ActiveMQ

Feb 06

The Hidden Risk of Running End-of-Life Apache Tomcat, TomEE, and ActiveMQ

By Ryan St. James ActiveMQ, CVEs, Security, Tomcat, TomEE No Comments

Understanding End-of-Life (EOL) Products If you’re a developer or manager, you’ve likely faced the challenge of maintaining legacy systems. You know the delicate balance between keeping your software running, finding the resources for costly upgrades, and managing the expense of growing your team to support emerging issues. When a product like Apache Tomcat, TomEE, or ActiveMQ reaches its End-of-Life (EOL), it stops receiving critical updates and patches from the Open Source Community. This leaves your systems vulnerable to security breaches and compliance issues—a nightmare for developers maintaining these systems and managers responsible for avoiding business risks. Key Risks of Running…

Nov 07

Love0

Act Now: Protecting Your ActiveMQ Broker from CVE-2023-46604

By Jonathan Gallimore ActiveMQ, CVEs, Security No Comments

Dive into CVE-2023-46604 You may be aware that a new critical vulnerability has been discovered in ActiveMQ. This was publicly disclosed on Friday 27th October. The details of the CVE are as follows (https://activemq.apache.org/security-advisories.data/CVE-2023-46604) Apache ActiveMQ is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. ActiveMQ, by default, exposes a connector using the OpenWire protocol, and this is commonly used by clients to connect to…

Oct 12

Love0

Moving from javax to jakarta namespace

By Jean-Louis Monteiro ActiveMQ, Apache TomEE, Jakarta EE, Java EE, MicroProfile, Open Source, Tomcat, TomEE One Comment

This blog aims at giving some pointers in order to address the challenge related to the switch from `javax` to `jakarta` namespace. This is one of the biggest changes in Java of the latest 20 years. No doubt. The entire ecosystem is impacted. Not only Java EE or Jakarta EE Application servers, but also libraries of any kind (Jackson, CXF, Hibernate, Spring to name a few). For instance, it took Apache TomEE about a year to convert all the source code and dependencies to the new `jakarta` namespace. This blog is written from the user perspective, because the shift from…

Aug 14

Love0

Securing Your Business: A Guide to Understanding and Addressing Apache ActiveMQ CVEs

By Ryan St. James ActiveMQ, CVEs, Open Source No Comments

In today's digital landscape, businesses and companies encounter a continuous stream of cybersecurity threats, and one such significant threat is Common Vulnerabilities and Exposures (CVEs). These vulnerabilities can potentially jeopardize your systems' security and stability. However, it is important to note that while CVEs are just one aspect of the broader cybersecurity landscape, they hold particular relevance. CVEs provide public data that companies and organizations can use to their advantage in understanding and addressing potential vulnerabilities. To illustrate the concept further, let's explore examples of high, medium, and low-severity CVEs in Apache Active MQ, a popular open-source messaging and integration…

Oct 06

Love0

How to increase ActiveMQ logging in 5 minutes

By Cesar Hernandez ActiveMQ, Open Source No Comments

Introduction By default, ActiveMQ uses slf4j as an abstraction facade for various logging frameworks. Log4j is the default framework provided in ActiveMQ. In this article, we will cover how to quickly increase the logging information you can get from your broker in the most common scenarios using the provided out-of-the-box configuration. (more…)

Aug 11

Love0

ActiveMQ Time Stamp Plugin

By Jonathan Gallimore ActiveMQ No Comments

Introduction This article is a quick tip for ActiveMQ users, and introduces the Time Stamp Plugin. Common support queries we get with ActiveMQ are the broker running out of space, or Producer Flow Control kicking in. Often, the cause is simple: messages have been sent to the broker, and haven’t been consumed. This will be exacerbated if you have multiple destinations, and particularly if you use KahaDB for persistence (which is the default). See my post here to get a 10000 ft view on how KahaDB works under the covers, and how it can use a large amount of disk…

May 26

Love0

JWT authentication and authorization with Apache ActiveMQ

By Jean-Louis Monteiro ActiveMQ One Comment

Apache ActiveMQ is a well known and very flexible message broker. As such, it fully embraced the AAA model (Authentication, Authorization, Accountability) with built-in plugins. For example, by default, it comes with Simple Authentication Plugin: it handles user authentication based on the `activemq.xml` defined list of users. Or, as an alternative, you can load users from properties. This is very useful for tests or to quickly bootstrap a project but does not target real-life deployments. JAAS Authentication Plugin: JAAS stands for Java Authentication and Authorization Service and is quite well known in the Java EE space (or Jakarta EE space).…

May 05

Love0

Apache ActiveMQ Failover with a SQL Database

By Jean-Louis Monteiro ActiveMQ No Comments

ActiveMQ is often a critical component in Enterprise systems, and therefore High Availability (HA) is a "must have" in order to meet production Service Level Agreements (SLA). This blog aims at providing a deployment architecture based on a set of Apache ActiveMQ brokers wired up to a SQL database. This blog targets Apache ActiveMQ “classic” as opposed to Apache ActiveMQ Artemis. Failover architecture for high availability What are we trying to achieve? A single instance of ActiveMQ can receive and deliver a very high volume of messages. It is very easy to increase performance and handle more messages by simply…

Oct 06

Love1

KahaDB logs increasing when messages are purged

By Jonathan Gallimore ActiveMQ One Comment

One of the common issues we run into with ActiveMQ, is the issue of kahadb log files not being cleared up, leading to the system potentially running out of disk space. There are a few reasons why these log files are not cleaned up: It contains a pending message for a destination or durable topic subscription It contains an ACK for a message which is in an in-use data file - the ACK cannot be removed as a recovery would then mark the message for redelivery The journal references a pending transaction It is a journal file, and there may…

Jun 11

Love0

The Flexibility and Power of MDBs, Illustrated

By Richard Monson-Haefel ActiveMQ, Apache TomEE, Open Source, TomEE No Comments

Tomitribe supports many organizations that use Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. Previously we published a MDB tutorial followed by a deeper dive in the article "MBD-to-MDB Messaging: Harness the Power of the River Delta". This week we'll provide an illustrated example of how MDBs can work together to create flexible and powerful messaging system. JMS The Java Messaging Service (JMS) is a standard for sending messages between clients using a messaging broker. The concepts behind JMS, queues, and topics are explained…

The Hidden Risk of Running End-of-Life Apache Tomcat, TomEE, and ActiveMQ

Act Now: Protecting Your ActiveMQ Broker from CVE-2023-46604

Moving from javax to jakarta namespace

Securing Your Business: A Guide to Understanding and Addressing Apache ActiveMQ CVEs

How to increase ActiveMQ logging in 5 minutes

ActiveMQ Time Stamp Plugin

JWT authentication and authorization with Apache ActiveMQ

Apache ActiveMQ Failover with a SQL Database

KahaDB logs increasing when messages are purged

The Flexibility and Power of MDBs, Illustrated

Categories

Tomitribe

Services

Open Source