[ANN] Apache ActiveMQ Classic 6.1.3 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ Classic 6.1.3 release. It's maintenance release on the 6.1.x series, bringing: - add a BoM - fixes on the Message REST API, especially concurrent access - Spring 6.1.11 update - fix NoClassDefFound on bin/activemq export command line - sever

[ANNOUNCE] Apache Iceberg release 1.6.0

The Apache Iceberg team is pleased to announce the release of Apache Iceberg 1.6.0! Apache Iceberg is an open table format for huge analytic datasets. Iceberg delivers high query performance for tables with tens of petabytes of data, along with atomic commits, concurrent writes, and SQL-compatible

[ANN] Apache ActiveMQ Classic 5.18.5 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.18.5 release. It's a maintenance release on the ActiveMQ 5.18.x series, bringing: - Fix 500 Server Error while polling empty destination via Message REST - Fix ClassNotFoundException when using runtimeConfigurationPlugin with Java 17 - Spr

CVE-2024-32114: Apache ActiveMQ: Jolokia and REST API were not secured with default configuration

Severity: low Affected versions: - Apache ActiveMQ 6.0.0 through 6.1.1 Description: In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any

[ANN] Apache ActiveMQ Classic 6.1.2 has been released!

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ Classic 6.1.2 release. It's a maintenance release on the ActiveMQ 6.1.x series, bringing: - secure Jolokia and REST Message API by default - fix on runtimeConfigurationPlugin JMX MBean reload operation - fix when consuming empty desti

[ANN] Apache ActiveMQ "Classic" 5.18.4 has been released!

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ "Classic" 5.18.4 release. It's a maintenance release on the ActiveMQ 5.18.x series, bringing: - Spring 5.3.33 update (related to Spring CVEs) - Jetty 9.4.54.v20240208 update - Jackson 2.16.2 update - log4j 2.23.1 update - several bug

[ANN] Apache ActiveMQ 6.1.1 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 6.1.1 release. It's a maintenance release on the ActiveMQ 6.1.x series, bringing: - add firstMessageTimestamp in the StatisticsPlugin - fix on Docker images authentication - add sun.nio.* opens classes required for some transports - importan

[ANN] Apache ActiveMQ 6.1.0 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 6.1.0 release. It's a new milestone, bringing: - New JMS 2/3 operations support - Mapping javax / jakarta exception in openwire protocol - Add destination field on the job scheduler - Add org.apache.activemq.broker.BouncyCastleNotAdded prope

[ANN] Apache Karaf OSGi Runtime 4.4.5 has been released!

The Apache Karaf team is pleased to announce the Apache Karaf OSGi Runtime 4.4.5 release. Apache Karaf runtime 4.4.5 is a maintenance release, bringing a lot of dependency updates and fixes, especially: -i solate config shell commands in a dedicated bundle to avoid refresh and race condition at st

[ANN] Apache Iceberg 1.4.3 release

The Apache Iceberg team is pleased to announce the release of Apache Iceberg 1.4.3! Apache Iceberg is an open table format for huge analytic datasets. Iceberg delivers high query performance for tables with tens of petabytes of data, along with atomic commits, concurrent writes, and SQL-compatible

[ANN] Apache ActiveMQ 6.0.1 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 6.0.1 release. It's maintenance release on the ActiveMQ 6.0.x series, bringing: - Fix Jakarta support in ActiveMQ RA - Fix OSGi headers in activemq-jms-pool and activemq-cf - Fix provided jetty.xml example on the SSL connector - Fix jolokia

CVE-2022-41678: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE

Severity: Medium Affected versions: - Apache ActiveMQ before 5.16.6 - Apache ActiveMQ 5.17.0 before 5.17.4 - Apache ActiveMQ 5.18.0 unaffected - Apache ActiveMQ 6.0.0 unaffected Description: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In det

[ANN] Apache ActiveMQ 6.0.0 has been released!

