(activemq) branch activemq-5.19.x updated: Bump dependencies to address known CVEs (#2031)

Thu, 21 May 2026 04:10:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch activemq-5.19.x
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/activemq-5.19.x by this push:
     new 647d31844e Bump dependencies to address known CVEs (#2031)
647d31844e is described below

commit 647d31844e416478234cbbd14f442ee7ee32d273
Author: JB Onofré <[email protected]>
AuthorDate: Thu May 21 13:10:04 2026 +0200

    Bump dependencies to address known CVEs (#2031)
    
    - netty 4.1.94.Final -> 4.1.133.Final (CVE-2024-29025, CVE-2025-58057, 
SslHandler native crash patched in 4.1.118.Final)
    - snappy 1.1.2 -> 1.1.10.8 (CVE-2023-34453/34454/34455, CVE-2023-43642)
    - karaf 4.3.7 -> 4.3.10 (CVE-2022-40145 JNDI LDAP RCE)
---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index dfb76d0de3..bf36609a46 100644
--- a/pom.xml
+++ b/pom.xml
@@ -87,7 +87,7 @@
     <json-simple-version>1.1.1</json-simple-version>
     <junit-version>4.13.2</junit-version>
     <hamcrest-version>1.3</hamcrest-version>
-    <karaf-version>4.3.7</karaf-version>
+    <karaf-version>4.3.10</karaf-version>
     <log4j-version>2.25.3</log4j-version>
     <mockito-version>4.8.1</mockito-version>
     <owasp-dependency-check-version>12.1.0</owasp-dependency-check-version>
@@ -98,12 +98,12 @@
     <zookeeper-version>3.4.14</zookeeper-version>
     <qpid-proton-version>0.34.1</qpid-proton-version>
     <qpid-jms-version>1.9.0</qpid-jms-version>
-    <netty-version>4.1.94.Final</netty-version>
+    <netty-version>4.1.133.Final</netty-version>
     <regexp-version>1.4</regexp-version>
     <rome-version>2.1.0</rome-version>
     <shiro-version>1.13.0</shiro-version>
     <slf4j-version>2.0.17</slf4j-version>
-    <snappy-version>1.1.2</snappy-version>
+    <snappy-version>1.1.10.8</snappy-version>
     <spring-version>5.3.39</spring-version>
     <taglibs-version>1.2.5</taglibs-version>
     <velocity-version>2.4.1</velocity-version>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to