Author: robbie
Date: Wed Mar 27 18:36:47 2019
New Revision: 1042639
Log:
refresh staged bits with recent changes
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3576-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3579-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3600-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3612-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-8110-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-1830-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-5254-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-7559-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0734-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0782-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-3088-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-6810-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2017-15709-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-11775-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-8006-announcement.txt
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2019-0222-announcement.txt
Modified:
websites/production/activemq/content/activemq-website/projects/artemis/download/index.html
websites/production/activemq/content/activemq-website/projects/artemis/download/past_releases.html
websites/production/activemq/content/activemq-website/projects/classic/download/index.html
websites/production/activemq/content/activemq-website/projects/cms/download/390-release.html
websites/production/activemq/content/activemq-website/projects/cms/download/391-release.html
websites/production/activemq/content/activemq-website/projects/cms/download/392-release.html
websites/production/activemq/content/activemq-website/projects/cms/download/393-release.html
websites/production/activemq/content/activemq-website/projects/cms/download/394-release.html
websites/production/activemq/content/activemq-website/security-advisories.html
Modified:
websites/production/activemq/content/activemq-website/projects/artemis/download/index.html
==============================================================================
---
websites/production/activemq/content/activemq-website/projects/artemis/download/index.html
(original)
+++
websites/production/activemq/content/activemq-website/projects/artemis/download/index.html
Wed Mar 27 18:36:47 2019
@@ -116,58 +116,52 @@
<p>The keys file for verifying these releases can be obtained <a
href="https://www.apache.org/dist/activemq/KEYS";>here</a>.</p>
-<h4 id="activemq-artemis-264--january-23-2019">ActiveMQ Artemis 2.6.4
(January 23, 2019)</h4>
-<p><a href="release-notes-2.6.4">Release Notes</a> | <a
href="commit-report-2.6.4">Git Report</a> | <a
href="../documentation/latest">Documentation</a></p>
+<h4 id="activemq-artemis-270--march-20-2019">ActiveMQ Artemis 2.7.0 (March
20, 2019)</h4>
+<p><a href="release-notes-2.7.0">Release Notes</a> | <a
href="commit-report-2.7.0">Git Report</a> | <a
href="../documentation/latest">Documentation</a></p>
<table>
<tbody>
<tr>
<td>tar.gz:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz&action=download";>apache-artemis-2.6.4-bin.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz.asc";>GPG
Signature</a></td>
+ <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.tar.gz&action=download";>apache-artemis-2.7.0-bin.tar.gz</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.tar.gz.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>ZIP:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip&action=download";>apache-artemis-2.6.4-bin.zip</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip.asc";>GPG
Signature</a></td>
+ <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.zip&action=download";>apache-artemis-2.7.0-bin.zip</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.zip.sha512";>SHA512</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.zip.asc";>GPG
Signature</a></td>
</tr>
<tr>
- <td>Source Code Distribution:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz&action=download";>apache-artemis-2.6.4-source-release.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz.asc";>GPG
Signature</a></td>
+ <td>Source Distribution:</td>
+ <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-source-release.tar.gz&action=download";>apache-artemis-2.7.0-source-release.tar.gz</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-source-release.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-source-release.tar.gz.asc";>GPG
Signature</a></td>
</tr>
</tbody>
</table>
-<h4 id="activemq-artemis-156--february-26-2018">ActiveMQ Artemis 1.5.6
(February 26, 2018)</h4>
-<p><a href="release-notes-1.5.6">Release Notes</a> | <a
href="../documentation/1.5.6">Documentation</a></p>
+<p><br /></p>
+
