| Version | Supported |
|---|---|
| 0.1.x | Yes |
| < 0.1 | No |
Do not open a public issue. Email the maintainers with details, reproduction steps, and potential impact. You will receive acknowledgment within 48 hours. Once a fix is available, a security advisory is published and patched versions are released.
- Enable authentication in production
- Use PLAIN mechanism with TLS to protect credentials
- Never use ANONYMOUS mechanism in production
- Rotate passwords regularly
- Use strong passwords (bcrypt hashed with high cost)
- Enable TLS for all production deployments
- Use valid, trusted certificates
- Restrict network access using firewalls
- Store configuration files with restricted permissions (0600)
- Never commit credentials to version control
- Use environment variables or secret management for sensitive data
- Protect storage directories with appropriate file permissions
- Regular backups of persistent storage
- Enable Prometheus metrics
- Set up alerts for unusual activity
- Log authentication failures
network:
address: ":5672"
maxconnections: 10000
storage:
path: /var/lib/amqp/data
security:
tlsenabled: true
tlscertfile: /etc/amqp/certs/server.crt
tlskeyfile: /etc/amqp/certs/server.key
authenticationenabled: true
authenticationfilepath: /etc/amqp/auth.json
server:
loglevel: warn- Rate limiting: Not implemented
- SASL EXTERNAL: Not supported (certificate-based auth via mTLS is supported)
- Audit logging: Not implemented
- TLS enabled with valid certificates
- Authentication enabled (PLAIN with TLS)
- ANONYMOUS mechanism disabled
- Strong passwords used
- Configuration files have restricted permissions
- Storage directories protected
- Firewall rules configured
- Monitoring and alerting enabled