Update dependency com.rabbitmq:amqp-client to v4 - abandoned

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
com.rabbitmq:amqp-client (source)	major	2.7.0 -> 4.8.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Medium	5.9	CVE-2018-11087	#406

---

Release Notes

rabbitmq/rabbitmq-java-client

v4.8.0

This is a maintenance release with new features and bug fixes. It is compatible with 4.7.x. All users of the 4.x.x and 3.6.x series are encouraged to use this version.

Note that as of this release, default DNS resolution on the server hostname is disabled when using TLS (#​400). This avoids interfering with hostname verification (#​394). DNS resolution can be easily re-enabled by passing in a DnsRecordIpAddressResolver instance to one the ConnectionFactory#newConnection methods.

Thanks to @​vikinghawk for his contribution on this release.

Changes between 4.7.0 and 4.8.0

Make it easier to enable hostname verification when TLS is enabled

GitHub issue: #​394

Disable DNS resolution when using TLS

GitHub issue: #​400

Add filter to skip some entities on topology recovery

GitHub issue: #​383

Add optional retry logic to topology recovery

GitHub issue: #​387

Address parser is incapable of handling IPv6 address literals

GitHub issue: #​385

Improve JSON RPC support by using Jackson

GitHub issue: #​378

Add equals and hashCode to generated classes

GitHub issue: #​377

Add dedicated executor to close connections in NIO mode

GitHub issue: #​380

v4.7.0

This is a maintenance release with a new feature, a usability improvement, and a bug fix. It is compatible with 4.6.x. All users of the 4.x.x and 3.6.x series are encouraged to use this version.

Changes between 4.6.0 and 4.7.0

Multi-threaded topology recovery

Automatic topology recovery can now be performed with an ExecutorService provided with ConnectionFactory#setTopologyRecoveryExecutor. This can speed up topology recovery for connections that have lots of queues and bindings. Early tests showed multi-threaded topology recovery can be 5 times faster than single-threaded topology recovery. Note single-threaded topology recovery is still the default.

Thanks to @​vikinghawk for this contribution.

GitHub PR: #​370

Reduce default channel max to 2047

Max number of channels has been reduced from unlimited to 2048 as of RabbitMQ 3.7.5, to avoid leaking-channel applications starving broker resources. This client-side change is a safety measure for clients that would upgrade the server later.

GitHub issue: #​366

Use default client properties when reading from properties file

GitHub issue: #​368

v4.6.0

This is a maintenance release with dependency upgrades only. It is compatible with 4.5.x. All users of the 4.x.x and 3.6.x series are encouraged use this version.

Changes between 4.5.0 and 4.6.0

Upgrade to Micrometer 1.0.2

MicrometerMetricsCollector was using API from Micrometer 1.0.0.rc6 and those API were removed in Micrometer 1.0.0 GA. MicrometerMetricsCollector has been fixed to work against Micrometer 1.0.x.

GitHub issues: #​351, #​353

Upgrade dependencies

Upgrade to SLF4J 1.7.25 (mandatory dependency) and to Dropwizard Metrics 3.2.6 (optional dependency). This shouldn't impact applications whatsoever.

GitHub commit: eed963c

v4.5.0

Changes between 4.4.2 and 4.5.0

This is a maintenance release that includes new features and bug fixes. This release is backward-compatible with 4.4.0. Users of the 4.x.x and 3.6.x series are encouraged to use this release.

Introduce CredentialsProvider interface for authentication

This can be used to provide different credentials between re-connection.

Thanks to @​spatula75 for this contribution.

GitHub PR: #​350

Add excludeQueueFromRecovery method

This adds a public method to AutorecoveringConnection to allow for removal of a queue from recorded queues (and its related bindings) without having to call Channel#queueDelete.

Thanks to @​vikinghawk for this contribution.

GitHub PR: #​346

Trigger recovery if a socket write fails

Detecting connection failure on reading can take a lot of time (even forever if the reading thread is stuck), so connection recovery can now be triggered when a write operation fails. This can make the client more reactive to detect TCP connection failure.

GitHub issue: #​341

Add RpcClient doCall/responseCall/primitiveCall overloads which include timeout

Thanks to @​AndreasPresthammer for this contribution.

GitHub PR: #​338

Fix a potential race condition between channel recovery and acknowledgement offset

During recovery, when attempting to acknowledge a delivery the channel could be closed with
reply-code=406, reply-text=PRECONDITION_FAILED - unknown delivery tag 0, class-id=60, method-id=80) and messages would stop being delivered.

Thanks to @​vikinghawk for this contribution.

