AMQ Broker - 7.9.x Resolved Issues
Updated -
The AMQ Broker 7.9.4 release is now available for download from the Customer Support Portal. AMQ Broker 7.9.4 is a patch release for AMQ Broker 7.9.0 and can be applied as a patch to an existing broker instance or can be used to create new broker instances. Note, AMQ Broker patches are cumulative and include fixes from previous patch releases as noted below.
The following issues have been resolved in the AMQ Broker 7.9.4 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQBR-6470 | CVE-2022-22965 spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ [amq-7] |
The following issues have been resolved in the AMQ Broker 7.9.3 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQBR-6120 | Operator | Operator pod repeatedly crashing after upgrade 7.9.2-opr-1 |
| ENTMQBR-6093 | Operator | When operator pod is killed, the statefulset is recreated when it startup again |
The following issues have been resolved in the AMQ Broker 7.9.2 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQBR-5119 | CVE-2017-5645 hawtio-osgi: log4j: Socket receiver deserialization vulnerability [amq-7] | |
| ENTMQBR-5928 | CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [amq-7] | |
| ENTMQBR-6034 | CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer [amq-7] | |
| ENTMQBR-6044 | CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [amq-7] | |
| ENTMQBR-6045 | CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink [amq-7] | |
| ENTMQBR-6095 | Remove all references to log4j in AMQ Broker |
The following issues have been resolved in the AMQ Broker 7.9.1 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQBR-4894 | Improve the error management of the OpenWireMessageConverter | |
| ENTMQBR-4996 | MQTT's 'Session Present' is always '1'(true) | |
| ENTMQBR-5062 | decreaseNetworkConsumerPriority in networked brokers | |
| ENTMQBR-5133 | Resource Adapter Support for Shared Connections | |
| ENTMQBR-5240 | Implement Metering Labels in Broker OCP Images | |
| ENTMQBR-5242 | SNF Stuck Queue with concurrent cluster and reconnections | |
| ENTMQBR-5389 | Mirror is not searching for Acks on PagedMessages | |
| ENTMQBR-5394 | JMX: cluster-connection start() method does not work after stop() method invoked | |
| ENTMQBR-5400 | NPE on OpenWireConnection ln 837 resulting in thread contention | |
| ENTMQBR-5439 | CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data [amq-7] | |
| ENTMQBR-5440 | CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way [amq-7] | |
| ENTMQBR-5487 | Bridge reconnect will lead to incorrect Queue.deliveringCounts | |
| ENTMQBR-5488 | Rogue queue auto creation against simultaneous clients and destroy Address | |
| ENTMQBR-5508 | AddDuplicateIDOperation objects retained on heap | |
| ENTMQBR-5518 | Logged supported versions do not match operator.yaml | |
| ENTMQBR-5565 | Openwire will break duplicateID interaction with compacting when using Transactions | |
| ENTMQBR-5584 | AMQP Consumer fails to receive LargeMessage when Broker uses JDBC storage | |
| ENTMQBR-5603 | Clarify the use of the three AMQ Broker Operators in OperatorHub | |
| ENTMQBR-5612 | Address is already in use when adding a new user from CLI | |
| ENTMQBR-5614 | amq-broker7 on openshift propertiesLoginModules not setting roles correctly | |
| ENTMQBR-5618 | Federation does not work with large messages | |
| ENTMQBR-5622 | ActiveMQArtemisAddress CR is not resilient to the scale up | |
| ENTMQBR-5687 | BufferSplitter::split shouldn't consume input buffer | |
| ENTMQBR-5689 | Operator cannot handle patching console to ssl Enabled | |
| ENTMQBR-5725 | Broker fails to load if there is a prepared transaction with an ACK is pending on an non existent page |
Comments