activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wabrit <alan...@gmail.com>
Subject ActiveMQ and commons-collection "security vulnerabilty"
Date Wed, 09 Dec 2015 16:33:38 GMT
There has been a fair amount of coverage about a security vulnerability in
certain versions of the Java commons collections library.

The current version (5.13.0) of ActiveMQ installs with version 3.2.2 of
commons-collections in the lib\optional folder.

Are there any plans to uprev this version to a "safe" version of the library
in the next version of ActiveMQ, or has it been determined that it is OK to
perform this uprev manually as a post-install step, or has someone already
determined that ActiveMQ does not make use of the library in such a way as
to expose the vulnerability.

Many thanks 



--
View this message in context: http://activemq.2283324.n4.nabble.com/ActiveMQ-and-commons-collection-security-vulnerabilty-tp4704819.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message