Releases: rabbitmq/rabbitmq-jms-client
1.6.0
adc1078
acogoluegnes
Arnaud Cogoluègnes
Changes between 1.5.0 and 1.6.0
This is a release candidate for 1.6.0, a maintenance release that includes a few bug fixes, enhancements, and an upgrade of the RabbitMQ Java client dependency. This release is backward-compatible with 1.5.0.
Refactor RMQConnection and RMQSession to accept fewer constructor parameters
This is an internal refactoring to make it easy to add new settings to JMS resources.
GitHub issue: #7
Provide a way to configure onMessageTimeoutMs
It is now possible to configure the message processing timeout.
GitHub issue: #5
Contributed by Guillaume Mornet.
Support hostname lists
It is now possible to provide a list of hostnames to connect to (instead of a single one).
GitHub issue: #2
Upgrade to RabbitMQ Java Client 4.0
The JMS Client now uses RabbitMQ Java Client 4.0.
GitHub issue: #9
Set consumer prefetch (a.k.a QoS)
RMQConnectionFactory has a new property to set up the quality of service on created channels. This make it easy to balance load between consumers.
GitHub issue: #11
Provide a way to configure TLS options for JMS connections
RMQConnectionFactory provides some methods to finely-tune the underlying SSLContext for TLS connections.
GitHub issue: #1
SSLContext was overridden with default
Provided SSLContext was overridden because of a side-effect in a method call in the RabbitMQ Java Client. The SSLContext provided to the RMQConnectionFactory is now effectively used.
GitHub issue: #12
Allow using default SSLContext
RMQConnectionFactory has now a flag to use the default SSLContext. It is thus possible to set up TLS options (e.g. key store and trust store) from the command line, with system properties.
GitHub issue: #14
1.6.0.RC1
8bd123d
acogoluegnes
Arnaud Cogoluègnes
Changes between 1.5.0 and 1.6.0.RC1
This is a release candidate for 1.6.0, a maintenance release that includes a few bug fixes, enhancements, and an upgrade of the RabbitMQ Java client dependency. This release is backward-compatible with 1.5.0.
Refactor RMQConnection and RMQSession to accept fewer constructor parameters
This is an internal refactoring to make it easy to add new settings to JMS resources.
GitHub issue: #7
Provide a way to configure onMessageTimeoutMs
It is now possible to configure the message processing timeout.
GitHub issue: #5
Support hostname lists
It is now possible to provide a list of hostnames to connect to (instead of a single one).
GitHub issue: #2
Upgrade to RabbitMQ Java Client 4.0
The JMS Client now uses RabbitMQ Java Client 4.0.
GitHub issue: #9
Set consumer prefetch (a.k.a QoS)
RMQConnectionFactory has a new property to set up the quality of service on created channels. This make it easy to balance load between consumers.
GitHub issue: #11
Provide a way to configure TLS options for JMS connections
RMQConnectionFactory provides some methods to finely-tune the underlying SSLContext for TLS connections.
GitHub issue: #1
SSLContext was overridden with default
Provided SSLContext was overridden because of a side-effect in a method call in the RabbitMQ Java Client. The SSLContext provided to the RMQConnectionFactory is now effectively used.
GitHub issue: #12
Allow using default SSLContext
RMQConnectionFactory has now a flag to use the default SSLContext. It is thus possible to set up TLS options (e.g. key store and trust store) from the command line, with system properties.
GitHub issue: #14
1.5.0
Changes Between 1.4.7 and 1.5.0
1.5.0 is a maintainence release that includes a fix
for CVE-2016-6194.
Limited ObjectMessage Deserialization
Classes that can be deserialized from javax.jms.ObjectMessage
now can be limited via a package prefix white list.
There are two ways to do it:
- Via the
com.rabbitmq.jms.TrustedPackagesPrefixesJVM property which accepts
a comma separated list of prefixes, for example,java,com.rabbitmq,com.mycompany - Using
RMQConnectionFactory#setTrustedPackages,RMQConnection#setTrustedPackages, orRMQSession#setTrustedPackages
which accept lists of package prefixes
All options take a list of package name prefixes, e.g. java will make all classes
in java.lang, java.util, and other packages starting with java trusted.
Deserialization attempt for untrusted classes will throw an exception.
GH issue: rabbitmq-jms-client#3.
This fixes CVE-2016-6194 (note: attacker must be authenticated
with RabbitMQ in order to carry out the attack).
RabbitMQ Java Client Dependency Update
This client now depends on RabbitMQ Java client 3.6.3.