GitHub PR: #​343

v4.4.2

Changes between 4.4.1 and 4.4.2

This patch release improves Micrometer support and fixes a bug that can occur when using metrics in combination with automatic recovery. All users of the 4.x.x series are encouraged to upgrade to this release.

Support tags in Micrometer metrics collector

GitHub issue: #​342

Upgrade Micrometer to 1.0.0-rc.6

GitHub issue: #​340

Fix metrics for acked/nacked/rejected messages after automatic recovery has kicked in

The metrics are correct and delivery tags no longer leak in the metrics implementation.

GitHub issue: #​339

v4.4.1

Changes between 4.4.0 and 4.4.1

This is a patch release that includes a bug fix. This release is backward-compatible with 4.3.0. Users of the 3.6.x and 4.x.x series are encouraged to use this version.

Fix client version property file name

A warning log message was emitted because of a misnamed file.

GitHub issue: #​335

v4.4.0

Changes between 4.3.0 and 4.4.0

This is a maintenance release that includes 2 new features and 2 bug fixes. This release is backward-compatible with 4.3.0. Users of the 3.6.x and 4.x.x series are encouraged to use this version.

Add property file-based initialization

It's now possible to use a property file to configure the ConnectionFactory (e.g. host, username, password, etc).

GitHub issue: #​324

Add Java 9 module name

The Automatic-Module-Name: com.rabbitmq.client entry has been added to the JAR manifest, for interoperability with JDK 9 module system.

GitHub issue: #​320

Get rid of read retry in NIO

The NIO mode used to use retries on network reading to make sure the outstanding frame would be completed in the current loop iteration. It now handle partial frames and moves on if a frame cannot be completed immediately. This behaviour is more consistent with NIO usage.

GitHub issue: #​319

Load client version in a more reliable way

This could affect classpath-sensitive environments like OSGi.

GitHub issue: #​334

v4.3.0

Changes between 4.2.2 and 4.3.0

This maintenance release includes 2 new features and a bug fix. It's backward compatible with 4.2.x. Users of the 4.x.x and 3.6.x series are encouraged to use this release.

Support Micrometer

The Java Client supports Micrometer through its MicrometerMetricsCollector implementation of MetricsCollector. Micrometer is an instrumentation facade, which supports popular metrics backends (Atlas, Graphite, Ganglia, Datadog, JMX, etc). Note Micrometer requires Java 8 or more. The Java Client 4.3.x still supports Java 6, but Micrometer support isn't usable on Java 6 and Java 7.

GitHub issue: #​313

Make auto-recovery retry interval calculation pluggable

The RecoveryDelayHandler interface has been introduced to calculate the retry interval between each connection recovery attempt. The default strategy is still the same: a constant interval (5 seconds by default). The ExponentialBackoffDelayHandler implementation can be used to have an exponential retry interval.

Thanks to @​vikinghawk for this contribution.

GitHub issue: #​308

Handle several buffer underflow results in SslEngineByteBufferInputStream

Thanks to @​dimas for this fix.

GitHub issue: #​317

v4.2.2

Changes between 4.2.1 and 4.2.2

This is a maintenance release that includes a bug fix in TLS when using NIO mode and a bug fix in the RpcClient. It's backward compatible with the 4.x.x series and users of those series are encouraged to use this release.

Thanks to Dmitry Andrianov for his contribution on this release.

Always flip ByteBuffer when consuming large messages on TLS

GitHub issue: #​307

Check for null blocker in RpcClient

GitHub issue: #​306

v4.2.1

Changes between 4.2.0 and 4.2.1

This is a maintenance release that includes a bug fix about TLS settings. It's backward compatible with the 4.x.x series and users of those series are encouraged to use this release.

SSLContext is always set up to default value when using ConnectionFactory#setUri

Calling ConnectionFactory#setUri would always set the SSLContext property to the default value (which trusts all servers). The SSLContext could be set up after the call to setUri, but a warning would nevertheless be logged. setUri now sets the SSLContext to the default value only if it hasn't been set before.

GitHub issue: #​298

v4.2.0

Changes between 4.1.1 and 4.2.0

This is a maintenance release that includes 2 new features. It's backward compatible with 4.1.x. Users of the 4.0.x and 4.1.x series are encouraged to use this release.

Introduce SSLEngine configuration hook for NIO

It's now possible to configure the SSLEngine used for a secured connection just after its creation. This can be useful to pass in SSLParameters to configure e.g. server's SNI hosts. The new interface is SslEngineConfigurator and an instance can be set in NioParams.

