[jira] [Work logged] (ARTEMIS-4763) properties config - support metrics plugin, conversion of .class for non string attributes and empty init

Wed, 08 May 2024 12:41:05 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4763?focusedWorklogId=918410&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-918410
 ]

ASF GitHub Bot logged work on ARTEMIS-4763:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/May/24 19:40
            Start Date: 08/May/24 19:40
    Worklog Time Spent: 10m 
      Work Description: cshannon commented on PR #4924:
URL: 
https://github.com/apache/activemq-artemis/pull/4924#issuecomment-2101300102

   > I have opened https://issues.apache.org/jira/browse/ARTEMIS-4766 to follow 
up.
   
   In regards to a follow up...my opinion is the validation should be done now 
and not as a follow and included as part of this change. Creating Jiras often 
leads to things just getting forgotten about and never done and I think this is 
important enough to not just put it off for later.
   
   Matt makes a good point about defense in depth and after thinking about it I 
would be -1 on this PR without adding some way to validate the class type now. 
There's been way too many CVEs that have popped up that involve class loading 
and serialization so no reason to risk it.




Issue Time Tracking
-------------------

    Worklog Id:     (was: 918410)
    Time Spent: 1.5h  (was: 1h 20m)

> properties config - support metrics plugin, conversion of .class for non 
> string attributes and empty init 
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-4763
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4763
>             Project: ActiveMQ Artemis
>          Issue Type: New Feature
>          Components: Configuration
>    Affects Versions: 2.33.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> the metrics plugin is not a broker plugin, so cannot be initialised via the 
> broker plugins collection. We can only add .class instances to collections.
> The metrics instance is an attribute that needs a class type argument on the 
> metrics configuration.
> supporting a conversion to any non string scalar type using a .class value 
> will work nicely.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to