Return-Path: <dev-return-56865-archive-asf-public=cust-asf.ponee.io@activemq.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id D2F06200BD9
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri,  9 Dec 2016 16:01:47 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id D1A18160B1D; Fri,  9 Dec 2016 15:01:47 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 26447160B04
	for <archive-asf-public@cust-asf.ponee.io>; Fri,  9 Dec 2016 16:01:47 +0100 (CET)
Received: (qmail 25996 invoked by uid 500); 9 Dec 2016 15:01:46 -0000
Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@activemq.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@activemq.apache.org>
List-Post: <mailto:dev@activemq.apache.org>
List-Id: <dev.activemq.apache.org>
Reply-To: dev@activemq.apache.org
Delivered-To: mailing list dev@activemq.apache.org
Received: (qmail 25963 invoked by uid 99); 9 Dec 2016 15:01:46 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Dec 2016 15:01:46 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 7937218BB65;
	Fri,  9 Dec 2016 15:01:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.879
X-Spam-Level: *
X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id jBQ9BUlQgKMN; Fri,  9 Dec 2016 15:01:44 +0000 (UTC)
Received: from mail-yw0-f179.google.com (mail-yw0-f179.google.com [209.85.161.179])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 633385FD02;
	Fri,  9 Dec 2016 15:01:44 +0000 (UTC)
Received: by mail-yw0-f179.google.com with SMTP id t125so16150870ywc.1;
        Fri, 09 Dec 2016 07:01:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to;
        bh=EcWmjPDf8LY3QmbG223kx5x1fefdQA1nPKcAD2xP0BI=;
        b=NtVuSA+/14BykaeSHDZhSKveriy6i8q4jLZVpMA0xlBV6lXwKqjYrPeTFaX2EKdvj8
         B0Czn3kj4l79T+68+w5Bu/bxiM6kFqRkr/DqVjCyPba1KFRVPlkBxSER5seFNUwLP2vc
         IaUtX7xTdwVZkQJJ85GhnILepIYfOLEPGmhmkq81r1DH4YWRx8dLHyIr9800YUov4sH9
         ktCfK1QHg/OCNKcBWm4/NgbXAQBYKAV2IiZUIQZWxSRC7b8hrX6BBnbfPNl+lgxRnYzR
         +AJsx9S41wubwFC4dDsfVAi0TaRsYbeti8H1buRo87ZZ7CMv2G2cky2BkVx895pDdNMa
         valw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=EcWmjPDf8LY3QmbG223kx5x1fefdQA1nPKcAD2xP0BI=;
        b=jvP718B0DenUiUYX2xtAkrDTSYjUzZqGImaLYTI1Tv06Cvc5fmen+kCrdbPHJoA3kv
         iewqmPUrSIhyrDKfZJMjgTqq84Iv56IT2vFprRmQzkJGP8Hyc2eMahS4G3CHJX27K/8H
         HI5bZNntHlkUyoCjL9FavdEmxNLQWF9DPgsqSlUcZJYEJOPVP2vIvMGr131Jlmqd8Man
         YiFQbDJ/t719WuTG8v8tvJCpn4YtbSeQ7BV5bRsorlmlbzPIx0IWaKZ8i9cbaOHAEa3F
         ByYgCUoZhmT9A52qAEQ9pk8RXBGyDLNfH58jH8VCRCYnr+1MXrNPOG8240376RU9Cf76
         R9VQ==
X-Gm-Message-State: AKaTC03ntg66UU1otZ2dwaT4RHqSo/dU8xYuFN3yAzFRoIzc6tVtVf6cZdBO1ivm7+Ak8UDe1F0GqEFF2F7BFg==
X-Received: by 10.13.247.65 with SMTP id h62mr75815223ywf.56.1481295699380;
 Fri, 09 Dec 2016 07:01:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.81.133 with HTTP; Fri, 9 Dec 2016 07:01:08 -0800 (PST)
From: Christopher Shannon <christopher.l.shannon@gmail.com>
Date: Fri, 9 Dec 2016 10:01:08 -0500
Message-ID: <CACHnxzxPZ8t9HN0uC=BqM-0of1CYdZ+OJYOvOWs=bfnjQgCffw@mail.gmail.com>
Subject: [ANNOUNCE] CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting
To: dev@activemq.apache.org, users@activemq.apache.org,
	oss-security@lists.openwall.com, bugtraq@securityfocus.com
Content-Type: multipart/alternative; boundary=94eb2c06ae32f82bab05433b0747
archived-at: Fri, 09 Dec 2016 15:01:48 -0000

--94eb2c06ae32f82bab05433b0747
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

The following security vulnerability was reported against Apache
ActiveMQ 5.14.1 and older versions.

Please check the following document and see if you=E2=80=99re affected by t=
he issue.

http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcem=
ent.txt

Apache ActiveMQ 5.14.2 has been released with appropriate fixes and is
available for upgrade.

--94eb2c06ae32f82bab05433b0747--