Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Release Notes for Red Hat AMQ Broker 7.13

Red Hat AMQ Broker 7.13

Release Notes for AMQ Broker

Abstract

These release notes contain the latest information about new features, enhancements, fixes, and issues contained in the AMQ Broker 7.13 release.

Making open source more inclusive
Copia collegamento

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Chapter 1. Long Term Support for AMQ Broker 7.13
Copia collegamento

AMQ Broker 7.13 has been designated as a Long Term Support (LTS) release version. For details of the terms of an LTS release, see How long are AMQ LTS releases supported?

Support for Red Hat Enterprise Linux and OpenShift Container Platform

The AMQ Broker 7.13 LTS version supports:

  • Red Hat Enterprise Linux 8 and 9
  • OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20
  • Microsoft Windows Server 2019, 2022 and 2025

Red Hat strives to ensure that AMQ Broker remains compatible with future versions of OpenShift Container Platform; however this compatibility cannot be guaranteed. Interoperability testing is performed for each new OpenShift Container Platform version. If no compatibility issues are found, the new OpenShift Container Platform version is added to the Red Hat AMQ Broker 7 Supported Configurations.

Chapter 2. Supported Configurations
Copia collegamento

For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations.

Java versions supported
AMQ Broker 7.13 supports Java 17 and Java 21.
Openwire support
AMQ 7 Broker has provided support for the Openwire protocol since its release in 2017 as a means to migrate client applications to AMQ 7. With the release of AMQ Broker 7.9.0 in 2021, the Openwire protocol was deprecated and customers were encouraged to migrate their existing Openwire client applications to one of the fully supported protocols of AMQ 7 (CORE, AMQP, MQTT, or STOMP). Starting with the AMQ Broker 8.0 release, the Openwire protocol will be removed from AMQ Broker.

Chapter 3. New and Changed Features
Copia collegamento

This section describes a highlighted set of enhancements and changed features in AMQ Broker 7.13. For a full list of enhancements, see AMQ Broker 7.13.0 Enhancements

FIPS tolerance
AMQ Broker 7.13 is FIPS-tolerant, which means it automatically runs on a FIPS-enabled OpenShift cluster or RHEL system. One caveat is that the broker cannot use the default codec, org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec, to encode passwords. The default codec uses the Blowfish algorithm, which is not FIPS-tolerant. The Blowfish algorithm is deprecated in 7.13. For more information, see Disabling FIPS mode in Deploying AMQ Broker on OpenShift and Disabling FIPS mode in Configuring AMQ Broker.
JSON format support for brokerProperties
In 7.13, you can configure brokerProperties in JSON format. JSON format is more compact than text format for writing properties which means you can add more properties to an individual file without exceeding the 1 MB size limit for a properties file. For more information, see Segregating the brokerProperties configuration in Deploying AMQ Broker on OpenShift.
New AMQ Management Console

In 7.13, the next generation AMQ Management Console based on HawtIO 4 is integrated with AMQ Broker. The previous HawtIO 2 console was based on the Bootstrap framework which is no longer supported by the Bootstrap foundation. The highlights of the new console include:

  • Uses modern web technologies React and Patternfly.
  • Has a faster and more responsive UI.
  • Provides a cleaner separation between tabular views and JMX views.
  • Supports generic OpenID authentication. OpenID Connect Core 1.0 is a widespread specification and standard method for distributed authentication (based on OAuth 2).
  • Has an improved filterable broker diagram
Note

By default, the new console throttles authentication to protect against brute force attacks. As a result, you might see an intermittent error 429 when logging in to the web console. If you want to disable throttle authentication:

  • On AMQ Broker on RHEL, add a new argument, -Dhawtio.authenticationThrottled=false, to the JAVA_ARGS list of Java system arguments in the artemis.profile file.
  • On AMQ Broker on OpenShift, add a Java environment variable and specify a value of: -Ddhawtio.authenticationThrottled=false. For more information about setting environment variables, see Setting environment variables for the broker containers in Deploying AMQ Broker on OpenShift.
Note

In HawtIO 4, the hawtio.role property is not supported. Therefore, you must use the hawtio.roles property to grant one or more roles access to AMQ Management Console.

Percentage-based global memory limit
In previous releases, it was possible to set a global memory limit for all addresses only as an absolute value. In 7.13, you can set the global memory limit value as a percentage of the maximum memory that is available to the broker JVM. For information, on OpenShift, see Configuring the maximum JVM memory available to a broker in Deploying AMQ Broker on OpenShift and on RHEL, see Configuring paging limits for all addresses in Configuring AMQ Broker.
New metrics exposed by the AMQ Broker Prometheus plugin

In 7.13, the following new metrics are exposed by the AMQ Broker Prometheus plugin:

session_count: The number of sessions on this server. total_session_count: The total number of sessions created on this server since it was started. artemis_limit_percent. The percentage of a configured memory limit that is used by a specific address.

Log4J2 JsonTemplateLayout support
You can change the default layout of the logs written by the Log4J logging utility to JSON Template Layout. For more information see Configuring logging in Configuring AMQ Broker.
AMQ Core Protocol JMS client retry parameters
In 7.13, the AMQ Core Protocol JMS client applies the values of the retryIntervalMultiplier and maxRetryInterval parameters to an initial connection attempt. In previous releases, the client used these parameters in reconnection attempts but not in an initial connection attempt.
Consumer priority support for AMQP clients
AMQ Broker 7.13 allows you to set consumer priority for AMQ clients, such as Red Hat build of Apache Qpid JMS.
Red Hat Universal Base Image (UBI) 9 container images
The AMQ Broker for OpenShift container images are built based on Red Hat UBI 9. UBI 9-based broker container images are compatible with RHEL8 host systems.
Operator channels

A new Operator,Red Hat Integration - AMQ Broker for RHEL 9 (Multiarch), is provided on OperatorHub for 7.13. Updates for this Operator are provided in the 7.13.x channel only. The 7.13.x channel is a Long Term Support (LTS) channel.

A 7.12.x LTS channel provides updates for the Red Hat Integration - AMQ Broker for RHEL 8 (Multiarch) Operator. This channel is for version 7.12 only.

Note

It is not possible to upgrade the Operator by switching channels. You must uninstall the existing Operator and install the new version of the Operator from the appropriate channel.

To determine which Operator to choose, see the Red Hat Enterprise Linux Container Compatibility Matrix.

Example programs
In AMQ Broker 7.13, example programs are not distributed and installed with the broker. Instead, you can access the example programs in the following repository: https://github.com/apache/activemq-artemis-examples.

Chapter 4. Deprecated features
Copia collegamento

This section describes features that are supported, but have been deprecated from AMQ Broker.

Two-way algorithm of the default codec
Starting in 7.13, the two-way algorithm of the default codec, DefaultSensitiveStringCodec, is deprecated.
ActiveMQArtemisAddress CRD
Starting in 7.12, the ActiveMQArtemisAddress CRD is deprecated. Use the spec.brokerProperties attribute in the ActiveMQArtemis CR to create addresses and queues for your deployment.
ActiveMQArtemisSecurity CRD
Starting in 7.12, the ActiveMQArtemisSecurity CRD is deprecated. Use the spec.brokerProperties attribute in the ActiveMQArtemis CR to configure security for your deployment.
ActiveMQArtemisScaledown CRD
Starting in 7.12, the ActiveMQArtemisScaledown CRD is deprecated. The ActiveMQArtemisScaledown CRD is used internally by the broker, so this change is transparent to AMQ Broker administrators.
Connection pooling for LDAP queries
Starting in 7.12, the connectionPool parameter, which enables connection pooling for LDAP queries, is deprecated. The built-in authorization and authentication caches provide an alternative way to optimize the performance of LDAP queries. For information on customizing the built-in caches, see Configuring authentication and authorization caching.
upgrade attribute in Custom Resource
Starting in 7.11, the upgrade attribute and the associated enabled and minor attributes are deprecated because they cannot work as originally designed. Use the image or version attributes to deploy specific broker container images.
queues configuration element
Starting in 7.10, the <queues> configuration element is deprecated. You can use the <addresses> configuration element to create addresses and associated queues. The <queues> configuration element will be removed in a future release.
getAddressesSettings method
Starting in 7.10, the getAddressesSettings method, which is included in the org.apache.activemq.artemis.core.config.Configuration interface, is deprecated. Use the getAddressSettings method to configure addresses and queues for the broker programatically.
OpenWire protocol
Starting in 7.9, the OpenWire protocol is a deprecated feature. If you are creating a new AMQ Broker-based system, use one of the other supported protocols. Starting with the 8.0 release, the Openwire protocol will be removed from AMQ Broker.
Adding users when broker instance is not running
Starting in 7.8, when an AMQ Broker instance is not running, the ability to add users to the broker from the CLI interface is removed.
Network pinger
Starting in 7.5, network pinging is a deprecated feature. Network pinging cannot protect a broker cluster from network isolation issues that can lead to unrecoverable message loss. This feature will be removed in a future release. Red Hat continues to support existing AMQ Broker deployments that use network pinging. However, Red Hat no longer recommends use of network pinging in new deployments. For guidance on configuring a broker cluster for high availability and to avoid network isolation issues, see Implementing high availability in Configuring AMQ Broker.
Hawtio dispatch console plugin
Starting in 7.3, AMQ Broker no longer includes the Hawtio dispatch console plugin, dispatch-hawtio-console.war. Previously, the dispatch console was used to manage AMQ Interconnect. However, AMQ Interconnect now uses its own, standalone web console.

Chapter 5. Development preview
Copia collegamento

Important

Developer Preview versions are provided to expose features from upstream communities for use by early adopters and integrators to explore and interact with new capabilities in advance of their possible inclusion in a Red Hat product offering. For more information, see link Developer Preview Support Scope.

Restricted mode
In 7.13, the ActiveMQArtemis CR supports a new attribute, spec.Restricted. If this attribute is set to True, an empty embedded broker is deployed. You can configure this broker by using the brokerProperties attribute in the ActiveMQArtemis CR. To secure end-to-end communication the broker requires a public key infrastructure (PKI). You can use cert-manager to generate the TLS certificates for the PKI.
Self-provisioning plugin
The self-provisioning plugin is a dynamic plugin for the OpenShift Console. The plugin adds a new broker workload type to the OpenShift console that allows you to create and manage broker deployments on OpenShift. A Jolokia API server is included with the self-provisioning plugin. The API server builds requests made in the self-provisioning plugin UI and send them to the Jolokia endpoint on the broker. The self-provisioning plugin and the Jolokia API server are available on the Software Downloads page for AMQ Broker 7.13 releases:
Note

You can install the self-provisioning plugin only on a cluster that is running OpenShift 4.16 or later.

Complete the following steps to install the Jolokia API server and the self-provisioning plugin on your OpenShift cluster.

  1. Ensure that the AMQ Broker Operator and the cert-Manager Operator for OpenShift are installed on the cluster.
  2. Log in to your OpenShift cluster by using the OpenShift command-line interface (CLI).
  3. In your web browser, navigate to the Software Downloads page for AMQ Broker 7.13 releases.
  4. Next to the AMQ Broker 7.13.0 Jolokia API Server installation files, click Download.
  5. Next to the AMQ Broker 7.13.0 self-provisioning plugin installation files, click Download.

  6. Move the downloaded archives to a new directory. The following example moves the archive to a directory called ~/broker/spp. 

    $ mkdir ~/broker/spp
$ mv amq-broker-jolokia-api-server-7.13.0-install-rhel9.zip ~/broker/spp
$ mv amq-broker-self-provisioning-plugin-7.13.0-install-rhel9.zip ~/broker/spp

  7. Extract the contents of the archives. For example: 

    $ cd ~/broker/spp
$ unzip amq-broker-jolokia-api-server-7.13.0-install-rhel9.zip
$ unzip amq-broker-self-provisioning-plugin-7.13.0-install-rhel9.zip

  8. Switch to the directory that was created when you extracted the Jolokia API server archive. 

    $ cd amq-broker-jolokia-api-server-7.13.0-install

  9. Run the script to install the Jolokia API server: 

    // AsciiDocDITA.BlockTitle, warning, Block titles can only be assigned to examples, figures, and tables in DITA.
./deploy.sh

  10. Switch to the directory that was created when you extracted the self-provisioning plugin archive. 

    $ cd ../amq-broker-self-provisioning-plugin-7.13.0-install

  11. Run the script to install the self-provisioning plugin: 

    // AsciiDocDITA.BlockTitle, warning, Block titles can only be assigned to examples, figures, and tables in DITA.
./deploy-plugin.sh
  12. Verify that the pods for the Jolokia API server and the self-provisioning plugin are running in the activemq-artemis-jolokia-api-server and the activemq-artemis-self-provisioning-plugin namespaces.

For information about how to try out the plugin see the self-provisioning plugin readme file.

Chapter 6. Fixed issues
Copia collegamento

For a complete list of issues that have been fixed in the release, see AMQ Broker 7.13.0 Fixed Issues and see AMQ Broker - 7.13.x Resolved Issues for a list of issues that have been fixed in patch releases.