After several weeks (months ?) of work, the ActiveMQ team is pleased to announce Apache ActiveMQ 6.0.0 release. It's a major milestone for the project, starting the 6.x series, and bringing: - Jakarta Messaging 3.1, JMS 2.0 support (new features will come in the 6.x series) - Jakarta EE namespace

[ANN] Apache ActiveMQ 5.16.7 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.16.7 release. It's a maintenance release on the ActiveMQ 5.16.x series, bringing: - improvement on OpenWire marshaller on Throwable class type You can find details on the Release Notes: https://issues.apache.org/jira/secure/ReleaseNote.js

[ANN] Apache ActiveMQ 5.17.6 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.17.6 release. It's a maintenance release on the ActiveMQ 5.17.x series, bringing: - improvement on KahaDB memory consumption - add additional fields on JMX Connection MBean - improvement on OpenWire marshaller on Throwable class type - a l

[ANN] Apache ActiveMQ 5.18.3 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.18.3 release. It's a maintenance release on the ActiveMQ 5.18.x series, bringing: - fix on destinations create when message is delayed - fix on moving message to DLQ when produce via HTTP and TTL is reached - improvement on KahaDB memory c

[ANN] Apache Karaf OSGi runtime 4.3.10 has been released!

The Karaf team is pleased to announce Apache Karaf OSGi runtime 4.3.10 release. This is a maintenance release, bringing fixes, new features and dependency updates: - fix race condition between the FeaturesService and FeatureDeploymentListener - fix --patch-module on Instance startup - add exec:gro

[ANN] Apache Karaf OSGi runtime 4.4.4 has been released!

The Karaf team is pleased to announce Apache Karaf OSGi runtime 4.4.4 release. This is a a maintenance release, bringing a lot of dependency updates and fixes, especially: - fix race condition between the FeatureService and FeatureDeploymentListener - fix --patch-module on Instance startup - add e

[ANN] Apache ActiveMQ 5.17.5 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.17.5 release. It’s a maintenance release on the ActiveMQ 5.17.x series, bringing: - fix on stale queues when a connection is long to shutdown - fix on KahaDB where the db files may be larger than the maxLength configuration - fix on compo

[ANN] Apache ActiveMQ 5.18.2 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.18.2 release. It’s a maintenance release on the ActiveMQ 5.18.x series, bringing: - fix potential NPE when removing consumer with selector - fix composite consumers in a Network of Brokers - fix memory leak on the STOMP transport when clie

[ANN] Apache ActiveMQ 5.18.1 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.18.1 release. This release is a maintenance release on the 5.18.x series. It especially fixes an issue with the activemq-client-jakarta artifact. You can find details on the Release Notes: https://issues.apache.org/jira/secure/ReleaseNote

[ANN] Apache ActiveMQ 5.18.0 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.18.0 release. This release is an important milestone for the ActiveMQ project, providing: - JMS 2.0 client support with both javax.jms and jakarta.jms namespaces (see https://activemq.apache.org/jms2 for details) - JDK11+ support - Spring

[ANN] Apache ActivveMQ "Classic" 5.17.4 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.17.4 release. ActiveMQ 5.17.4 includes several fixes, improvements, and dependency updates as well, especially: - add JOLOKIA_CONF env variable in wrapper configuration - potential race condition in the store while creating new destination

[ANN] Apache Karaf Decanter 2.10.0 has been released!

The Apache Karaf team is pleased to announce Apache Karaf Decanter 2.10.0 release. This release is a maintenance release on the Decanter 2.x series, bringing a lot of changes, especially: - a new config allows to define default key in the split parser - fix a ClassCastException in split parser - a

[ANN] Apache ActiveMQ 5.16.6 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.16.6 release. NB: this should be the last release on the 5.16.x series, we strongly invite all users to update to ActiveMQ 5.17.x series. ActiveMQ 5.16.6 includes several fixes, improvements, and dependency updates as well, especially: -

[ANN] Apache Karaf OSGi runtime 4.3.9 has been released!

The Apache Karaf team is pleased to announce Apache Karaf OSGi runtime 4.3.9 release. This is a maintenance release, bringing a lot of dependency updates and fixes, especially: - fix threads leak in karaf-maven-plugin:verify goal - fix JMX RmiServer stub IP address assignation - add shell:alias a

[ANN] Apache Karaf OSGi Runtime 4.4.3 has been released!

The Apache Karaf team is pleased to announce Apache Karaf OSGi runtime 4.4.3 release. This release is a maintenance release bringing a lot of dependency updates and fixes. Especially, this release includes: - fix threads leak in karaf-maven-plugin (in verify feature goal) - fix on JMX stub IP addr

CVE-2022-40145: Apache Karaf: JDBC JAAS LDAP injection

Severity: low Description: This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(j

[ANNOUNCE] Apache ActiveMQ 5.17.3 has been released!

