2.5. Security Fixes

SSL transport cipher suites

Fixed AMQ-4582, affecting the SSL transport cipher suites. Previously, if you specified an invalid cipher suite to the transport.enabledCipherSuites parameter on an SSL transport connector, the broker would start with all ciphers enabled.

JAAS authorization now compatible with Karaf JAAS authentication

The implementation of the JAAS authorization plug-in has been modified so that it is compatible with the Apache Karaf JAAS authentication module. This makes it possible to integrate the JAAS authorization plug-in with the Karaf JAAS authentication module when the broker is deployed in an OSGi container. For more details, see the JBoss A-MQ Security Guide.

Allow Bouncy Castle security provider to be used

Fixed AMQ-4520, which is caused by a bug in the default SSL provider that comes with Java 7 (affecting the Diffie-Hellman cipher suite). You can now work around this issue by adding the Bouncy Castle security producer to the Java 7 lib directory.

Removed command agent

Removed the command agent, which is no longer needed and might potentially have exposed a security hole through the JMS protocol.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories