mirror of
https://github.com/corda/corda.git
synced 2024-12-25 07:31:10 +00:00
835321bb70
Fixes DDoS attack mentioned on the Jira ticket. PR upgrades Artemis library to version 2.19.1. This is our own release of Apache Artemis library which has vulnerability fix for v2.20 applied. **_Breaking changes discovered during Artemis upgrade:_** 1. When the queue is created as temporary, it needs to explicitly be specified as non-durable. 2. By default, Artemis Client performs Host DNS name check against the certificate presented by the server. Our TLS certificates fail this check and this verification has to be explicitly disabled, see use of: `TransportConstants.VERIFY_HOST_PROP_NAME`. 3. Artemis Server now caches login attempts, even unsuccessful ones. When we add RPC users dynamically via DB insert this may have an unexpected outcome if the user with the same `userName` and `password` was not available previously. To workaround permissions changing dynamically, authorization and authentication caches had to be disabled. 4. When computing `maxMessageSize`, the size of the headers content is now taken into account as well. 5. Artemis handling of start-up errors has changed. E.g. when the port is already bound. 6. A number of deprecated APIs like: `createTemporaryQueue`, `failoverOnInitialAttempt`, `NullOutputStream`, `CoreQueueConfiguration`. 7. Log warning message is produced like: `AMQ212080: Using legacy SSL store provider value: JKS. Please use either 'keyStoreType' or 'trustStoreType' instead as appropriate.` 8. As reported by QA, Artemis now produces more audit logging more details [here](https://r3-cev.atlassian.net/browse/ENT-6540). Log configuration been adjusted to reduce such output. |
||
---|---|---|
.. | ||
dev | ||
prod | ||
test |