This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 8c337b2db3bb089884e29bc3c90167a2c0756184 Author: Benoit Tellier <[email protected]> AuthorDate: Fri Jan 29 11:45:20 2021 +0700 JAMES-3496 Update ActiveMQ and Artemis Several CVE had been announced by the ActiveMQ PMC, namely: - CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support - CVE-2021-26117: ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind We do not use these features thus JAMES server is unaffected however updating these components seems like to be a good idea to me. --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index dbb7bc0..b0ee013 100644 --- a/pom.xml +++ b/pom.xml @@ -587,7 +587,7 @@ <james.groupId>org.apache.james</james.groupId> <james.protocols.groupId>${james.groupId}.protocols</james.protocols.groupId> - <activemq.version>5.15.9</activemq.version> + <activemq.version>5.16.1</activemq.version> <apache-mime4j.version>0.8.3</apache-mime4j.version> <apache.openjpa.version>3.1.0</apache.openjpa.version> <camel.version>2.24.1</camel.version> @@ -598,7 +598,7 @@ <javax.activation.artifactId>activation</javax.activation.artifactId> <jsieve.version>0.7</jsieve.version> <spring.version>4.3.25.RELEASE</spring.version> - <activmq-artemis.version>2.9.0</activmq-artemis.version> + <activmq-artemis.version>2.16.0</activmq-artemis.version> <apache-jspf-resolver.version>1.0.1</apache-jspf-resolver.version> <javamail.version>1.5.4</javamail.version> <javax-activation.version>1.1.1</javax-activation.version> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
