Apache ActiveMQ 5.17.0 is there!

Finally, after several months of work, Apache ActiveMQ 5.17.0 has been released.

This is a major milestone in Apache ActiveMQ roadmap, bringing lot of changes, and already preparing ActiveMQ 5.18.x.

Let's take a quick tour on some major changes in ActiveMQ 5.17.0.

JDK 11+

If ActiveMQ 5.16.x already supported JDK 11+ at runtime, the build was still using JDK 8.

ActiveMQ 5.17.0 now requires JDK 11+ for both build and runtime.

Spring 5.x

Before ActiveMQ 5.17.0, we used Spring 4.x, a deprecated (not maintained) version of Spring. It was a concern as Spring 5.x includes improvements and fixes, especially CVE fixes.

So, it made sense to bump to Spring 5.x (latest available major version right now).

From an user standpoint, nothing change, the main conf/activemq.xml is basically the same.

Log4j 2.x

If ActiveMQ 5.16.4 switched from log4j 1.x to reload4j, in order to fix CVE issues (see Apache ActiveMQ 5.16.4, reload4j and more for details).

In ActiveMQ 5.17.x, we decided to upgrade to log4j 2.17.1, including major CVE issues fixed.

From an user standpoint, this upgrade has two impacts:

  1. the log4j configuration has been updated and is now defined in conf/log4j2.properties file, of course using log4j2 format
  2. fabric8 insight log query bean has been removed from default conf/activemq.xml as it only supports log4j1 (not log4j2)

Jetty update and security enforcement

If Jetty update is a "classic" in any ActiveMQ release, ActiveMA 5.17.0 changed the used Jetty artifacts.

In previous ActiveMQ releases, we use the Jetty all aggregate uber jar. This approach is not recommended (deprecated) by Jetty anymore.

Instead, in ActiveMQ 5.17.0, we are now using the "atomic" jetty component jar files. It reduces the overall jar sizes by selecting only the Jetty jar files we actually need.

Again, from an user standpoint, no impact: conf/jetty.xml is still the same from a Jetty perspective.

Another change is about improving security on the webconsole in conf/jetty.xml. Basically, we improved the Jetty security constraint mapping:

    <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
        <property name="constraint" ref="securityConstraint" />
        <property name="pathSpec" value="/,/api/*,*.jsp,*.html,*.js,*.css,*.png,*.gif,*.ico" />

OSGi/Karaf improvements

A complete cleanup of the OSGi headers (in ActiveMQ bundles) and also Karaf features have been performed.

The major changes are:

  1. support of JMS 2 API (even if the broker is still JMS 1.1, JMS 2 dependency is now used). It avoid lot of refresh
  2. better hierarchy of Karaf features, in order to have fine grained features matching exactly users expectation

LevelDB and Camel component removed

LevelDB was deprecated for a long time. In ActiveMQ 5.17.0, we just removed it completely, included its unused dependencies.

The same for Camel component: the Camel component contained in ActiveMQ was very old using Camel 2.x (and not Camel 3.x). So we removed this component and we invite to use "native" camel-jms and/or camel-activemq components instead.

ActiveMQ 5.18.x target

If ActiveMQ 5.17.0 is a major release in ActiveMQ roadmap, we are already preparing 5.18.x target branch.

The main change we plan to do in 5.18.x is moving forward in JMS 2.0 support.

If the initial plan was to include first steps of JMS 2.0 support in ActiveMQ 5.17.x, due to potential impacts, we prefered to postpone to 5.18.x in order for us to have more time to test and verify.

So enjoy ActiveMQ 5.17.x, and stay tuned about 5.18.x ;)


Popular posts from this blog

Apache Karaf runtime 4.4.0 has been released!

Apache ActiveMQ 5.16.3 has been released

Apache Karaf and log4j2 appenders