Thanks for your responses. We are currently using *JDK 1.8 *and we understand the latest supported activeMQ-artemis version is 2.19.1 Actually, we can't upgrade the JDK 1.8 version immediately due to some backward compatibility issues. However, looking at the criticality of the vulnerability *CVE-2023-46604*, we are eagerly looking for a solution keeping JDK8 and related compatible activeMQ-artemis version 2.19.x So do you have a fix with 2.19.x version? if not, could you please let us know the plan to fix the mentioned CVE in 2.19.x version.
On Fri, Nov 10, 2023 at 9:04 AM Clebert Suconic <clebert.suco...@gmail.com> wrote: > The Artemis in wildfly is not affected by the CVE as openwire is not > deployed in openwire. > > > Also 2.31 requires jdk 11 but I think it’s a worth choice as there are many > fixes in the broker. > > On Thu, Nov 9, 2023 at 9:40 AM Bhargav Budida <bhargav.bud...@gmail.com> > wrote: > > > Hi Team, > > > > This is regarding a recent vulnerability > > CVE-2023-46604 > > I am currently using *activeMQ-artemis 2.16.0*, (Jboss) *Wildfly 24.0.0 > > *and > > *JDK 1.8*. > > > > The latest version of activeMQ-artemis 2.31.2 is not supported by jdk1.8. > > So I need your assistance with the below queries > > 1. Will activeMQ artemis 2.31.2 is compatible with JDK 11 + Wildfly > > 24.0.0.final or not ? > > 2. Are there any configurations required to work with the latest artemis > > 2.31.2 version, so that it could be compatible with my current server > > (Wildfly 24.0.0) version > > 3. As per the mitigation plan over CVE we need to upgrade to 2.31.2 > version > > which is compatible with JDK 11, similar to this do we have the fix in > > artemis 2.19.x version? as it is compatible with JDK 8. > > > > Please consider this a priority and share your thoughts ASAP. > > Thanks in advance > > > > -- > > Thanks & Regards > > Bhargav > > 9860584899 > > > -- Thanks & Regards Bhargav 9860584899