Chapter 7. Fixed Common Vulnerabilities and Exposures
Copia collegamento

This section details Common Vulnerabilities and Exposures (CVEs) fixed in the AMQ Broker 7.13 release.

  • ENTMQBR-9545 - CVE-2024-38819 org.springframework/spring-webmvc: Path traversal vulnerability in functional web frameworks [amq-7]
  • ENTMQBR-9496 - CVE-2024-8184 org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-7]
  • ENTMQBR-9445 - CVE-2024-38809 org.springframework/spring-web: Spring Framework DoS via conditional HTTP request [amq-7]
  • ENTMQBR-9581 - CVE-2024-6763 org.eclipse.jetty/jetty-http: Jetty URI parsing of invalid authority [amq-7]
  • ENTMQBR-9539 - CVE-2024-38828 org.springframework/spring-webmvc: DoS via Spring MVC controller method with byte[] parameter [amq-7]
  • ENTMQBR-8648 - CVE-2020-23064 hawtio-core: jquery: Cross-site scripting [amq-7]
  • ENTMQBR-8887 - CVE-2024-26308 commons-compress: OutOfMemoryError unpacking broken Pack200 file [amq-7]
  • ENTMQBR-8888 - CVE-2024-25710 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file [amq-7]

Chapter 8. Known issues
Copia collegamento

This section describes known issues in AMQ Broker 7.13.

  • ENTMQBR-10309 - RBAC is not applied for the tabs (browse message and send message) for the queue elements in the Artemis JMX tree

    In the Artemis JMX tree of the AMQ Management Console, the tabs displayed for queue elements do not reflect a user’s address permissions. All tabs appear for a queue regardless of the permissions granted to the user. To work around this issue, set the following Java system property:

    -Djolokia.disabledServices=org.jolokia.integration.artemis.ArtemisCacheKeyProvider

    • On AMQ Broker on RHEL, add the JAVA system property to the JAVA_ARGS list in the artemis.profile file.
    • On AMQ Broker on OpenShift, set the JAVA system property in an environment variable. For more information about setting environment variables, see Setting environment variables for the broker containers in Deploying AMQ Broker on OpenShift.

  • ENTMQBR-9810 - Using Java23 results in UnsupportedOperationException: getSubject is supported only if a security manager is allowed

    When you use AMQ Broker 7.13 with Java 23, the following error is displayed:

    java.lang.UnsupportedOperationException: getSubject is supported only if a security manager is allowed at java.base/javax.security.auth.Subject.getSubject(Subject.java:347) at …​..

    To resolve this issue, add a new argument, -Djava.security.manager=allow, to the JAVA_ARGS list of Java system arguments in the artemis.profile file. This argument enables support for a security manager without actually using one.

  • ENTMQBR-9791 - Failed startup of console when install dir has unicode characters.

    If you rename the default directory, created when you extracted the broker installation archive, to a directory name that contains unicode characters, the AMQ Management Console is unable to start. The following error is displayed in the logging information shown when you start the broker:

    WARN [org.eclipse.jetty.ee9.webapp.WebAppContext] Failed startup of context oeje9w.WebAppContext@626d2016{/metrics,/metrics,null,false,@Connector-0}{/home/jcliffor/Downloads/<directory name>/web/metrics.war}__ java.lang.IllegalArgumentException: Bad escape

  • ENTMQBR-9109 - Changing ingressDomain doesn’t update Routes.

    If you change the value of the spec.ingressDomain attribute to an empty value, the domain value is not updated in existing routes. This issue is due to a limitation of the OpenShift routes whereby the spec.host field of the OpenShift routes is auto-generated if it is empty only when a new route is created.

  • ENTMQBR-9187 - The Operator shows forbidden errors when you deploy a CR and message migration does not work as expected.

    If you install the Operator by using the OpenShift CLI or using OperatorHub with custom YAML files, you can configure the Operator to watch multiple namespaces or a single namespace that is different from the one in which the Operator is installed. In both of these configurations, the following error is displayed when you deploy the ActiveMQArtemis CR:

    W0614 14:18:59.355936 1 reflector.go:535] k8s.io/client-go/informers/factory.go:150: failed to list *v1.StatefulSet: statefulSets.apps is forbidden: User "system:serviceaccount:amq-broker-operator-olm:amq-broker-controller-manager" cannot list resource "statefulSets" in API group "apps" at the cluster scope

    The broker deployment is created and works as normal. However, if you scale down the deployment subsequently, messages on the broker that was removed are not migrated to another broker and are lost.