+<h4 id="activemq-artemis-native-layer-100--march-7-2019">ActiveMQ Artemis
Native Layer 1.0.0 (March 7, 2019)</h4>
+
+<p><a href="release-notes-native-1.0.0">Release Notes</a></p>
<table>
<tbody>
<tr>
- <td>tar.gz:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz&action=download";>apache-artemis-1.5.6-bin.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.asc";>GPG
Signature</a></td>
- </tr>
- <tr>
- <td>ZIP:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip&action=download";>apache-artemis-1.5.6-bin.zip</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.asc";>GPG
Signature</a></td>
- </tr>
- <tr>
- <td>Source Code Distribution:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz&action=download";>apache-artemis-1.5.6-source-release.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.asc";>GPG
Signature</a></td>
+ <td>Source Distribution:</td>
+ <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis-native/1.0.0/activemq-artemis-native-1.0.0-source-release.zip&action=download";>apache-artemis-native-1.0.0-source-release.zip</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis-native/1.0.0/activemq-artemis-native-1.0.0-source-release.zip.sha512";>SHA512</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis-native/1.0.0/activemq-artemis-native-1.0.0-source-release.zip.asc";>GPG
Signature</a></td>
</tr>
</tbody>
</table>
+<p>This is the native layer used by ActiveMQ Artemis on storage.</p>
+
+
</div>
</div>
</div>
Modified:
websites/production/activemq/content/activemq-website/projects/artemis/download/past_releases.html
==============================================================================
---
websites/production/activemq/content/activemq-website/projects/artemis/download/past_releases.html
(original)
+++
websites/production/activemq/content/activemq-website/projects/artemis/download/past_releases.html
Wed Mar 27 18:36:47 2019
@@ -118,6 +118,35 @@
<p>For any releases not shown here, check the <a
href="https://archive.apache.org/dist/activemq/activemq-artemis/";>archive</a>.</p>
+<h4 id="activemq-artemis-264">ActiveMQ Artemis 2.6.4</h4>
+
+<p><a href="release-notes-2.6.4">Release Notes</a> | <a
href="commit-report-2.6.4">Git Report</a> | <a
href="../documentation/2.6.0">Documentation</a></p>
+
+<table>
+ <tbody>
+ <tr>
+ <td>tar.gz:</td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz";>apache-artemis-2.6.4-bin.tar.gz</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz.asc";>GPG
Signature</a></td>
+ </tr>
+ <tr>
+ <td>ZIP:</td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip";>apache-artemis-2.6.4-bin.zip</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip.asc";>GPG
Signature</a></td>
+ </tr>
+ <tr>
+ <td>Source Code Distribution:</td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz";>apache-artemis-2.6.4-source-release.tar.gz</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz.asc";>GPG
Signature</a></td>
+ </tr>
+ </tbody>
+</table>
+
+<p><br /></p>
+
<h4 id="activemq-artemis-263">ActiveMQ Artemis 2.6.3</h4>
<p><a href="release-notes-2.6.3">Release Notes</a> | <a
href="commit-report-2.6.3">Git Report</a> | <a
href="../documentation/2.6.0">Documentation</a></p>
@@ -126,21 +155,21 @@
<tbody>
<tr>
<td>tar.gz:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz&action=download";>apache-artemis-2.6.3-bin.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz";>apache-artemis-2.6.3-bin.tar.gz</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>ZIP:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip&action=download";>apache-artemis-2.6.3-bin.zip</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip";>apache-artemis-2.6.3-bin.zip</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>Source Code Distribution:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz&action=download";>apache-artemis-2.6.3-source-release.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz";>apache-artemis-2.6.3-source-release.tar.gz</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz.asc";>GPG
Signature</a></td>
</tr>
</tbody>
</table>
@@ -155,21 +184,21 @@
<tbody>
<tr>
<td>tar.gz:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz&action=download";>apache-artemis-2.6.2-bin.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz";>apache-artemis-2.6.2-bin.tar.gz</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>ZIP:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip&action=download";>apache-artemis-2.6.2-bin.zip</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip";>apache-artemis-2.6.2-bin.zip</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>Source Code Distribution:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz&action=download";>apache-artemis-2.6.2-source-release.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz";>apache-artemis-2.6.2-source-release.tar.gz</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz.asc";>GPG
