Skip to main content

Act Now: Protecting Your ActiveMQ Broker from CVE-2023-46604

By ActiveMQ, CVEs, Security No Comments
You may be aware that a new critical vulnerability has been discovered in ActiveMQ. This was publicly disclosed on Friday 27th October. The details of the CVE are as follows (https://activemq.apache.org/security-advisories.data/CVE-2023-46604): Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. ActiveMQ, by default, exposes a connector using the OpenWire protocol, and this is commonly used by clients to connect to the broker. Unlike HTTP…
Read More

Moving from javax to jakarta namespace

By ActiveMQ, Apache TomEE, Jakarta EE, Java EE, MicroProfile, Open Source, Tomcat, TomEE One Comment
This blog aims at giving some pointers in order to address the challenge related to the switch from `javax` to `jakarta` namespace. This is one of the biggest changes in Java of the latest 20 years. No doubt. The entire ecosystem is impacted. Not only Java EE or Jakarta EE Application servers, but also libraries of any kind (Jackson, CXF, Hibernate, Spring to name a few). For instance, it took Apache TomEE about a year to convert all the source code and dependencies to the new `jakarta` namespace. This blog is written from the user perspective, because the shift from…
Read More

Securing Your Business: A Guide to Understanding and Addressing Apache ActiveMQ CVEs

By ActiveMQ, CVEs, Open Source No Comments
In today's digital landscape, businesses and companies encounter a continuous stream of cybersecurity threats, and one such significant threat is Common Vulnerabilities and Exposures (CVEs). These vulnerabilities can potentially jeopardize your systems' security and stability. However, it is important to note that while CVEs are just one aspect of the broader cybersecurity landscape, they hold particular relevance. CVEs provide public data that companies and organizations can use to their advantage in understanding and addressing potential vulnerabilities. To illustrate the concept further, let's explore examples of high, medium, and low-severity CVEs in Apache Active MQ, a popular open-source messaging and integration…
Read More

ActiveMQ Time Stamp Plugin

By ActiveMQ No Comments
Introduction This article is a quick tip for ActiveMQ users, and introduces the Time Stamp Plugin. Common support queries we get with ActiveMQ are the broker running out of space, or Producer Flow Control kicking in. Often, the cause is simple: messages have been sent to the broker, and haven’t been consumed. This will be exacerbated if you have multiple destinations, and particularly if you use KahaDB for persistence (which is the default). See my post here to get a 10000 ft view on how KahaDB works under the covers, and how it can use a large amount of disk…
Read More

JWT authentication and authorization with Apache ActiveMQ

By ActiveMQ One Comment
Apache ActiveMQ is a well known and very flexible message broker. As such, it fully embraced the AAA model (Authentication, Authorization, Accountability) with built-in plugins.  For example, by default, it comes with Simple Authentication Plugin: it handles user authentication based on the `activemq.xml` defined list of users. Or, as an alternative, you can load users from properties. This is very useful for tests or to quickly bootstrap a project but does not target real-life deployments. JAAS Authentication Plugin: JAAS stands for Java Authentication and Authorization Service and is quite well known in the Java EE space (or Jakarta EE space).…
Read More

Apache ActiveMQ Failover with a SQL Database

By ActiveMQ No Comments
ActiveMQ is often a critical component in Enterprise systems, and therefore High Availability (HA) is a "must have" in order to meet production Service Level Agreements (SLA). This blog aims at providing a deployment architecture based on a set of Apache ActiveMQ brokers wired up to a SQL database.  This blog targets Apache ActiveMQ “classic” as opposed to Apache ActiveMQ Artemis. Failover architecture for high availability What are we trying to achieve? A single instance of ActiveMQ can receive and deliver a very high volume of messages. It is very easy to increase performance and handle more messages by simply…
Read More

KahaDB logs increasing when messages are purged

By ActiveMQ One Comment
One of the common issues we run into with ActiveMQ, is the issue of kahadb log files not being cleared up, leading to the system potentially running out of disk space.  There are a few reasons why these log files are not cleaned up: It contains a pending message for a destination or durable topic subscription It contains an ACK for a message which is in an in-use data file - the ACK cannot be removed as a recovery would then mark the message for redelivery The journal references a pending transaction It is a journal file, and there may…
Read More

The Flexibility and Power of MDBs, Illustrated

By ActiveMQ, Apache TomEE, Open Source, TomEE No Comments
Tomitribe supports many organizations that use Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. Previously we published a MDB tutorial followed by a deeper dive in the article "MBD-to-MDB Messaging: Harness the Power of the River Delta". This week we'll provide an illustrated example of how MDBs can work together to create flexible and powerful messaging system. JMS The Java Messaging Service (JMS) is a standard for sending messages between clients using a messaging broker. The concepts behind JMS, queues, and topics are explained…
Read More

MBD-to-MDB Messaging: Harness the Power of the River Delta

By ActiveMQ, Apache TomEE, Open Source, TomEE No Comments
Tomitribe supports many of organizations that use ActiveMQ, JMS, and Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. The idea behind yesterday's MDB tutorial was to divide up the work of spidering a web page among three different MDBs each with a specific purpose. This division of labor is an important concept in messaging in general and MDBs in particular. This article shows how MDBs can communicate with outside applications as well as other MDBs in a Java EE application server. This latter capability,…
Read More