[jira] [Created] (ARTEMIS-2413) Upgrade JGroups

Endre Jeges (JIRA) Thu, 04 Jul 2019 11:45:44 -0700

Endre Jeges created ARTEMIS-2413:
------------------------------------

             Summary: Upgrade JGroups
                 Key: ARTEMIS-2413
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2413
             Project: ActiveMQ Artemis
          Issue Type: Bug
    Affects Versions: 2.6.4
            Reporter: Endre Jeges



I have noticed with the OWASP dependency-check plugin 
(org.owasp:dependency-check-maven:5.0.0) that the currently used 
org.jgroups:jgroups:3.6.13.Final has a [CWE-300: Channel Accessible by 
Non-Endpoint 
('Man-in-the-Middle')|https://ossindex.sonatype.org/vuln/7c83fdab-9665-4e79-bc81-cc67fbb96417]
 vulnerability. The problem has not been reported in the NVD database, 
therefore there is no CVE record.

The vulnerability has been 
[addressed|https://github.com/belaban/JGroups/pull/348] in version 
org.jgroups:jgroups:4.0.2.Final (at the moment the latest version is 
org.jgroups:jgroups:4.1.1.Final).

The org.jgroups:jgroups dependency would require an upgrade to resolve the 
vulnerability.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (ARTEMIS-2413) Upgrade JGroups

Reply via email to