[jira] [Commented] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar

ASF subversion and git services (Jira) Mon, 18 Nov 2019 12:22:22 -0800


    [ 
https://issues.apache.org/jira/browse/AMQ-7310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16976863#comment-16976863
 ]


ASF subversion and git services commented on AMQ-7310:
------------------------------------------------------

Commit 1c5b7cc66b9b314a7f2c27bf6231344b10a5c2bc in activemq's branch 
refs/heads/master from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=1c5b7cc ]

Merge pull request #415 from jbonofre/AMQ-7310

[AMQ-7310] Upgrade to Tomcat API 9.0.27

> Security Vulnerabilities in Tomcat-websocket-api.jar
> ----------------------------------------------------
>
>                 Key: AMQ-7310
>                 URL: https://issues.apache.org/jira/browse/AMQ-7310
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.15.10
>            Reporter: Harish Kumar
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 5.16.0, 5.15.11
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Activemq has *tomcat-websocket-api-8.0.53.jar* dependency.
> This jar is vulnerable to below CVE's: *CVE-2016-5388, 
> CVE-2016-5425,CVE-2017-6056.*
> Ref: [https://nvd.nist.gov/vuln/detail/CVE-2016-5388]
> This jar needs to be updated to {color:#172b4d}9.0.21 or latest 
> available{color}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar

Reply via email to