Signature</a></td>
</tr>
</tbody>
</table>
@@ -431,21 +460,21 @@
<tbody>
<tr>
<td>tar.gz:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz&action=download";>apache-artemis-1.5.6-bin.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz";>apache-artemis-1.5.6-bin.tar.gz</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>ZIP:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip&action=download";>apache-artemis-1.5.6-bin.zip</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip";>apache-artemis-1.5.6-bin.zip</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>Source Code Distribution:</td>
- <td><a
href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz&action=download";>apache-artemis-1.5.6-source-release.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.asc";>GPG
Signature</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz";>apache-artemis-1.5.6-source-release.tar.gz</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.asc";>GPG
Signature</a></td>
</tr>
</tbody>
</table>
Modified:
websites/production/activemq/content/activemq-website/projects/classic/download/index.html
==============================================================================
---
websites/production/activemq/content/activemq-website/projects/classic/download/index.html
(original)
+++
websites/production/activemq/content/activemq-website/projects/classic/download/index.html
Wed Mar 27 18:36:47 2019
@@ -114,7 +114,7 @@
<div class="col-12 activemq5">
<p>These are the current releases. For prior releases, please see the
<a href="../../../download-archives">past releases</a> page.</p>
-<h4 id="activemq-5158-released-nov-21-2018">ActiveMQ 5.15.8 (Released Nov 21,
2018)</h4>
+<h4 id="activemq-5159-march-19-2019">ActiveMQ 5.15.9 (March 19, 2019)</h4>
<p><a href="../documentation">Documentation</a></p>
@@ -122,21 +122,21 @@
<tbody>
<tr>
<td>Windows</td>
- <td><a
href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.8/apache-activemq-5.15.8-bin.tar.gz&action=download";>apache-activemq-5.15.8-bin.zip</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/5.15.8/apache-activemq-5.15.8-bin.zip.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/5.15.8/apache-activemq-5.15.8-bin.zip.asc";>GPG
Signature</a></td>
+ <td><a
href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.9/apache-activemq-5.15.9-bin.tar.gz&action=download";>apache-activemq-5.15.9-bin.zip</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/5.15.9/apache-activemq-5.15.9-bin.zip.sha512";>SHA512</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/5.15.9/apache-activemq-5.15.9-bin.zip.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>Unix/Linux/Cygwin</td>
- <td><a
href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.8/apache-activemq-5.15.8-bin.tar.gz&action=download";>apache-activemq-5.15.8-bin.tar.gz</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/5.15.8/apache-activemq-5.15.8-bin.tar.gz.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/5.15.8/apache-activemq-5.15.8-bin.tar.gz.asc";>GPG
Signature</a></td>
+ <td><a
href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.9/apache-activemq-5.15.9-bin.tar.gz&action=download";>apache-activemq-5.15.9-bin.tar.gz</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/5.15.9/apache-activemq-5.15.9-bin.tar.gz.sha512";>SHA512</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/5.15.9/apache-activemq-5.15.9-bin.tar.gz.asc";>GPG
Signature</a></td>
</tr>
<tr>
<td>Source Code Distribution:</td>
- <td><a
href="http://www.apache.org/dyn/closer.cgi?path=/activemq/5.15.8/activemq-parent-5.15.8-source-release.zip";>activemq-parent-5.15.8-source-release.zip</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/5.15.8/activemq-parent-5.15.8-source-release.zip.sha512";>SHA512</a></td>
- <td><a
href="https://www.apache.org/dist/activemq/5.15.8/activemq-parent-5.15.8-source-release.zip.asc";>GPG
Signature</a></td>
+ <td><a
href="http://www.apache.org/dyn/closer.cgi?path=/activemq/5.15.9/activemq-parent-5.15.9-source-release.zip";>activemq-parent-5.15.9-source-release.zip</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/5.15.9/activemq-parent-5.15.9-source-release.zip.sha512";>SHA512</a></td>
+ <td><a
href="https://www.apache.org/dist/activemq/5.15.9/activemq-parent-5.15.9-source-release.zip.asc";>GPG
Signature</a></td>
</tr>
</tbody>
</table>
Modified:
websites/production/activemq/content/activemq-website/projects/cms/download/390-release.html
==============================================================================
---
websites/production/activemq/content/activemq-website/projects/cms/download/390-release.html
(original)
+++
websites/production/activemq/content/activemq-website/projects/cms/download/390-release.html
Wed Mar 27 18:36:47 2019
@@ -137,18 +137,18 @@
<tbody>
<tr>
<td>Source code for Windows</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.zip";>activemq-cpp-library-3.9.0.src.zip</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.zip.asc";>activemq-cpp-library-3.9.0-src.zip.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.zip";>activemq-cpp-library-3.9.0.src.zip</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.zip.asc";>activemq-cpp-library-3.9.0-src.zip.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (gzipped)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.gz";>activemq-cpp-library-3.9.0-src.tar.gz</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.gz.asc";>activemq-cpp-library-3.9.0-src.tar.gz.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.gz";>activemq-cpp-library-3.9.0-src.tar.gz</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.gz.asc";>activemq-cpp-library-3.9.0-src.tar.gz.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (bz2)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.bz2";>activemq-cpp-library-3.9.0-src.tar.bz2</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.bz2.asc";>activemq-cpp-library-3.9.0.src.tar.bz2.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.bz2";>activemq-cpp-library-3.9.0-src.tar.bz2</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.bz2.asc";>activemq-cpp-library-3.9.0.src.tar.bz2.asc</a></td>
</tr>
</tbody>
</table>
Modified:
websites/production/activemq/content/activemq-website/projects/cms/download/391-release.html
==============================================================================
---
websites/production/activemq/content/activemq-website/projects/cms/download/391-release.html
(original)
+++
websites/production/activemq/content/activemq-website/projects/cms/download/391-release.html
Wed Mar 27 18:36:47 2019
@@ -137,18 +137,18 @@
<tbody>
<tr>
<td>Source code for Windows</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.zip";>activemq-cpp-library-3.9.1.src.zip</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.zip.asc";>activemq-cpp-library-3.9.1-src.zip.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.zip";>activemq-cpp-library-3.9.1.src.zip</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.zip.asc";>activemq-cpp-library-3.9.1-src.zip.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (gzipped)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.gz";>activemq-cpp-library-3.9.1-src.tar.gz</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.gz.asc";>activemq-cpp-library-3.9.1-src.tar.gz.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.gz";>activemq-cpp-library-3.9.1-src.tar.gz</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.gz.asc";>activemq-cpp-library-3.9.1-src.tar.gz.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (bz2)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.bz2";>activemq-cpp-library-3.9.1-src.tar.bz2</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.bz2.asc";>activemq-cpp-library-3.9.1.src.tar.bz2.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.bz2";>activemq-cpp-library-3.9.1-src.tar.bz2</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.bz2.asc";>activemq-cpp-library-3.9.1.src.tar.bz2.asc</a></td>
</tr>
</tbody>
</table>
Modified:
websites/production/activemq/content/activemq-website/projects/cms/download/392-release.html
==============================================================================
---
websites/production/activemq/content/activemq-website/projects/cms/download/392-release.html
(original)
+++
websites/production/activemq/content/activemq-website/projects/cms/download/392-release.html
Wed Mar 27 18:36:47 2019
@@ -137,18 +137,18 @@
<tbody>
<tr>
<td>Source code for Windows</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.zip";>activemq-cpp-library-3.9.2.src.zip</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.zip.asc";>activemq-cpp-library-3.9.2-src.zip.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.zip";>activemq-cpp-library-3.9.2.src.zip</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.zip.asc";>activemq-cpp-library-3.9.2-src.zip.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (gzipped)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.gz";>activemq-cpp-library-3.9.2-src.tar.gz</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.gz.asc";>activemq-cpp-library-3.9.2-src.tar.gz.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.gz";>activemq-cpp-library-3.9.2-src.tar.gz</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.gz.asc";>activemq-cpp-library-3.9.2-src.tar.gz.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (bz2)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.bz2";>activemq-cpp-library-3.9.2-src.tar.bz2</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.bz2.asc";>activemq-cpp-library-3.9.2.src.tar.bz2.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.bz2";>activemq-cpp-library-3.9.2-src.tar.bz2</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.bz2.asc";>activemq-cpp-library-3.9.2.src.tar.bz2.asc</a></td>
