Update dependency com.rabbitmq:amqp-client to v4.8.0 - autoclosed

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
com.rabbitmq:amqp-client (source)	compile	minor	4.0.2 -> 4.8.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Medium	5.9	CVE-2018-11087	#51

---

Release Notes

rabbitmq/rabbitmq-java-client

v4.8.0: 4.8.0

Compare Source

This is a maintenance release with new features and bug fixes. It is compatible with 4.7.x. All users of the 4.x.x and 3.6.x series are encouraged to use this version.

Note that as of this release, default DNS resolution on the server hostname is disabled when using TLS (#​400). This avoids interfering with hostname verification (#​394). DNS resolution can be easily re-enabled by passing in a DnsRecordIpAddressResolver instance to one the ConnectionFactory#newConnection methods.

Thanks to @​vikinghawk for his contribution on this release.

Changes between 4.7.0 and 4.8.0

Make it easier to enable hostname verification when TLS is enabled

GitHub issue: #​394

Disable DNS resolution when using TLS

GitHub issue: #​400

Add filter to skip some entities on topology recovery

GitHub issue: #​383

Add optional retry logic to topology recovery

GitHub issue: #​387

Address parser is incapable of handling IPv6 address literals

GitHub issue: #​385

Improve JSON RPC support by using Jackson

GitHub issue: #​378

Add equals and hashCode to generated classes

GitHub issue: #​377

Add dedicated executor to close connections in NIO mode

GitHub issue: #​380

v4.7.0: 4.7.0

Compare Source

This is a maintenance release with a new feature, a usability improvement, and a bug fix. It is compatible with 4.6.x. All users of the 4.x.x and 3.6.x series are encouraged to use this version.

Changes between 4.6.0 and 4.7.0

Multi-threaded topology recovery

Automatic topology recovery can now be performed with an ExecutorService provided with ConnectionFactory#setTopologyRecoveryExecutor. This can speed up topology recovery for connections that have lots of queues and bindings. Early tests showed multi-threaded topology recovery can be 5 times faster than single-threaded topology recovery. Note single-threaded topology recovery is still the default.

Thanks to @​vikinghawk for this contribution.

GitHub PR: #​370

Reduce default channel max to 2047

Max number of channels has been reduced from unlimited to 2048 as of RabbitMQ 3.7.5, to avoid leaking-channel applications starving broker resources. This client-side change is a safety measure for clients that would upgrade the server later.

GitHub issue: #​366

Use default client properties when reading from properties file

GitHub issue: #​368

v4.6.0: 4.6.0

Compare Source

This is a maintenance release with dependency upgrades only. It is compatible with 4.5.x. All users of the 4.x.x and 3.6.x series are encouraged use this version.

Changes between 4.5.0 and 4.6.0

Upgrade to Micrometer 1.0.2

MicrometerMetricsCollector was using API from Micrometer 1.0.0.rc6 and those API were removed in Micrometer 1.0.0 GA. MicrometerMetricsCollector has been fixed to work against Micrometer 1.0.x.

GitHub issues: #​351, #​353

Upgrade dependencies

Upgrade to SLF4J 1.7.25 (mandatory dependency) and to Dropwizard Metrics 3.2.6 (optional dependency). This shouldn't impact applications whatsoever.

GitHub commit: eed963c

v4.5.0: 4.5.0

Compare Source

Changes between 4.4.2 and 4.5.0

This is a maintenance release that includes new features and bug fixes. This release is backward-compatible with 4.4.0. Users of the 4.x.x and 3.6.x series are encouraged to use this release.

Introduce CredentialsProvider interface for authentication

This can be used to provide different credentials between re-connection.

Thanks to @​spatula75 for this contribution.

GitHub PR: #​350

Add excludeQueueFromRecovery method

This adds a public method to AutorecoveringConnection to allow for removal of a queue from recorded queues (and its related bindings) without having to call Channel#queueDelete.

Thanks to @​vikinghawk for this contribution.

GitHub PR: #​346

Trigger recovery if a socket write fails

Detecting connection failure on reading can take a lot of time (even forever if the reading thread is stuck), so connection recovery can now be triggered when a write operation fails. This can make the client more reactive to detect TCP connection failure.

GitHub issue: #​341

Add RpcClient doCall/responseCall/primitiveCall overloads which include timeout

Thanks to @​AndreasPresthammer for this contribution.

