activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <tb...@alumni.duke.edu>
Subject Re: ActiveMQ and commons-collection "security vulnerabilty"
Date Wed, 09 Dec 2015 21:16:59 GMT
And the takeaway from that thread is that ActiveMQ 5.13.0 is already
secure, even with the vulnerable version of commons-collections, unless you
explicitly configure it to allow deserialization of the problematic classes.

Versions prior to 5.13.0, however, are vulnerable.

Tim
On Dec 9, 2015 10:39 AM, "jahlborn" <jahlborn@gmail.com> wrote:

> Duplicate of this thread:
>
> http://activemq.2283324.n4.nabble.com/Java-December-vulnerability-tp4704610.html
>
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-and-commons-collection-security-vulnerabilty-tp4704819p4704820.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message