[
https://issues.apache.org/jira/browse/AMQ-8564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré resolved AMQ-8564.
---------------------------------------
Resolution: Won't Fix
Spring is used only on the broker side (client side doesn't use it).
Furthermore, the vulnerability doesn't impact ActiveMQ broker by default, it
could be an issue if an user use spring-web* in the main activemq.xml.
So, not very critical.
However, as you can see in AMQ-8565, we plan ActiveMQ 5.17.1 release including
Spring 5.3.18 update.
> Zero-Day Vulnerability in Spring Framework - CVE-2022-22965
> -----------------------------------------------------------
>
> Key: AMQ-8564
> URL: https://issues.apache.org/jira/browse/AMQ-8564
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.16.4
> Reporter: Imran Ali
> Priority: Major
>
> Hi Team,
> I wanted a confirmation on the recent vulnerability found under Spring
> Framework. Is this vulnerability impacts Active MQ? If so, what is the
> recommended workaround to mitigate this vulnerability.
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