GitHub PR: #​338

Fix a potential race condition between channel recovery and acknowledgement offset

During recovery, when attempting to acknowledge a delivery the channel could be closed with
reply-code=406, reply-text=PRECONDITION_FAILED - unknown delivery tag 0, class-id=60, method-id=80) and messages would stop being delivered.

Thanks to @​vikinghawk for this contribution.

GitHub PR: #​343

v4.4.2: 4.4.2

Compare Source

Changes between 4.4.1 and 4.4.2

This patch release improves Micrometer support and fixes a bug that can occur when using metrics in combination with automatic recovery. All users of the 4.x.x series are encouraged to upgrade to this release.

Support tags in Micrometer metrics collector

GitHub issue: #​342

Upgrade Micrometer to 1.0.0-rc.6

GitHub issue: #​340

Fix metrics for acked/nacked/rejected messages after automatic recovery has kicked in

The metrics are correct and delivery tags no longer leak in the metrics implementation.

GitHub issue: #​339

v4.4.1: 4.4.1

Compare Source

Changes between 4.4.0 and 4.4.1

This is a patch release that includes a bug fix. This release is backward-compatible with 4.3.0. Users of the 3.6.x and 4.x.x series are encouraged to use this version.

Fix client version property file name

A warning log message was emitted because of a misnamed file.

GitHub issue: #​335

v4.4.0: 4.4.0

Compare Source

Changes between 4.3.0 and 4.4.0

This is a maintenance release that includes 2 new features and 2 bug fixes. This release is backward-compatible with 4.3.0. Users of the 3.6.x and 4.x.x series are encouraged to use this version.

Add property file-based initialization

It's now possible to use a property file to configure the ConnectionFactory (e.g. host, username, password, etc).

GitHub issue: #​324

Add Java 9 module name

The Automatic-Module-Name: com.rabbitmq.client entry has been added to the JAR manifest, for interoperability with JDK 9 module system.

GitHub issue: #​320

Get rid of read retry in NIO

The NIO mode used to use retries on network reading to make sure the outstanding frame would be completed in the current loop iteration. It now handle partial frames and moves on if a frame cannot be completed immediately. This behaviour is more consistent with NIO usage.

GitHub issue: #​319

Load client version in a more reliable way

This could affect classpath-sensitive environments like OSGi.

GitHub issue: #​334

v4.3.0: 4.3.0

Compare Source

Changes between 4.2.2 and 4.3.0

This maintenance release includes 2 new features and a bug fix. It's backward compatible with 4.2.x. Users of the 4.x.x and 3.6.x series are encouraged to use this release.

Support Micrometer

The Java Client supports Micrometer through its MicrometerMetricsCollector implementation of MetricsCollector. Micrometer is an instrumentation facade, which supports popular metrics backends (Atlas, Graphite, Ganglia, Datadog, JMX, etc). Note Micrometer requires Java 8 or more. The Java Client 4.3.x still supports Java 6, but Micrometer support isn't usable on Java 6 and Java 7.

GitHub issue: #​313

Make auto-recovery retry interval calculation pluggable

The RecoveryDelayHandler interface has been introduced to calculate the retry interval between each connection recovery attempt. The default strategy is still the same: a constant interval (5 seconds by default). The ExponentialBackoffDelayHandler implementation can be used to have an exponential retry interval.

Thanks to @​vikinghawk for this contribution.

GitHub issue: #​308

Handle several buffer underflow results in SslEngineByteBufferInputStream

Thanks to @​dimas for this fix.

GitHub issue: #​317

v4.2.2: 4.2.2

Compare Source

Changes between 4.2.1 and 4.2.2

This is a maintenance release that includes a bug fix in TLS when using NIO mode and a bug fix in the RpcClient. It's backward compatible with the 4.x.x series and users of those series are encouraged to use this release.

Thanks to Dmitry Andrianov for his contribution on this release.

Always flip ByteBuffer when consuming large messages on TLS

GitHub issue: #​307

Check for null blocker in RpcClient

GitHub issue: #​306

v4.2.1: 4.2.1

Compare Source

Changes between 4.2.0 and 4.2.1

This is a maintenance release that includes a bug fix about TLS settings. It's backward compatible with the 4.x.x series and users of those series are encouraged to use this release.

SSLContext is always set up to default value when using ConnectionFactory#setUri

Calling ConnectionFactory#setUri would always set the SSLContext property to the default value (which trusts all servers). The SSLContext could be set up after the call to setUri, but a warning would nevertheless be logged. setUri now sets the SSLContext to the default value only if it hasn't been set before.