The Apache ActiveMQ team is pleased to announce the ActiveMQ 5.17.3 release. This release includes several updates, fixes and improvements, especially: - upgrade to Spring 5.3.23 - upgrade to Jetty 9.4.49.v20220914 - upgrade to log4j 2.19.0 - fix jolokia access configuration file loading on W

[ANN] Apache Karaf OSGi Runtime 4.3.8 has been released

The Apache Karaf team is pleased to announce the Apache Karaf OSGi Runtime 4.3.8 release. This release is a maintenance release bringing a lot of dependency updates and fixes. Especially, this release includes: - New feature:status command - fix race condition on config plugin (to override propert

[ANN] Apache Karaf OSGi Runtime 4.4.2 release

The Apache Karaf team is pleased to announce the Apache Karaf OSGi Runtime 4.4.2 release. This release is a maintenance release bringing a lot of dependency updates and fixes. Especially, this release includes: - New feature:status command - New GraphQL example - fix race condition on config plugi

[ANN] Apache ActiveMQ 5.17.2 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.17.2 release: https://activemq.apache.org/activemq-5017002-release This release includes updates, fixes and improvements, especially: - update to Spring 5.3.22 - update to Shiro 1.9.1 - update to log4j 2.18.0 - and much more! Enjoy! Re

[ANN] Apache Karaf runtime 4.4.1 has been released

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.4.1 release. This release is a maintenance release bringing a lot of dependency updates and fixes. Especially, this release includes: - fix on the exported system packages - fix on the config management in features service - upgra

[ANN] Apache Karaf runtime 4.2.16 has been released

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.2.16 release. This release is a maintenance release including: - Pax Logging 1.11.15 upgrade - Pax URL 2.6.10 upgrade - Spring 5.3.19 and 5.2.20.RELEASE upgrades - and few other upgrades and couple of fixes IMPORTANT: this releas

[ANN] Apache ActiveMQ 5.16.5 has been released!

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ 5.16.5 release. This release is a maintenance release on the 5.16.x series, including: - fix on configuration when wrapper is used - fix memory leak on temp store - avoid potential NPE when starting ActiveMQ with pending STOMP message

[ANN] Apache ActiveMQ 5.17.1 had been released!

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ 5.17.1 release. This release is a maintenance release on the 5.17.x series, including: - upgrade to Spring 5.3.19 - upgrade to XBean 4.21 - upgrade to Jackson 2.13.2/2.13.2.2 - upgrade to Jolokia 1.7.1 - upgrade to ASM 9.3 for better

[ANN] Apache Karaf runtime 4.4.0 has been released!

The Apache Karaf team is pleased to announce the Apache Karaf 4.4.0 release. Apache Karaf 4.4.0 is an important milestone in the Karaf runtime roadmap as it's the beginning of the 4.4.x series. This release contains: - OSGi R8 support - upgrade to Pax Web 8.0.x - upgrade to Pax Logging 2.1.x - upg

[ANN] Apache Karaf 4.3.7 has been released!

The Apache team is pleased to announce Apache Karaf 4.3.7 release. This release is an important release on the Karaf 4.3.x series containing: - fix installation of config defined in a feature - support reproducible builds in karaf-maven-plugin - allow restriction of signature algorithms in SSH se

[ANN] Apache ActiveMQ 5.17.0 has been released!

The ActiveMQ team is pleased to announce ActiveMQ 5.17.0 has been released. ActiveMQ 5.17.0 is a major milestone in ActiveMQ roadmap, bringing lot of changes, fixes and improvements, especially: - JDK 11+ required for build and run now - Spring 5.3.16 - Log4j 2.17.1 - Jetty 9.4.45 using atomic jar

[ANN] Apache Karaf Decanter 2.9.0 has been released

The Apache Karaf team is pleased to announce Apache Karaf Decanter 2.9.0 release. This release is new one in Decanter 2.x series, bringing: - bunch of dependency updates - log collector has a new property to filter loggers - camel collector has a new property to include or not Camel history in the

[ANN] Apache ActiveMQ 5.16.4 has been released

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ 5.16.4 release. This release is an important release on the 5.16.x series containing: - switch from log4j 1.x to reload4j fixing important security issues in log4j 1.x - upgrade to xerces 2.22.2 fixing security issue in xerces - fix t

