[
https://issues.apache.org/jira/browse/OPENWIRE-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christopher L. Shannon updated OPENWIRE-67:
-------------------------------------------
Description: Need to make sure to update the generator to include the fix
from https://issues.apache.org/jira/browse/AMQ-9370 to prevent
https://nvd.nist.gov/vuln/detail/CVE-2023-46604 from coming back in newly
generated versions. Because of the refactoring done all the legacy versions
will be fixed as well with this. Tests will be added to verify both legacy and
universal codec. (was: Need to make sure to update the generator to include
the fix from https://issues.apache.org/jira/browse/AMQ-9370 to prevent
https://nvd.nist.gov/vuln/detail/CVE-2023-46604 from coming back in newly
generated versions)
> Update generator to fix Throwable type validation CVE
> -----------------------------------------------------
>
> Key: OPENWIRE-67
> URL: https://issues.apache.org/jira/browse/OPENWIRE-67
> Project: ActiveMQ OpenWire
> Issue Type: Bug
> Reporter: Christopher L. Shannon
> Priority: Blocker
> Fix For: 1.0.0
>
>
> Need to make sure to update the generator to include the fix from
> https://issues.apache.org/jira/browse/AMQ-9370 to prevent
> https://nvd.nist.gov/vuln/detail/CVE-2023-46604 from coming back in newly
> generated versions. Because of the refactoring done all the legacy versions
> will be fixed as well with this. Tests will be added to verify both legacy
> and universal codec.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