GitHub issue: #​298

v4.2.0: 4.2.0

Compare Source

Changes between 4.1.1 and 4.2.0

This is a maintenance release that includes 2 new features. It's backward compatible with 4.1.x. Users of the 4.0.x and 4.1.x series are encouraged to use this release.

Introduce SSLEngine configuration hook for NIO

It's now possible to configure the SSLEngine used for a secured connection just after its creation. This can be useful to pass in SSLParameters to configure e.g. server's SNI hosts. The new interface is SslEngineConfigurator and an instance can be set in NioParams.

GitHub issue: #​274

Add option to ensure RPC reply is for the current request

During node failover and connection recovery, a timed out RPC reply can come back while a second RPC request is waiting. This can cause ClassCastExceptions. It's now possible to enable the ConnectionFactory#channelShouldCheckRpcResponseType to perform a "best-effort" check of RPC replies and ignore non-compatible replies. The default value of the flag is false (no check by default).

Thanks to @​vikinghawk for this contribution.

GitHub issue: #​290

v4.1.1: 4.1.1

Compare Source

Changes between 4.1.0 and 4.1.1

This is a maintenance release that includes bug fixes and a small improvement in the RpcServer class. It's backward compatible with 4.1.0.

Handle TimeoutException on connection creation

When several addresses are provided to the ConnectionFactory and when an address throws a TimeoutException on connection creation, the client wouldn't try the next addresses and throw an exception. Now the client tries to connect to the next address even on a TimeoutException.

GitHub issue: #​262

Let reply properties be updated in RpcServer subclasses

The properties of a response message can now be updated with the preprocessReplyProperties and postprocessReplyProperties methods that are called around the handleCall method.

GitHub issue: #​271

Remove e2e bindings for auto-delete exchanges

It was possible to have abandoned e2e bindings in the recordedBindings. This caused a channel error during recovery and caused remaining recovery items to fail as well.

Thanks to vikinghawk for this contribution.

GitHub PR: #​281

basicCancel and basicConsume honor RPC timeout

The 2 methods basicCancel and basicConsume now use the channel RPC timeout (they used to not use any timeout at all).

Thanks to vikinghawk for this contribution.

GitHub PR: #​278

Close SocketChannel correctly in NIO mode

The SocketChannel wasn't properly closed in NIO mode. The connections would show up a few dozens of seconds in the management web UI before being closed automatically by the server.

GitHub issue: #​284

v4.1.0: 4.1.0

Compare Source

Changes between 4.0.2 and 4.1.0

This is a maintenance release with a few improvements, focused mainly on usability. It's backward compatible with 4.0.x.

Make continuation timeouts configurable

It is now possible to set a timeout for synchronous AMQP calls (e.g. queueDeclare). The default timeout is 10 minutes (there was no timeout at all before that).

GitHub issue: #​219

Emit a warning in NullTrustManager

NullTrustManager trusts every server certificate, it is not considered safe to use it in production. A message now warns against its usage and suggests some solutions.

GitHub issue: #​230

Deprecate NullTrustManager

NullTrustManager is deprecated in favor of a implementation with a more explicit name: TrustEverythingTrustManager. This new implementation has the same behavior as NullTrustManager (including the warning mesage introduced in this release).

GitHub issue: #​234

Create abstract class for metrics collection

Metrics collector implementations can now subclass AbstractMetricsCollector, which contains the tricky metrics collection logic. This makes the metrics collection easier to extend with new metrics library (e.g. Dropwizard Metrics in the Java client or Spring Boot Metrics).

GitHub issue: #​222

v4.0.3: 4.0.3

Compare Source

Changes between 4.0.2 and 4.0.3

This is a maintenance release that includes a bug fix on connection creation and a bug fix in the NIO mode. This release is backward-compatible with 4.0.2.

Handle TimeoutException on connection creation

When several addresses are provided to the ConnectionFactory and when an address throws a TimeoutException on connection creation, the client wouldn't try the next addresses and throw an exception. Now the client tries to connect to the next address even on a TimeoutException.

GitHub issue: #​262

Close SocketChannel correctly in NIO mode

The SocketChannel wasn't properly closed in NIO mode. The connections would show up a few dozens of seconds in the management web UI before being closed automatically by the server.

GitHub issue: #​284

---

• If you want to rebase/retry this PR, check this box