[
https://issues.apache.org/jira/browse/AMQ-7208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christopher L. Shannon updated AMQ-7208:
----------------------------------------
Fix Version/s: 5.16.0
> Security Issue related to Guava 18.0
> ------------------------------------
>
> Key: AMQ-7208
> URL: https://issues.apache.org/jira/browse/AMQ-7208
> Project: ActiveMQ
> Issue Type: Improvement
> Affects Versions: 5.15.9
> Reporter: Karl Heinz Marbaise
> Assignee: Christopher L. Shannon
> Priority: Minor
> Labels: secutiry
> Fix For: 5.16.0, 5.15.10
>
>
> Based on our project security scans we have found the following:
> {code}
> [INFO] --- ossindex-maven-plugin:3.0.4:audit (default-cli) @ leidas-adapter
> ---
> [INFO] Checking for vulnerabilities; 57 artifacts
> [INFO] Exclude coordinates: []
> [INFO] Exclude vulnerability identifiers: []
> [INFO] CVSS-score threshold: 0.0
> [WARNING] Detected 1 vulnerable components:
> com.google.guava:guava:jar:18.0:compile;
> https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/[email protected]
> * [CVE-2018-10237] Deserialization of Untrusted Data (5.9);
> https://ossindex.sonatype.org/vuln/24585a7f-eb6b-4d8d-a2a9-a6f16cc7c1d0
> {code}
> This is currently based on the dependency of activemq-broker to Guava version
> 18.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
