activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wabrit <>
Subject ActiveMQ and commons-collection "security vulnerabilty"
Date Wed, 09 Dec 2015 16:33:38 GMT
There has been a fair amount of coverage about a security vulnerability in
certain versions of the Java commons collections library.

The current version (5.13.0) of ActiveMQ installs with version 3.2.2 of
commons-collections in the lib\optional folder.

Are there any plans to uprev this version to a "safe" version of the library
in the next version of ActiveMQ, or has it been determined that it is OK to
perform this uprev manually as a post-install step, or has someone already
determined that ActiveMQ does not make use of the library in such a way as
to expose the vulnerability.

Many thanks 

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message