Return-Path: 
 <users-return-44546-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org>
X-Original-To: apmail-activemq-users-archive@www.apache.org
Delivered-To: apmail-activemq-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 28F83194B6
	for <apmail-activemq-users-archive@www.apache.org>;
 Thu, 10 Mar 2016 12:46:34 +0000 (UTC)
Received: (qmail 51691 invoked by uid 500); 10 Mar 2016 12:46:33 -0000
Delivered-To: apmail-activemq-users-archive@activemq.apache.org
Received: (qmail 51626 invoked by uid 500); 10 Mar 2016 12:46:33 -0000
Mailing-List: contact users-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@activemq.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@activemq.apache.org>
List-Post: <mailto:users@activemq.apache.org>
List-Id: <users.activemq.apache.org>
Reply-To: users@activemq.apache.org
Delivered-To: mailing list users@activemq.apache.org
Received: (qmail 51532 invoked by uid 99); 10 Mar 2016 12:46:33 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
 spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Mar 2016 12:46:33 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id 500601A117D;
	Thu, 10 Mar 2016 12:46:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.879
X-Spam-Level: *
X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx2-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id VkWOTWAC7VbB; Thu, 10 Mar 2016 12:46:31 +0000 (UTC)
Received: from mail-yw0-f171.google.com (mail-yw0-f171.google.com
 [209.85.161.171])
	by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS
 id A0FD65F5CD;
	Thu, 10 Mar 2016 12:46:31 +0000 (UTC)
Received: by mail-yw0-f171.google.com with SMTP id h129so66427380ywb.1;
        Thu, 10 Mar 2016 04:46:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to;
        bh=L69Qn+jPUCiwMO/9Ef7EPe6WqvZ9oApzz3csyfl5eLc=;
        b=jFwAXX9vWj39gCduc5S/JrFWGHSjM25gc4q86iGlNZ/jiQP3Vv1Kd90Xy6EPs88lx1
         n4IhXNDXjnUnhthWCHSnzh7mMCPloxNWmq4NJIIuI7vDR9PZ8Zn9lPhCNEZ2Z85yX5BJ
         8M5U0wvbnAlPv5rZwQlH8TlSfRDL9Mz0fxA/net82lTBk5ZfoyPVenPBsdkNqiQzpvPa
         XgCW/2AOSGje1HdGT1U3bZyhdmc43XBTShY4yVk+8yuG+1CyUIzuw59sAUH1casRb0J0
         I+e6T/qWmlpbl8Ufi02nZRQxjaFLEc+Rmbpgv5hM2kYdZ0qlN+UX7YYSNZMJH0MiLByL
         wIfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=L69Qn+jPUCiwMO/9Ef7EPe6WqvZ9oApzz3csyfl5eLc=;
        b=iEcQJIWHjG+SWRkGjdu/vi66Npgy3q4pS8I64gfSuTf4zrUery69neV37W4Rptp+Cp
         9ZyXUxR1Ps4q0IgQpgnN58TFGu9iUwPptuPLCz8oijXZTfTxdtkHnyFG/WiFpDKqOH4G
         ho1X4Fo1HKqLBHbu9lzAoezDLl476dajV2Hx2QPXUR5KHircSUvG8bNkJywofDG17fiJ
         Spji/vkJzZLmZOOB5vIsBDtZ+c+43uvOuxB6HitoWOP6AuXpZKTcHI4mQ9GDnZ+zqCSt
         pkRPqdz5Vzp5EDanLkYKC/0FWI5ryjGqAenHEN7F7sQQlcr31lSxNKi6XRMCPUUUDzE7
         vgng==
X-Gm-Message-State: 
 AD7BkJI/GiZlpwgalT21EbzeSRjVOntzwTgxRGWTr9F8s7nkvLDZ9Z3QlXB4Tb6dr1m09M//vlrK5IfYqDrAUQ==
X-Received: by 10.129.109.19 with SMTP id i19mr1633702ywc.50.1457613991142;
 Thu, 10 Mar 2016 04:46:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.66.86 with HTTP; Thu, 10 Mar 2016 04:46:01 -0800 (PST)
From: Christopher Shannon <christopher.l.shannon@gmail.com>
Date: Thu, 10 Mar 2016 07:46:01 -0500
Message-ID: 
 <CACHnxzxreiNXbWu0P-sv0A=PTwAGss-cwqsYbd3hpw2LpRZv9Q@mail.gmail.com>
Subject: [ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking
To: dev@activemq.apache.org, users@activemq.apache.org, security@apache.org,
	oss-security@lists.openwall.com, bugtraq@securityfocus.com
Content-Type: multipart/alternative; boundary=001a114db7182969f2052db134ef

--001a114db7182969f2052db134ef
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

There following security vulnerability was reported against Apache
ActiveMQ 5.13.1 and older versions.

Please check the following document and see if you=E2=80=99re affected by t=
he issue.

http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcem=
ent.txt

Apache ActiveMQ 5.13.2 and newer with appropriate fixes was released and
available for upgrade.

--001a114db7182969f2052db134ef--