[jira] [Commented] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar

ASF subversion and git services (Jira) Mon, 18 Nov 2019 12:23:26 -0800


    [ 
https://issues.apache.org/jira/browse/AMQ-7310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16976864#comment-16976864
 ]


ASF subversion and git services commented on AMQ-7310:
------------------------------------------------------

Commit ac48fa7429142e9bcb6026ae29cc940af051a09b in activemq's branch 
refs/heads/activemq-5.15.x from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=ac48fa7 ]

[AMQ-7310] Upgrade to Tomcat API 9.0.27

(cherry picked from commit 43ffe7eac85f7e84f74011c5fbafd57bed3dcfe0)


> Security Vulnerabilities in Tomcat-websocket-api.jar
> ----------------------------------------------------
>
>                 Key: AMQ-7310
>                 URL: https://issues.apache.org/jira/browse/AMQ-7310
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.15.10
>            Reporter: Harish Kumar
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 5.16.0, 5.15.11
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Activemq has *tomcat-websocket-api-8.0.53.jar* dependency.
> This jar is vulnerable to below CVE's: *CVE-2016-5388, 
> CVE-2016-5425,CVE-2017-6056.*
> Ref: [https://nvd.nist.gov/vuln/detail/CVE-2016-5388]
> This jar needs to be updated to {color:#172b4d}9.0.21 or latest 
> available{color}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar

Reply via email to