GitHub issue: #​274

Add option to ensure RPC reply is for the current request

During node failover and connection recovery, a timed out RPC reply can come back while a second RPC request is waiting. This can cause ClassCastExceptions. It's now possible to enable the ConnectionFactory#channelShouldCheckRpcResponseType to perform a "best-effort" check of RPC replies and ignore non-compatible replies. The default value of the flag is false (no check by default).

Thanks to @​vikinghawk for this contribution.

GitHub issue: #​290

v4.1.1

Changes between 4.1.0 and 4.1.1

This is a maintenance release that includes bug fixes and a small improvement in the RpcServer class. It's backward compatible with 4.1.0.

Handle TimeoutException on connection creation

When several addresses are provided to the ConnectionFactory and when an address throws a TimeoutException on connection creation, the client wouldn't try the next addresses and throw an exception. Now the client tries to connect to the next address even on a TimeoutException.

GitHub issue: #​262

Let reply properties be updated in RpcServer subclasses

The properties of a response message can now be updated with the preprocessReplyProperties and postprocessReplyProperties methods that are called around the handleCall method.

GitHub issue: #​271

Remove e2e bindings for auto-delete exchanges

It was possible to have abandoned e2e bindings in the recordedBindings. This caused a channel error during recovery and caused remaining recovery items to fail as well.

Thanks to vikinghawk for this contribution.

GitHub PR: #​281

basicCancel and basicConsume honor RPC timeout

The 2 methods basicCancel and basicConsume now use the channel RPC timeout (they used to not use any timeout at all).

Thanks to vikinghawk for this contribution.

GitHub PR: #​278

Close SocketChannel correctly in NIO mode

The SocketChannel wasn't properly closed in NIO mode. The connections would show up a few dozens of seconds in the management web UI before being closed automatically by the server.

GitHub issue: #​284

v4.1.0

Changes between 4.0.2 and 4.1.0

This is a maintenance release with a few improvements, focused mainly on usability. It's backward compatible with 4.0.x.

Make continuation timeouts configurable

It is now possible to set a timeout for synchronous AMQP calls (e.g. queueDeclare). The default timeout is 10 minutes (there was no timeout at all before that).

GitHub issue: #​219

Emit a warning in NullTrustManager

NullTrustManager trusts every server certificate, it is not considered safe to use it in production. A message now warns against its usage and suggests some solutions.

GitHub issue: #​230

Deprecate NullTrustManager

NullTrustManager is deprecated in favor of a implementation with a more explicit name: TrustEverythingTrustManager. This new implementation has the same behavior as NullTrustManager (including the warning mesage introduced in this release).

GitHub issue: #​234

Create abstract class for metrics collection

Metrics collector implementations can now subclass AbstractMetricsCollector, which contains the tricky metrics collection logic. This makes the metrics collection easier to extend with new metrics library (e.g. Dropwizard Metrics in the Java client or Spring Boot Metrics).

GitHub issue: #​222

v4.0.3

Changes between 4.0.2 and 4.0.3

This is a maintenance release that includes a bug fix on connection creation and a bug fix in the NIO mode. This release is backward-compatible with 4.0.2.

Handle TimeoutException on connection creation

When several addresses are provided to the ConnectionFactory and when an address throws a TimeoutException on connection creation, the client wouldn't try the next addresses and throw an exception. Now the client tries to connect to the next address even on a TimeoutException.

GitHub issue: #​262

Close SocketChannel correctly in NIO mode

The SocketChannel wasn't properly closed in NIO mode. The connections would show up a few dozens of seconds in the management web UI before being closed automatically by the server.

GitHub issue: #​284

v4.0.2

Changes between 4.0.1 and 4.0.2

This is a maintenance release that includes a bug fix in the NIO connector. This release is backward-compatible with 4.0.1.

NIO main thread can terminate due to an unhandled AssertionError

An AssertionError can be thrown in some edge cases and terminates the NIO main thread. This type of exception is now properly handled. AssertionError is actually not justified in this case, but this behavior is kept for compatibility reasons. More appropriate exceptions will be used in 5.0.0 (see #​239).

GitHub issue: #​237

v4.0.1

Changes between 4.0.0 and 4.0.1

This is a maintenance release that includes a few improvements. All users of 4.0.0 are encouraged to upgrade to this version.

This release is available from Maven Central.

Always use monotonically growing clock function in BlockingCell

BlockingCell now always uses System.nanoTime() to evaluate duration in timeout methods. This avoids errors when system clock changes.

Thanks to dhakimTRX for this contribution.

