[jira] [Commented] (AMQ-6839) not seeing activemq-core-5.13.1.jar in apache-activemq-5.13.0-bin.zip, apache-activemq-5.14.0-bin.zip

sunil kumar (JIRA) Thu, 12 Oct 2017 07:58:41 -0700

    [ 
https://issues.apache.org/jira/browse/AMQ-6839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16202066#comment-16202066
 ]


sunil kumar commented on AMQ-6839:
----------------------------------

Our customer found activeMQ 5.5.1 jars are vulnerable to CVE-2015-5254 and 
CVE-2014-3612. for ref: here are the links for each CVE: 
http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2


So we thought of upgrading to latest ActiveMQ jars.. 

> not seeing activemq-core-5.13.1.jar in apache-activemq-5.13.0-bin.zip, 
> apache-activemq-5.14.0-bin.zip
> -----------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-6839
>                 URL: https://issues.apache.org/jira/browse/AMQ-6839
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.13.0, 5.14.0, 5.15.0
>            Reporter: sunil kumar
>            Priority: Blocker
>
> not seeing activemq-core-5.13.1.jar in apache-activemq-5.13.0-bin.zip, 
> apache-activemq-5.14.0-bin.zip



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (AMQ-6839) not seeing activemq-core-5.13.1.jar in apache-activemq-5.13.0-bin.zip, apache-activemq-5.14.0-bin.zip

Reply via email to