activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matan Keret (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMQ-6893) Security vulnerabilities in AMQ (black-duck)
Date Mon, 29 Jan 2018 11:05:00 GMT
Matan Keret created AMQ-6893:
--------------------------------

             Summary: Security vulnerabilities in AMQ (black-duck)
                 Key: AMQ-6893
                 URL: https://issues.apache.org/jira/browse/AMQ-6893
             Project: ActiveMQ
          Issue Type: Bug
          Components: activemq-camel, activemq-leveldb-store, activemq-pool, AMQP
    Affects Versions: 5.15.2, 5.15.1
            Reporter: Matan Keret


In our organization's black-duck scan some critical security alerts came up, regarding several
components used within the latest versions of AMQ. Here is the list:
|Apache Camel2.0-M1|
|Apache Camel2.19.0|
|Apache Camel2.19.1|
|Apache Commons Net3.6|
|Apache Tomcat8.0.24|
|Apache Tomcat8.0.33|
|Apache Tomcat8.0.22|
|Apache Tomcat1.2.3|
|Apache Velocity1.7|
|jackson-databind2.6.7|
|Jetspeed-2 Enterprise Portal2.1.4|
|log4j1.2.17|

The majority of the issues are resolved within the latest versions of these dependencies. 

Is it planned to resolve these vulnerabilities in some upcoming version?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message