GitHub PR: #​224

Add toString() to AutorecoveringChannel

Thanks to Gary Russel for this contribution.

GitHub issue: #​217

Comply to Android StrictMode

This was actually fixed in 3.6.7 but is worth mentioning here. A non-correctly closed InputStream was causing failure when running on Android with StrictMode enabled.

Thanks to Tobias Knell for this contribution.

GitHub PR: #​232

v4.0.0

Changes between 3.6.x and 4.0.0

RabbitMQ Java Client 4.0.0 doesn't bring any breaking changes to application APIs (e.g. Consumer), the major version upgrade rather marks the decoupling of the Java Client project from the RabbitMQ broker, at least for release cycle and versioning.

This decoupling will make it easier and faster to ship bug fixes and new features. This is also the occasion to adopt semantic versioning.

A few new methods have been added to the Connection, Channel, and RecoveryListener interfaces. These interfaces are more likely to be implemented in libraries (e.g. wrappers of the client) than in applications, but in any case, ensure you add those new methods to your implementation classes.

This release is available from Maven Central.

Enable automatic connection recovery by default

Automatic connection recovery has been there for a few years now, and we know that many users always enable it, so we've decided to enable it by default. You can still choose not to use it, but you'll need to disable it explicitly.

GitHub issue: #​214

Logging library integration

SLF4J is now used in several places of the Java Client to report logging messages. It's also used in the default exception handler implementation that ships with the client. This gives the application developer a large choice of logging implementations (e.g. Logback, Log4j) and a large choice of destinations to direct logs to (file, but also logging-specific protocols).

GitHub issue: #​114

Add support for metrics

The Java Client can now gather runtime metrics such as number of sent and received messages. The metrics are collected by default through Dropwizard Metrics library, but collection is pluggable if you have some fancy requirements. Using Dropwizard Metrics gives the opportunity to use many monitoring backends out-of-the-box: JMX, Spring Boot metrics endpoint, Ganglia, Graphite, etc.

GitHub issue: #​79

Support NIO

The Java Client has been historically using the traditional Java blocking IO library (i.e. Socket and its Input/OutputStreams). This has been working for years, but isn't adapted to all kinds of workloads. Java NIO allows for a more flexible, yet more complex to implement model to handle network communication. Long story short, Java NIO allows to handle more connections with fewer threads (the blocking IO mode always needs one thread per connection). Java NIO is an opt-in and is disabled by default.

This feature is still considered experimental: even though our test suite passes in NIO mode, we haven't got feedback yet from production projects.

GitHub issue: #​11

Support dynamic versioning

Now the Java Client isn't tied to RabbitMQ server releases, supporting dynamic versioning is possible. This will make easier for users to know if they can safely upgrade to a new version of the client, if they can benefit from new features, etc.

GitHub issue: #​123

Extract Tracer into a separate project

The AMQP Tracer is now hosted in a separate project. See the documentation for more details.

GitHub issue: #​204

Extract PerfTest into a separate project

The PerfTest tool is now hosted in a separate project. See the documentation for more details.

GitHub issue: #​196

Prevent Socket.write() from blocking

When the connection was lost between the client and the server, the Java Client could block on write operations until the underlying socket was closed by the operating system (after several minutes on Linux). This has been solved by making part of the shutdown sequence asynchronous.

GitHub issue: #​194

UnknownChannelException in AMQConnection.MainLoop.run

Corner cases (e.g. channel closed - thus no longer known from the client - with an in-flight delivery) could trigger fatal exceptions. Those cases are now handled and just logged.

GitHub issue: #​189

Add Recoverable[Connection/Channel] interfaces

This makes casting and using a recoverable connection/channel a bit easier than casting to either just Recoverable (which just exposes the two methods) or the concrete class.

GitHub issue: #​137

Make socket connection to try all DNS record IPs

GitHub issue: #​138

Finish transition to Maven

The build doesn't depend on Ant anymore.

GitHub issues: #​164, #​37

Bump default TLS protocol version to TLS v1.2

TLS v1.2 is used by default only if the client JVM supports it, otherwise the client automatically falls back to TLS v1.0.

GitHub issue: #​139

Begin recovery after all shutdown listeners have been given a chance to run

GitHub issue: #​135

Enhance RpcClient: Provide access to message metadata

GitHub issue: #​134

Contributed by Zac Farrell.

Make Connection implement Closeable interface

GitHub issue: #​131

Contributed by Karl "Khazrak" Andersson.

Detailed list of changes.

---

• If you want to rebase/retry this PR, click this checkbox.

[mend-for-github-com]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

[mend-for-github-com]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.