chibenwa opened a new pull request, #3079:
URL: https://github.com/apache/james-project/pull/3079

   …several CVEs
   
    - CVE-2026-54475: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache 
ActiveMQ: Temporary destination ownership takeover
    - CVE-2026-53917: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ 
Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire 
property unmarshalling
    - CVE-2026-53916: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ 
Stomp: Unbounded header buffer in STOMP NIO codec
    - CVE-2026-52760: Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS 
via Unescaped values in ActiveMQ Web Console
    - CVE-2026-50750: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ 
All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270
    - CVE-2026-50734: Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ 
All: Pre-authentication OpenWire memory-allocation DoS during wire format 
negotiation
    - CVE-2026-49877: Apache ActiveMQ: Authenticated web users retain admin 
access by default in the Web Console
    - CVE-2026-49432: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ 
Stomp: STOMP negative content-length enables denial of service
    - CVE-2026-49434: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ 
All: LdapNetworkConnector instantiates denied transports and a 
remote-properties broker


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to