[
https://issues.apache.org/jira/browse/UIMA-4813?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry Cwiklik closed UIMA-4813.
-------------------------------
Resolution: Fixed
Upgraded to the latest AMQ 5.13.1 to fix vulnerability associated with
ObjectMessages
> UIMA-AS: upgrade ActiveMQ to 5.13.1
> -----------------------------------
>
> Key: UIMA-4813
> URL: https://issues.apache.org/jira/browse/UIMA-4813
> Project: UIMA
> Issue Type: Bug
> Components: Async Scaleout
> Reporter: Jerry Cwiklik
> Assignee: Jerry Cwiklik
> Fix For: 2.8.1AS
>
>
> Apache ActiveMQ could allow a remote attacker to execute arbitrary code on
> the system, caused by the failure to restrict the classes that can be
> serialized in the broker. An attacker could exploit this vulnerability using
> a specially crafted serialized Java Message Service (JMS) ObjectMessage
> object to execute arbitrary code on the system.
> Fix for this is in 5.13.release. Upgrade UIMA-AS to the latest version
> (5.13.1)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
