CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray
and CompoundOrdering classes allow remote attackers to cause a denial
of service.
* Upgrading versions
* Adding wildfly-common dependency as jboss-logmanager now depends on it
for simple common operations such as getting hostname or process id
* Updating bootclasspath with wildfly-common
This reverts commit ad2ecd77d2.
This was causing an issue when starting the server:
```
java.lang.NoClassDefFoundError: org/wildfly/common/net/HostName
at org.jboss.logmanager.ExtLogRecord.<init>(ExtLogRecord.java:87)
at org.jboss.logmanager.Logger.log(Logger.java:796)
at org.jboss.logging.JBossLogManagerLogger.doLog(JBossLogManagerLogger.java:44)
at org.jboss.logging.Logger.logv(Logger.java:2226)
at org.apache.activemq.artemis.integration.bootstrap.ActiveMQBootstrapLogger_$logger.serverStarting(ActiveMQBootstrapLogger_$logger.java:35)
at org.apache.activemq.artemis.integration.FileBroker.start(FileBroker.java:68)
at org.apache.activemq.artemis.cli.commands.Run.execute(Run.java:85)
```
Update to latest proton-j release and refactor the dispostion code to use
the new type enums to better deal with the dispistions. Updates to Qpid JMS
0.37.0 which still uses the current netty 4.1.28.Final dependency.
With the current Maven config, the maven-source-plugin is executed twice, this results in the sources-jars being attached twice which leads the deploy goal in trying to upload the same sources jars twice to the repository. This slows down the build process and also fails on repositories that disallow updating of existing artifacts.
Additionally the "jar" goal is now replaced with "jar-no-fork" which prevents the maven life cycle being executed twice too.
Update the Qpid JMS and Proton dependencies to lastest and sync Netty
with the 4.1.28.Final version used by Qpid JMS to avoid clash that
breaks a test. Adds override of new Proton-J WritableBuffer API that
allows it to use the Netty String encoder when needed instead of the
slower default version.
Update Qpid JMS to v0.36.0
Proton-J to v0.29.0
Netty to 4.1.28.Final
Added an example to demonstrate how to configure and use openssl
Moved/Added netty-tcnative dependency to artemis-distribution
Changed artemis-jms-client-all pom to exclude io.netty from relocation
so that the native openssl can be loaded
Replace guava Preconditions with artemis Preconditions
Replace guava Predicate with java Predicate
Replace guava Ordering with java Comparator
Replace guava Immutable, with ArrayList/Set and then wrap with unmodifiable
Use new no copy variants for the delivery send and receive and make
use of the ReadableBuffer type that is now used to convery tranfer
payloads without a copy. Also set max outgoing frame size to match
the configured maxFrameSize for the AMQP protocol head to avoid the
case where an overly large frame can be written instead of chunking
a large message.
Logging for the "fast-tests" profile used for PR builds could be reduced
significantly. This would save time as well as prevent log truncation
(Travis CI only supports logs up to 4MB).
Revert "ARTEMIS-1545 Adding HornetQ 2.4.7 on the mesh to validate send-acks"
I'm reverting this as the testsuite is broken..
We will send it back once worked out.
This reverts commit 8f5b7a1e73.
This reverts commit 9b982b3e30.
https://issues.apache.org/jira/browse/ARTEMIS-1546
- the dependency scan is changed to allow adding an extra repository
- adding groovy so we won't require compilation dependencies (just runtime)
without needing reflection (thanks Groovy :) )
- Adding hornetq to the mesh of version tests
This commit contains these changes:
* Change example documentation to use markdown
* Generate HTML doc based on markdown during release
* Fix XML formatting in some examples
* Repair out-of-date documentation
The changes to remove netty-all removes the classifiers that add the
dependency to the netty transport that includes the compiled native
library wrapper. Add those classifiers back in.
Set hawtio to 1.5.4
Exclude diagnostics tab to avoid Flight Recorder being exposed.
Update jolokia to latest to match hawtio
Update current documentation links to artemis site instead of github causing blank load if docs are not local built.
Core client with netty connector and acceptor doing kerberos
jaas.doAs around sslengine init such that the SSL handshake can do kerberos ticket
generaton and validation.
The kerberos authenticated user is then validated with the security manager before
being populated into the message userId.
The feature is enabled with the kerb5Config property. When lowercase it is the
principal. With a leading uppercase char it is the login.config entry to use.