Releases: rabbitmq/rabbitmq-jms-client
1.6.0
Changes between 1.5.0 and 1.6.0
This is a release candidate for 1.6.0, a maintenance release that includes a few bug fixes, enhancements, and an upgrade of the RabbitMQ Java client dependency. This release is backward-compatible with 1.5.0.
Refactor RMQConnection and RMQSession to accept fewer constructor parameters
This is an internal refactoring to make it easy to add new settings to JMS resources.
GitHub issue: #7
Provide a way to configure onMessageTimeoutMs
It is now possible to configure the message processing timeout.
GitHub issue: #5
Contributed by Guillaume Mornet.
Support hostname lists
It is now possible to provide a list of hostnames to connect to (instead of a single one).
GitHub issue: #2
Upgrade to RabbitMQ Java Client 4.0
The JMS Client now uses RabbitMQ Java Client 4.0.
GitHub issue: #9
Set consumer prefetch (a.k.a QoS)
RMQConnectionFactory
has a new property to set up the quality of service on created channels. This make it easy to balance load between consumers.
GitHub issue: #11
Provide a way to configure TLS options for JMS connections
RMQConnectionFactory
provides some methods to finely-tune the underlying SSLContext
for TLS connections.
GitHub issue: #1
SSLContext
was overridden with default
Provided SSLContext
was overridden because of a side-effect in a method call in the RabbitMQ Java Client. The SSLContext
provided to the RMQConnectionFactory
is now effectively used.
GitHub issue: #12
Allow using default SSLContext
RMQConnectionFactory
has now a flag to use the default SSLContext
. It is thus possible to set up TLS options (e.g. key store and trust store) from the command line, with system properties.
GitHub issue: #14
1.6.0.RC1
Changes between 1.5.0 and 1.6.0.RC1
This is a release candidate for 1.6.0, a maintenance release that includes a few bug fixes, enhancements, and an upgrade of the RabbitMQ Java client dependency. This release is backward-compatible with 1.5.0.
Refactor RMQConnection and RMQSession to accept fewer constructor parameters
This is an internal refactoring to make it easy to add new settings to JMS resources.
GitHub issue: #7
Provide a way to configure onMessageTimeoutMs
It is now possible to configure the message processing timeout.
GitHub issue: #5
Support hostname lists
It is now possible to provide a list of hostnames to connect to (instead of a single one).
GitHub issue: #2
Upgrade to RabbitMQ Java Client 4.0
The JMS Client now uses RabbitMQ Java Client 4.0.
GitHub issue: #9
Set consumer prefetch (a.k.a QoS)
RMQConnectionFactory
has a new property to set up the quality of service on created channels. This make it easy to balance load between consumers.
GitHub issue: #11
Provide a way to configure TLS options for JMS connections
RMQConnectionFactory
provides some methods to finely-tune the underlying SSLContext
for TLS connections.
GitHub issue: #1
SSLContext
was overridden with default
Provided SSLContext
was overridden because of a side-effect in a method call in the RabbitMQ Java Client. The SSLContext
provided to the RMQConnectionFactory
is now effectively used.
GitHub issue: #12
Allow using default SSLContext
RMQConnectionFactory
has now a flag to use the default SSLContext
. It is thus possible to set up TLS options (e.g. key store and trust store) from the command line, with system properties.
GitHub issue: #14
1.5.0
Changes Between 1.4.7 and 1.5.0
1.5.0
is a maintainence release that includes a fix
for CVE-2016-6194
.
Limited ObjectMessage Deserialization
Classes that can be deserialized from javax.jms.ObjectMessage
now can be limited via a package prefix white list.
There are two ways to do it:
- Via the
com.rabbitmq.jms.TrustedPackagesPrefixes
JVM property which accepts
a comma separated list of prefixes, for example,java,com.rabbitmq,com.mycompany
- Using
RMQConnectionFactory#setTrustedPackages
,RMQConnection#setTrustedPackages
, orRMQSession#setTrustedPackages
which accept lists of package prefixes
All options take a list of package name prefixes, e.g. java
will make all classes
in java.lang
, java.util
, and other packages starting with java
trusted.
Deserialization attempt for untrusted classes will throw an exception.
GH issue: rabbitmq-jms-client#3.
This fixes CVE-2016-6194
(note: attacker must be authenticated
with RabbitMQ in order to carry out the attack).
RabbitMQ Java Client Dependency Update
This client now depends on RabbitMQ Java client 3.6.3
.