Hi JB, Did you get a chance to look into this? Can you please confirm if the mentioned vulnerabilities are already fixed from activemq end?
Thanks and regards, Venu On Thu, Jul 4, 2019 at 10:09 AM Jean-Baptiste Onofré <[email protected]> wrote: > HI, > > I gonna take a look. If the CVE has been published, they should be fixed > already. The point is more on which branch it has been fixed. > > So, let me do a pass as I'm preparing 5.15.10. > > Regards > JB > > On 04/07/2019 06:01, venu madhav wrote: > > Hi team, > > > > I am running a dummy project to scan the vulnerabilities using owasp > > dependency-check. The project doesn't contain anything except for the > > activemq jars added as dependencies in the pom.xml. Even when we use the > > latest version of activemq-kahadb-store jar (5.15.9 version) we see some > > vulnerabilities such as CVE-2018-11775 , CVE-2016-3088 which ideally > > should be fixed in the latest release as per mentioned in the link: > > https://activemq.apache.org/components/classic/security > > > > Can you please check and tell if the issue is not fixed or NVD database > > is still showing the vulnerability even if the issue is fixed. > > > > I have attached the pom.xml and the dependency check reports for your > > reference. > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com >