</tr>
</tbody>
</table>
Modified:
websites/production/activemq/content/activemq-website/projects/cms/download/393-release.html
==============================================================================
---
websites/production/activemq/content/activemq-website/projects/cms/download/393-release.html
(original)
+++
websites/production/activemq/content/activemq-website/projects/cms/download/393-release.html
Wed Mar 27 18:36:47 2019
@@ -137,18 +137,18 @@
<tbody>
<tr>
<td>Source code for Windows</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.zip";>activemq-cpp-library-3.9.3.src.zip</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.zip.asc";>activemq-cpp-library-3.9.3-src.zip.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.zip";>activemq-cpp-library-3.9.3.src.zip</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.zip.asc";>activemq-cpp-library-3.9.3-src.zip.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (gzipped)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.gz";>activemq-cpp-library-3.9.3-src.tar.gz</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.gz.asc";>activemq-cpp-library-3.9.3-src.tar.gz.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.gz";>activemq-cpp-library-3.9.3-src.tar.gz</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.gz.asc";>activemq-cpp-library-3.9.3-src.tar.gz.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (bz2)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.bz2";>activemq-cpp-library-3.9.3-src.tar.bz2</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.bz2.asc";>activemq-cpp-library-3.9.3.src.tar.bz2.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.bz2";>activemq-cpp-library-3.9.3-src.tar.bz2</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.bz2.asc";>activemq-cpp-library-3.9.3.src.tar.bz2.asc</a></td>
</tr>
</tbody>
</table>
Modified:
websites/production/activemq/content/activemq-website/projects/cms/download/394-release.html
==============================================================================
---
websites/production/activemq/content/activemq-website/projects/cms/download/394-release.html
(original)
+++
websites/production/activemq/content/activemq-website/projects/cms/download/394-release.html
Wed Mar 27 18:36:47 2019
@@ -137,18 +137,18 @@
<tbody>
<tr>
<td>Source code for Windows</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.zip";>activemq-cpp-library-3.9.4.src.zip</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.zip.asc";>activemq-cpp-library-3.9.4-src.zip.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.zip";>activemq-cpp-library-3.9.4.src.zip</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.zip.asc";>activemq-cpp-library-3.9.4-src.zip.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (gzipped)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.gz";>activemq-cpp-library-3.9.4-src.tar.gz</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.gz.asc";>activemq-cpp-library-3.9.4-src.tar.gz.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.gz";>activemq-cpp-library-3.9.4-src.tar.gz</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.gz.asc";>activemq-cpp-library-3.9.4-src.tar.gz.asc</a></td>
</tr>
<tr>
<td>Source code for Unix (bz2)</td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.bz2";>activemq-cpp-library-3.9.4-src.tar.bz2</a></td>
- <td><a
href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.bz2.asc";>activemq-cpp-library-3.9.4.src.tar.bz2.asc</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.bz2";>activemq-cpp-library-3.9.4-src.tar.bz2</a></td>
+ <td><a
href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.bz2.asc";>activemq-cpp-library-3.9.4.src.tar.bz2.asc</a></td>
</tr>
</tbody>
</table>
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3576-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3576-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3576-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,18 @@
+CVE-2014-3576: Remote Unauthenticated Shutdown of Broker (DoS)
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.10.1
+
+Description:
+It is possible to shutdown an ActiveMQ broker remotely without authentication.
The offending network packet is sent to the same port as a message consumer or
producer would connect to. If the port is exposed,
+the attack will be possible.
