[jira] [Commented] (OPENWIRE-67) Update generator to fix Throwable type validation CVE

Christopher L. Shannon (Jira) Thu, 07 Dec 2023 09:15:36 -0800


    [ 
https://issues.apache.org/jira/browse/OPENWIRE-67?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17794358#comment-17794358
 ]


Christopher L. Shannon commented on OPENWIRE-67:
------------------------------------------------

Fixed in 
https://github.com/apache/activemq-openwire/commit/cfdf4840514a3619cf2df679fabc6045e3f93076

> Update generator to fix Throwable type validation CVE
> -----------------------------------------------------
>
>                 Key: OPENWIRE-67
>                 URL: https://issues.apache.org/jira/browse/OPENWIRE-67
>             Project: ActiveMQ OpenWire
>          Issue Type: Bug
>            Reporter: Christopher L. Shannon
>            Assignee: Christopher L. Shannon
>            Priority: Blocker
>             Fix For: 1.0.0
>
>
> Need to make sure to update the generator to include the fix from 
> https://issues.apache.org/jira/browse/AMQ-9370 to prevent 
> https://nvd.nist.gov/vuln/detail/CVE-2023-46604 from coming back in newly 
> generated versions. Because of the refactoring done all the legacy versions 
> will be fixed as well with this. Tests will be added to verify both legacy 
> and universal codec.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OPENWIRE-67) Update generator to fix Throwable type validation CVE

Reply via email to