activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matan Keret (JIRA)" <>
Subject [jira] [Created] (AMQ-6893) Security vulnerabilities in AMQ (black-duck)
Date Mon, 29 Jan 2018 11:05:00 GMT
Matan Keret created AMQ-6893:

             Summary: Security vulnerabilities in AMQ (black-duck)
                 Key: AMQ-6893
             Project: ActiveMQ
          Issue Type: Bug
          Components: activemq-camel, activemq-leveldb-store, activemq-pool, AMQP
    Affects Versions: 5.15.2, 5.15.1
            Reporter: Matan Keret

In our organization's black-duck scan some critical security alerts came up, regarding several
components used within the latest versions of AMQ. Here is the list:
|Apache Camel2.0-M1|
|Apache Camel2.19.0|
|Apache Camel2.19.1|
|Apache Commons Net3.6|
|Apache Tomcat8.0.24|
|Apache Tomcat8.0.33|
|Apache Tomcat8.0.22|
|Apache Tomcat1.2.3|
|Apache Velocity1.7|
|Jetspeed-2 Enterprise Portal2.1.4|

The majority of the issues are resolved within the latest versions of these dependencies. 

Is it planned to resolve these vulnerabilities in some upcoming version?

This message was sent by Atlassian JIRA

View raw message