Skip to content

fix(deps): update dependency com.rabbitmq:amqp-client to v5.34.0 (release/5.0.x)#5326

Merged
joschi merged 1 commit into
release/5.0.xfrom
renovate/release/5.0.x-rabbitmq.version
Jul 10, 2026
Merged

fix(deps): update dependency com.rabbitmq:amqp-client to v5.34.0 (release/5.0.x)#5326
joschi merged 1 commit into
release/5.0.xfrom
renovate/release/5.0.x-rabbitmq.version

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
com.rabbitmq:amqp-client (source) 5.32.05.34.0 age confidence

Release Notes

rabbitmq/rabbitmq-java-client (com.rabbitmq:amqp-client)

v5.34.0: 5.34.0

Compare Source

Changes between 5.33.1 and 5.34.0

This is a maintenance release with bug fixes and dependency upgrades. It is compatible with 5.33.1. All users are encouraged to upgrade.

Harden connection negotiation phase

GitHub PRs: #​2018 #​2020

Honor unlimited negotiated frame_max when capping inbound message size

GitHub PR: #​2016

Reject negative body size when parsing content headers

GitHub PR: #​2014

Bump dependencies

GitHub issue: #​2006

Dependency

Maven

<dependency>
  <groupId>com.rabbitmq</groupId>
  <artifactId>amqp-client</artifactId>
  <version>5.34.0</version>
</dependency>

Gradle

compile 'com.rabbitmq:amqp-client:5.34.0'

v5.33.1: 5.33.1

Compare Source

Changes between 5.33.0 and 5.33.1

This is a maintenance release with a bug fix. It is compatible with 5.33.0. All users are encouraged to upgrade.

Harden ValueReader

GitHub PR: #​2008

Dependency

Maven

<dependency>
  <groupId>com.rabbitmq</groupId>
  <artifactId>amqp-client</artifactId>
  <version>5.33.1</version>
</dependency>

Gradle

compile 'com.rabbitmq:amqp-client:5.33.1'

v5.33.0: 5.33.0

Compare Source

Changes between 5.32.0 and 5.33.0

This is a maintenance release with bug fixes and dependency upgrades. It introduces minor breaking changes compared to 5.32.0 (see below for details). All users are encouraged to upgrade.

The RabbitMQ team normally maintain strict backward compatibility in minor versions. However, this release includes exceptional breaking changes that were necessary to patch security gaps and enforce secure-by-default behavior.

Breaking changes:

  • Hostname verification is now enabled by default as soon as TLS is used.
  • ConnectionFactory#useSslProtocol() now utilizes the JVM's default SSLContext, which validates the server certificate.
    • Note: This should primarily affect test environments, as useSslProtocol() was never intended for production use.
    • Action required: For test or development environments where certificate validation needs to be disabled, users can now explicitly switch to the new ConnectionFactory#useTlsWithNoVerification() method.
  • JSON-RPC support classes now introduce an "allowlist". This change only impacts installations that explicitly utilize these classes.

Harden RPC support classes

GitHub PR: #​2002

Enable hostname verification by default

GitHub issue: #​2005

Introduce helper for dev/test TLS setup

GitHub PR: #​2001

Enforce inbound frame max more strictly

GitHub PRs: #​1995 #​1998

Bump dependencies

GitHub issue: #​1991

Dependency

Maven

<dependency>
  <groupId>com.rabbitmq</groupId>
  <artifactId>amqp-client</artifactId>
  <version>5.33.0</version>
</dependency>

Gradle

compile 'com.rabbitmq:amqp-client:5.33.0'

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@renovate renovate Bot requested review from a team as code owners July 6, 2026 02:39
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@github-actions github-actions Bot added this to the 5.0.8 milestone Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/release/5.0.x-rabbitmq.version branch from 2ec55bb to 9f96879 Compare July 6, 2026 05:15
@renovate renovate Bot changed the title fix(deps): update dependency com.rabbitmq:amqp-client to v5.33.0 (release/5.0.x) fix(deps): update dependency com.rabbitmq:amqp-client to v5.33.1 (release/5.0.x) Jul 6, 2026
@renovate renovate Bot force-pushed the renovate/release/5.0.x-rabbitmq.version branch 2 times, most recently from 06acbe9 to 79dd6d4 Compare July 6, 2026 21:12
@renovate renovate Bot force-pushed the renovate/release/5.0.x-rabbitmq.version branch from 79dd6d4 to 2f4ce62 Compare July 10, 2026 08:30
@renovate renovate Bot changed the title fix(deps): update dependency com.rabbitmq:amqp-client to v5.33.1 (release/5.0.x) fix(deps): update dependency com.rabbitmq:amqp-client to v5.34.0 (release/5.0.x) Jul 10, 2026
@sonarqubecloud

Copy link
Copy Markdown

@joschi joschi merged commit 6726ecd into release/5.0.x Jul 10, 2026
6 checks passed
@joschi joschi deleted the renovate/release/5.0.x-rabbitmq.version branch July 10, 2026 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant