3114 | Qpid JMS client doesn't recover after a complete outage | |
| Content from issues.jboss.org is not included.ENTMQBR-3115 | Messages greater than 50kb does not appear on the Hawtio AMQ browser | |
| Content from issues.jboss.org is not included.ENTMQBR-3116 | Remove unsupported examples shipped with AMQ 7.3 | |
| Content from issues.jboss.org is not included.ENTMQBR-3119 | Attribute group-name ignored in replicated colocated configurations | |
| Content from issues.jboss.org is not included.ENTMQBR-3122 | CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters [amq-7.4.0] | |
| Content from issues.jboss.org is not included.ENTMQBR-3123 | Duplicate amqp messages over cluster | |
| Content from issues.jboss.org is not included.ENTMQBR-3125 | Artemis responds with disposition Rejected if queue is full | |
| Content from issues.jboss.org is not included.ENTMQBR-3129 | AMQ7 template yaml missing quotes |
The following issues have been resolved in the AMQ 7.4.1 release:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.ENTMQBR-2470 | [AMQ7, openwire,redelivery] redelivery counter for message increasing, if consumer is closed without consuming any messages | |
| Content from issues.jboss.org is not included.ENTMQBR-2593 | broker does not set message ID header on cross protocol consumption | |
| Content from issues.jboss.org is not included.ENTMQBR-2612 | Consumer command, clientID is not saved during JMS exception | |
| Content from issues.jboss.org is not included.ENTMQBR-2624 | HornetQ client issue while using JMSMessageID as selector | |
| Content from issues.jboss.org is not included.ENTMQBR-2631 | Resource adapter getter should return wrapped objects and not primitive | |
| Content from issues.jboss.org is not included.ENTMQBR-2640 | max-saved-replicated-journals-size=0 throws ArrayIndexOutOfBoundsException | |
| Content from issues.jboss.org is not included.ENTMQBR-2676 | Negative Message Count and Delivering Count with camel-amqp client | |
| Content from issues.jboss.org is not included.ENTMQBR-2702 | Broker unresponsive when many consumers have delayed and negative acknowledgement on the same address | |
| Content from issues.jboss.org is not included.ENTMQBR-2708 | The subscribed topic is removed if reconnecting to messaging system with legacy-connection-factory | |
| Content from issues.jboss.org is not included.ENTMQBR-2719 | Lost messages in scenario with a remote MDB and a long GC pause. | |
| Content from issues.jboss.org is not included.ENTMQBR-2720 | Connection Timeout now blocks on the retry, it should be asynchronous | |
| Content from issues.jboss.org is not included.ENTMQBR-2730 | Page Loss scenarios |
Product(s)
Category
Article Type