Sure, as soon as tarball is available on the website.
--
Vilius
>-----Original Message-----
>From: Clebert Suconic <[email protected]>
>Sent: Friday, March 20, 2026 3:39 PM
>To: [email protected]
>Cc: Vilius Šumskas <[email protected]>
>Subject: Re: Possible bug with management ACLs
>
>I'm about to release 2.53.0. Can you try in that version?
>
>On Fri, Mar 20, 2026 at 9:12 AM Vilius Šumskas via users
><[email protected]> wrote:
>>
>> Hi,
>>
>>
>>
>> I‘m not sure if this is the same bug, but indeed something has changed in
>> recent
>Artemis versions in regards to management.xml ACLs. We encountered this issue
>https://github.com/jolokia/jolokia-integration/issues/5 . It is filled against
>Jolokia,
>but now I’m wondering if these changes are in Artemis itself.
>>
>>
>>
>> --
>>
>> Vilius
>>
>>
>>
>> From: Alexander Milovidov <[email protected]>
>> Sent: Friday, March 20, 2026 2:25 PM
>> To: [email protected]
>> Subject: Possible bug with management ACLs
>>
>>
>>
>> Hi All!
>>
>>
>>
>> Recently I've discovered a possible bug in Artemis 2.50.0 and later. When I
>configure management ACL for sending messages on a particular address, the
>permissions for sending messages are granted only for the queue on this
>address. I
>checked if the user has permissions on the objects in the Artemis JMX tree.
>>
>> When I tried to reproduce this issue in an isolated environment, it had a
>> different
>effect: when I granted permissions on a particular address, the permissions
>were
>granted on this address and all other addresses and queues.
>>
>>
>>
>> Steps to reproduce on a fresh instance:
>>
>> - create a user "test" with role "test-role" and add test-role to
>> hawtio roles;
>>
>> - create address TEST.IN with TEST.IN queue.\
>>
>> - add an example management ACL to management.xml role-access section:
>>
>> <match domain="org.apache.activemq.artemis" key="address=TEST.IN">
>>
>> <access method="send*" roles="amq,test-role"/>
>> <access method="*" roles="amq"/>
>>
>> </match>
>>
>>
>>
>> Also I've mentioned that when I configure JMX exporter as javaagent (which
>requires java option -Dcom.sun.management.jmxremote=true), all ACLs on
>mbeans have no effect. Any operations for all users are available regardless of
>configured management ACLs. Anyway I plan to get rid of the JMX exporter.
>>
>>
>>
>> Both problems are reproduced in versions 2.50.0 - 2.52.0 and not reproduced
>> in
>previous versions.
>>
>> I'll later try to configure the same management ACLs using security-settings
>> in
>broker.xml.
>>
>>
>>
>> --
>>
>> Regards,
>>
>> Alexander
>
>
>
>--
>Clebert Suconic
