HI, I gonna take a look. If the CVE has been published, they should be fixed already. The point is more on which branch it has been fixed.
So, let me do a pass as I'm preparing 5.15.10. Regards JB On 04/07/2019 06:01, venu madhav wrote: > Hi team, > > I am running a dummy project to scan the vulnerabilities using owasp > dependency-check. The project doesn't contain anything except for the > activemq jars added as dependencies in the pom.xml. Even when we use the > latest version of activemq-kahadb-store jar (5.15.9 version) we see some > vulnerabilities such as CVE-2018-11775 , CVE-2016-3088 which ideally > should be fixed in the latest release as per mentioned in the link: > https://activemq.apache.org/components/classic/security > > Can you please check and tell if the issue is not fixed or NVD database > is still showing the vulnerability even if the issue is fixed. > > I have attached the pom.xml and the dependency check reports for your > reference. -- Jean-Baptiste Onofré [email protected] http://blog.nanthrax.net Talend - http://www.talend.com