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.11.0
+
+
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3579-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3579-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3579-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,18 @@
+CVE-2014-3579: Apache ActiveMQ Apollo XXE with XPath selectors
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ Apollo 1.0 - 1.7
+
+Description:
+It is possible for a consumer dequeuing XML message(s) to specify an XPath
based selector thus causing the broker to evaluate the expression and attempt
to match it against the messages in the queue while also performing an XML
external entity resolution.
+
+Mitigation:
+Upgrade to Apache ActiveMQ Apollo 1.7.1
+
+Credit:
+This issue was discovered by Georgi Geshev from MWR Labs.
\ No newline at end of file
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3600-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3600-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3600-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,18 @@
+CVE-2014-3600: Apache ActiveMQ XXE with XPath selectors
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.10.0
+
+Description:
+It is possible for a consumer dequeuing XML message(s) to specify an XPath
based selector thus causing the broker to evaluate the expression and attempt
to match it against the messages in the queue while also performing an XML
external entity resolution.
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.10.1 or 5.11.0
+
+Credit:
+This issue was discovered by Georgi Geshev from MWR Labs.
\ No newline at end of file
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3612-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3612-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3612-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,19 @@
+CVE-2014-3612: ActiveMQ JAAS: LDAPLoginModule allows empty password
authentication and Wildcard Interpretation
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.10.0
+
+Description:
+It was found that if a configured LDAP server supported the unauthenticated
authentication mechanism (as described by RFC 4513), the LDAPLoginModule
implementation, provided by ActiveMQ Java Authentication and Authorization
Service (JAAS), would consider an authentication attempt to be successful for a
valid user that provided an empty password. A remote attacker could use this
flaw to bypass the authentication mechanism of an application using
LDAPLoginModule, and assume a role of any valid user within that application.
Additionally, when LDAP authentication is enabled, it is possible for an
attacker to supply a wildcard operator instead of a username, which will
effectively allow him to brute force a password for an unknown but valid
account as opposed to brute forcing a combination of username and password.
Once a valid password is found, the attacker can successfully authenticate with
LDAP and publish/subscribe to a queue.
+
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.10.1 or 5.11.0
+
+Credit:
+This issue was discovered by Georgi Geshev from MWR Labs and Arun Babu
Neelicattu from RedHat.
\ No newline at end of file
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-8110-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-8110-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-8110-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,19 @@
+CVE-2014-8110: ActiveMQ Web Console - Cross-Site Scripting
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.10.0
+
+Description:
+Several instances of cross-site scripting vulnerabilities were identified to
be present in the web based administration console. The root cause of this
issue is improper user data output validation.
+
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.10.1 or 5.11.0
+
+Credit:
+This issue was discovered by Georgi Geshev from MWR Labs
\ No newline at end of file
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-1830-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-1830-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-1830-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,28 @@
+CVE-2015-1830 - Path traversal leading to unauthenticated RCE in ActiveMQ
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.11.1
+
+Description:
+
+There is a directory traversal flaw in the fileserver upload/download
functionality used for blob messages.
+The attacker can put a jsp file in the admin console and execute shell command
from there. Itâs only vulnerable in the Windows OS.
+
+Mitigation:
+
+Upgrade to Apache ActiveMQ 5.12.0 or 5.11.2. The workaround in case fileserver
is not used and upgrade is not prefereable is to disable that functionality. It
can be done by removing (commenting out) the following lines from
conf\jetty.xml file
+
+<bean class="org.eclipse.jetty.webapp.WebAppContext">
+ <property name="contextPath" value="/fileserver" />
+ <property name="resourceBase" value="${activemq.home}/webapps/fileserver"
/>
+ <property name="logUrlOnStart" value="true" />
+ <property name="parentLoaderPriority" value="true" />
+</bean>
+
+Credit:
+This issue was discovered by separated reports of David Jorm from IIX Product
Security and Steven Seeley from Source Incite working with HP's Zero Day
Initiative (ZDI)
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-5254-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-5254-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-5254-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,28 @@
+CVE-2015-5254 - Unsafe deserialization in ActiveMQ
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.12.1
+
+Description:
+
+JMS Object messages depends on Java Serialization for marshaling/unmashaling
of the message payload. There are a couple of places inside the broker where
deserialization can occur, like web console or stomp object message
transformation. As deserialization of untrusted data can leaed to security
flaws as demonstrated in various reports, this leaves the broker vunerable to
this attack vector. Additionally, applications that consume ObjectMessage type
of messages can be vunerable as they deserlize objects on
ObjectMessage.getObject() calls.