    To avoid this issue, allow the Operator to watch all namespaces, which is the default, or configure the Operator to watch the single namespace in which the Operator is installed.

  • ENTMQBR-8106 - AMQ Broker Drainer pod doesn’t function properly after changing MessageMigration in CR

    You cannot change the value of the messageMigration attribute in a running broker deployment. To work around this issue, you must set the required value for the messageMigration attribute in a new ActiveMQ Artemis CR and create a new broker deployment.

  • ENTMQBR-7359 - Change to current handling of credential secret with 7.10.0 Operator

    The Operator stores the administrator username and password for connecting to the broker in a secret. The default secret name is in the form <custom-resource-name>-credentials-secret. You can create a secret manually or allow the Operator to create a secret.

    If the adminUser and adminPassword attributes are configured in a Custom Resource before 7.10.0, the Operator updates a manually-created secret with the values of these attributes. Starting in 7.10.0, the Operator no longer updates a secret that was created manually. Therefore, if you change the values of the adminUser and adminPassword attributes in the CR, you must either: f * Update the secret with the new username and password * Delete the secret and allow the Operator to create a secret. When the Operator creates a secret, it adds the values of the adminUser and adminPassword attributes if these are specified in the CR. If these attributes are not in the CR, the Operator generates random credentials for the secret.

  • ENTMQBR-7111 - 7.10 versions of operator tend to remove StatefulSet during upgrade

    If you are upgrading to or from AMQ Broker Operator 7.10.0, the new Operator automatically deletes the existing StatefulSet for each deployment during the reconciliation process. When the Operator deletes the StatefulSet, the existing broker pods are deleted, which causes a temporary broker outage.

    You can work around this issue by running the following command to manually delete the StatefulSet and orphan the running pods before the Operator gets to delete the StatefulSet: oc delete statefulSet <statefulSet-name> --cascade=orphan

    Manually deleting the StatefulSet during the upgrade process allows the new Operator to reconcile the StatefulSet without deleting the running pods. For more information, see Upgrading the Operator using OperatorHub in Deploying AMQ Broker on OpenShift.

  • ENTMQBR-5749 - Remove unsupported operators that are visible in OperatorHub

    Only the Operators and Operator channels mentioned in Deploying the Operator from OperatorHub are supported. For technical reasons associated with Operator publication, other Operator and channels are visible in the OperatorHub and should be ignored. For reference, the following list shows which Operators are visible, but not supported:

    • Red Hat Integration - AMQ Broker LTS - all channels
    • Red Hat Integration - AMQ Broker - alpha, current, and current-76

  • ENTMQBR-4141 - AMQ Broker Operator: Increasing Persistent Volume size requires manual involvement even after recreating Stateful Set

    If you try to increase the size of the Persistent Volume Claim (PVC) required by brokers in a deployment for persistent storage, the change does not take effect without further manual steps. For example, suppose that you configure the storage.size property of a Custom Resource (CR) instance to specify an initial size for the PVC. If you modify the CR to specify a different value of storage.size, the existing brokers continue to use the original PVC size. This is the case even if you scale the deployment down to zero brokers and then back up to the original number. However, if you scale the size of the deployment up to add additional brokers, the new brokers use the new PVC size.

    To work around this issue, and ensure that all brokers in the deployment use the same PVC size, use the OpenShift Container Platform web console to expand the PVC size used by the deployment. In the console, click menu:Storage[Persistent Volume Claims]. Click your deployment. On the Actions drop-down menu in the upper-right corner, select Expand PVC and enter a new value.

Legal Notice
Copia collegamento

Copyright © Red Hat.
Except as otherwise noted below, the text of and illustrations in this documentation are licensed by Red Hat under the Creative Commons Attribution–Share Alike 3.0 Unported license . If you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, the Red Hat logo, JBoss, Hibernate, and RHCE are trademarks or registered trademarks of Red Hat, LLC. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS is a trademark or registered trademark of Hewlett Packard Enterprise Development LP or its subsidiaries in the United States and other countries.
The OpenStack® Word Mark and OpenStack logo are trademarks or registered trademarks of the Linux Foundation, used under license.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Legal Notice

Theme

© 2026 Red HatTorna in cima