This is an automated email from the ASF dual-hosted git repository.
cshannon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/main by this push:
new d8a85400f4 Disable the message servlet by default (#2000)
d8a85400f4 is described below
commit d8a85400f453387c60bcee0576fe11e4f9f5adab
Author: Christopher L. Shannon <[email protected]>
AuthorDate: Wed May 13 11:39:09 2026 -0400
Disable the message servlet by default (#2000)
* Disable the message servlet by default
* Add warning message and deprecated annotation
---
.../org/apache/activemq/web/MessageServlet.java | 6 ++++++
assembly/src/release/webapps/api/WEB-INF/web.xml | 21 +++++++++++++++------
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git
a/activemq-web/src/main/java/org/apache/activemq/web/MessageServlet.java
b/activemq-web/src/main/java/org/apache/activemq/web/MessageServlet.java
index fa3dd50e09..10675a7cf2 100644
--- a/activemq-web/src/main/java/org/apache/activemq/web/MessageServlet.java
+++ b/activemq-web/src/main/java/org/apache/activemq/web/MessageServlet.java
@@ -48,7 +48,13 @@ import org.slf4j.LoggerFactory;
* there will always be a chance of losing messages. Consider what happens when
* a message is retrieved from the broker but the web call is interrupted
before
* the client receives the message in the response - the message is lost.
+ *
+ * @deprecated - WARNING: The MessageServlet should be used with caution as it
is unmaintained
+ * and there are multiple security related issues. This servlet is primarily
meant for demo
+ * purposes only and will be removed entirely in a future release. It is
recommended to
+ * keep it disabled.
*/
+@Deprecated
public class MessageServlet extends MessageServletSupport {
// its a bit pita that this servlet got intermixed with asyncRequest/rest
diff --git a/assembly/src/release/webapps/api/WEB-INF/web.xml
b/assembly/src/release/webapps/api/WEB-INF/web.xml
index 2a1a010364..d260009cd7 100644
--- a/assembly/src/release/webapps/api/WEB-INF/web.xml
+++ b/assembly/src/release/webapps/api/WEB-INF/web.xml
@@ -22,11 +22,19 @@
<display-name>Apache ActiveMQ REST API</display-name>
+ <!--
+
+ WARNING: The MessageServlet should be used with caution as it is
deprecated and unmaintained
+ and there are multiple security related issues. This servlet is primarily
meant for demo
+ purposes only and will be removed entirely in a future release. It is
recommended to
+ keep it disabled.
+
<servlet>
<servlet-name>MessageServlet</servlet-name>
<servlet-class>org.apache.activemq.web.MessageServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
+ -->
<!--
Uncomment this parameter if you plan to use multiple consumers over
REST
<init-param>
@@ -43,7 +51,13 @@
<param-value>-1</param-value>
</init-param>
-->
- </servlet>
+ <!--</servlet>
+
+ <servlet-mapping>
+ <servlet-name>MessageServlet</servlet-name>
+ <url-pattern>/message/*</url-pattern>
+ </servlet-mapping>
+ -->
<servlet>
<servlet-name>jolokia-agent</servlet-name>
@@ -74,11 +88,6 @@
<load-on-startup>1</load-on-startup>
</servlet>
- <servlet-mapping>
- <servlet-name>MessageServlet</servlet-name>
- <url-pattern>/message/*</url-pattern>
- </servlet-mapping>
-
<servlet-mapping>
<servlet-name>jolokia-agent</servlet-name>
<url-pattern>/jolokia/*</url-pattern>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
