Versions Compared

Version Old Version 1 New Version Current
Changes made by

Finn Zirngibl

Florian Raschbichler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Observation

HiveMQ 4.3.3 logs the following (or similar) when launching certain extensions fails to start an extension with an error similar to the following.

Code Block
The Enterprise Security Extension could not initialize XML parser.
javax.xml.bind.JAXBException: Error while searching for service [javax.xml.bind.JAXBContextFactory]

Consequence

The impact of this is severe.

...

Explanation

Due to changes library updates in the HiveMQ dependencies in HiveMQ, introduced in HiveMQ 4.3.3 certain HiveMQ Extensions fail to load an XML parser.

Info

The library updates in HiveMQ version 4.3.3 were made due to known vulnerabilities in the affected libraries.

Affected Extension

Extension

Fix Version

HiveMQ Enterprise Extension for Kafka

1.2.1

HiveMQ Enterprise Security Extension

Solution

Currently we advise remaining with a HiveMQ version prior to 4.3.3

...

1.5.3

HiveMQ File RBAC Extension

4.0.1

HiveMQ Heartbeat Extension

1.0.2

Solution

Update affected extensions to the latest version.

Custom Extension

In case one of your custom extensions is affected by this make sure to update the following packages

Old packe

New package

Version

javax.xml.bind:jaxb-api

jakarta.xml.bind:jakarta.xml.bind-api

2.3.3

com.sun.xml.bind:jaxb-impl

com.sun.xml.bind:jaxb-impl

2.3.3

javax.activation:javax.activation-api

jakarta.activation:jakarta.activation-api

1.2.2

com.sun.activation:javax.activation

com.sun.activation:jakarta.activation

1.2.2