Thanks for getting the discussion going again. You bring up some interesting points. As stale as the console may be, I still find it incredibly useful, and would hope that it will remain until a replacement option is available. I have found moving to Apache Artemis to feel like I'm moving backwards because there is no admin console for it.
For those that may view it as a security risk, it is a simple matter to disable it. If it were to be replaced, what would be some potential replacements? Could the most vulnerable parts of it be removed while still remaining useful? I mostly use it for knowing what clients are connected, how many messages have been sent to destinations, and things like that. I can't see how those limited functions would be difficult to keep, nor how they could be a security issue. On Wed, Sep 28, 2016 at 8:18 AM Christopher Shannon < [email protected]> wrote: > First, I know this topic was brought up back in January 2014 and there were > a lot of discussions about what to do about it and ultimately nothing > happened. However, it has been nearly 3 years since the last time this > subject was brought up and absolutely nothing has changed so I think it is > time to bring it up again and see what people's current opinions are. > > The Web Console is extremely out of date and since the last discussions on > the subject is still completely un-maintained. It is buggy and has had > many security vulnerabilities that keep popping up including several that > have been reported over the past year. In the past 3 years no one has > shown any interest in contributing fixes to the console to maintain it. > Essentially no work has gone into the console except for security fixes. > > Also, I know there was talk about moving it into a sub project however I > don't think that really solves anything. The code would just be moved to a > new location and still be un-maintained and full of potential security > vulnerabilities. > > So my preference would be just to EOL the console and remove it form future > versions. However, if there are people who really still want to keep it > then at the very least I think it should go into a sub project along with > some sort of warning that says it is deprecated and to use at your own > risk, etc. > > Thoughts? >
