Hi Justin, Could you please approve the inclusion of the following into 0.22:
JIRA: QPID-4705 Revision: http://svn.apache.org/r1465590 Description: It fixes the potential security hole with an access to the web management console and rest interfaces. Without the fix if ACL is not configured (by default no ACL is configured) it is possible to access the web management console anonymously and do any configuration changes including password change, configure authentication providers etc. The commit in revision r1465590 <http://svn.apache.org/r1465590> stops this from happening by adding functionality to check whether the request is authenticated or authorised and send the redirect to the login page (for web management console) or send the error status codes (401,403) for rest requests. The changes are isolated to the http management plugin and do not affect the broker core functionality. JIRA: QPID-4725 <https://issues.apache.org/jira/browse/QPID-4725> Revision: http://svn.apache.org/r1465457 Description: Enhances the web management console to display a principal associated with a connection on connection and virtualhost tabs. The changes are isolated to web console UI and of low risk. JIRA: QPID-4726 <https://issues.apache.org/jira/browse/QPID-4726> Revision: http://svn.apache.org/r1465459 Description: Improves SASL support for AMQP 1.0 client. The changes affect only 1.0 AMQP functionality and of low risk. Kind Regards, Alex