[SECURITY] New security advisory for CVE-2022-22932

A new security advisory has been released for Apache Karaf, which was fixed in the 4.2.15 and 4.3.6 runtime releases CVE-2022-22932: Path traversal flaws Severity: Low Vendor: The Apache Software Foundation Versions Affected: all versions of Apache Karaf prior to 4.2.15 or 4.3.6 Description:

[SECURITY] New security advisory for CVE-2021-41766 released for Apache Karaf

A new security advisory has been released for Apache Karaf, which was fixed in the recent 4.3.6 runtime release. CVE-2021-41766: Insecure Java Deserialization in Apache Karaf Severity: Low Vendor: The Apache Software Foundation Versions Affected: all versions of Apache Karaf prior to 4.3.6 Des

[ANN] Apache Karaf runtime 4.2.15 has been released

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.2.15 release. This release is an important release on the Karaf 4.2.x series containing: - upgrade to Pax Logging 1.11.13 upgrading to log4j 2.17.1 (fixing CVE-2021-44832) - upgrade too Apache Felix FileInstall 3.7.4 fixing hot d

[ANN] Apache Karaf runtime 4.3.6 has been released

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.3.6 release. This release is an important release on the Karaf 4.3.x series containing: - upgrade to Pax Logging 2.0.14 with log4j 2.17.1 (fixing CVE-2021-44832) - prepare JDK 18 support - fix deployment issue by upgrading to Apa

Apache Karaf runtime 4.2.14 has been released

The Apache Karaf team is pleased so announce Apache Karaf runtime 4.2.14 release. This release is an important release on the Karaf 4.2.x series, bringing updates, fixes and new features, especially fixing logshell issue: - upgrade to Pax Logging 1.11.12 - upgrade to log4j 2.17.0 fixing CVE-2021-4

Apache Karaf runtime 4.3.5 has been released

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.3.5 release. This release is an important release on the Karaf 4.3.x series bringing security fixes (logshell) especially: - upgrade to jolokia 1.7.1 - upgrade to pax-logging 2.0.12 - upgrade to log4j 2.17.0 fixing CVE-2021-45105

[ANN] Apache Karaf runtime 4.3.3 has been released

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.3.3 release. This release is an important release on the Karaf 4.3.x series, bringing updates, fixes and new features, especially: - first round of the specs features repository. This repository use will spread (in Karaf and thir

[ANN] Apache ActiveMQ 5.16.3 has been released!

The ActiveMQ team is pleased to announce Apache ActiveMQ 5.16.3 feature. https://activemq.apache.org/activemq-5016003-release This release includes updates, improvements and important fixes, especially: - fix on potential connection deadlock - fix on broker plugin allowing java.util package for

[ANNOUNCE] Apache Karaf runtime 4.3.2 has been released

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.3.2 release. This release is an important release on the Karaf 4.3.x series, bringing updates, fixes and new features, especially: * OSGi R7 configuration support and fix on configuration json format * security improvement (defau

[ANNOUNCE] Apache ActiveMQ 5.16.2 has been released

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ 5.16.2 release. https://activemq.apache.org/activemq-5016002-release This releases includes fixes, improvements and dependency updates, especially: - improvements on the ActiveM

[ANNOUNCE] Apache ActiveMQ 5.15.15 has been released

The Apache ActiveMQ team is pleased to announce Apache ActiveMQ 5.15.15 release. https://activemq.apache.org/activemq-5015015-release *NOTE: This is the last planned 5.15.x release. Users should upgrade to the current 5.16.x stream for ongoin

[ANN] Apache Karaf runtime 4.3.1 has been released!

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.3.1 release. This release is a major release on the Karaf 4.3.x series, bringing updates, fixes and new features, especially: - java.* now exported by system packages (as expected since R7) - fixed on configuration with json form

[ANN] Apache Karaf 4.2.11 has been released

The Apache Karaf team is pleased to announce Apache Karaf runtime 4.2.11 release. This release is an important release on the Karaf 4.2.x series, bringing updates, fixes and new features, especially: * Karaf BoM * features service autoRefresh property * JMXMP improvements * SSH client fixes * log

[ANN] Apache Beam 2.3.0 has been released!

The Apache Beam team is pleased to announce the release of 2.3.0 version! You can download the release here: https://beam.apache.org/get-started/downloads/ This release includes the following major new features & improvements: - full Java 8 support - Spark 2.x support in Spark runner - A