Thanks for your responses.

We are currently using  *JDK 1.8 *and we understand the latest supported
activeMQ-artemis version is 2.19.1
Actually, we can't upgrade the JDK 1.8 version immediately due to some
backward compatibility issues.
However, looking at the criticality of the vulnerability *CVE-2023-46604*,
we are eagerly looking for a solution keeping JDK8 and related compatible
activeMQ-artemis version 2.19.x
So do you have a fix with 2.19.x version? if not, could you please let us
know the plan to fix the mentioned CVE in 2.19.x version.



On Fri, Nov 10, 2023 at 9:04 AM Clebert Suconic <clebert.suco...@gmail.com>
wrote:

> The Artemis in wildfly is not affected by the CVE as openwire is not
> deployed in openwire.
>
>
> Also 2.31 requires jdk 11 but I think it’s a worth choice as there are many
> fixes in the broker.
>
> On Thu, Nov 9, 2023 at 9:40 AM Bhargav Budida <bhargav.bud...@gmail.com>
> wrote:
>
> > Hi Team,
> >
> > This is regarding a recent vulnerability
> > CVE-2023-46604
> > I am currently using *activeMQ-artemis 2.16.0*, (Jboss) *Wildfly 24.0.0
> > *and
> > *JDK 1.8*.
> >
> > The latest version of activeMQ-artemis 2.31.2 is not supported by jdk1.8.
> > So I need your assistance with the below queries
> > 1. Will activeMQ artemis 2.31.2 is compatible with JDK 11 + Wildfly
> > 24.0.0.final or not ?
> > 2. Are there any configurations required to work with the latest artemis
> > 2.31.2 version, so that it could be compatible with my current server
> > (Wildfly 24.0.0) version
> > 3. As per the mitigation plan over CVE we need to upgrade to 2.31.2
> version
> > which is compatible with JDK 11, similar to this do we have the fix in
> > artemis 2.19.x version? as it is compatible with JDK 8.
> >
> > Please consider this a priority and share your thoughts ASAP.
> > Thanks in advance
> >
> > --
> > Thanks & Regards
> > Bhargav
> > 9860584899
> >
>


-- 
Thanks & Regards
Bhargav
9860584899

Reply via email to