+
+Mitigation:
+
+Upgrade to Apache ActiveMQ 5.13.0. Additionally if you're using ObjectMessage
message type, you need to explicitly list trusted packages. To see how to do
that, please take a look at: http://activemq.apache.org/objectmessage.html
+
+
+
+Credit:
+This issue was discovered by:
+
+* Alvaro Muñoz - @pwntester
+* Matthias Kaiser - @matthias_kaiser
+* Christian Schneider - @cschneider4711
+
+Special thanks to Matthias Kaiser for providing the detailed analysis of the
vunerability.
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-7559-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-7559-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-7559-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,23 @@
+CVE-2015-7559 - DoS in client via shutdown command
+
+Severity: Low
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.14.4
+
+Description:
+
+It was found that Apache ActiveMQ client exposed a remote shutdown command in
the ActiveMQConnection class. An attacker could use this flaw to achieve denial
of service on a client.
+
+Mitigation:
+
+Upgrade to Apache ActiveMQ 5.14.5.
+
+
+
+Credit:
+
+Thanks to Chess Hazlett for reporting this vulnerability
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0734-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0734-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0734-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,19 @@
+CVE-2016-0734: ActiveMQ Web Console - Clickjacking
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.13.1
+
+Description:
+The web based administration console does not set the X-Frame-Options header
in HTTP responses. This allows the console to be embedded in a frame or iframe
which could then be used to cause a user to perform an unintended action in the
console.
+
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.13.2
+
+Credit:
+This issue was discovered by Michael Furman
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0782-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0782-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0782-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,19 @@
+CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.13.0
+
+Description:
+Several instances of cross-site scripting vulnerabilities were identified to
be present in the web based administration console as well as the ability to
trigger a Java memory dump into an arbitrary folder. The root cause of these
issues are improper user data output validation and incorrect permissions
configured on Jolokia.
+
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.1
+
+Credit:
+This issue was discovered by Vladimir Ivanov (Positive Technologies)
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-3088-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-3088-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-3088-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,26 @@
+CVE-2016-3088 - ActiveMQ Fileserver web application vulnerabilities
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.13.x
+
+Description:
+
+Multiple vulnerabilities have been identified in the Apache ActiveMQ
Fileserver web application. These are similar to those reported in
CVE-2015-1830 and can allow attackers to replace web application files with
malicious code and perform remote code execution on the system.
+
+Mitigation:
+
+Fileserver feature will be completely removed starting with 5.14.0 release.
Users are advised to use other FTP and HTTP based file servers for transferring
blob messages. Fileserver web application SHOULD NOT be used in older version
of the broker and it should be disabled (it has been disabled by default since
5.12.0). This can be done by removing (commenting out) the following lines from
conf\jetty.xml file
+
+<bean class="org.eclipse.jetty.webapp.WebAppContext">
+ <property name="contextPath" value="/fileserver" />
+ <property name="resourceBase" value="${activemq.home}/webapps/fileserver"
/>
+ <property name="logUrlOnStart" value="true" />
+ <property name="parentLoaderPriority" value="true" />
+</bean>
+
+Credit:
+This issue was discovered by separated reports of Simon Zuckerbraun and Andrea
Micalizzi (rgod) of Trend Micro Zero Day Initiative
\ No newline at end of file
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-6810-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-6810-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-6810-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,19 @@
+CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.14.1
+
+Description:
+An instance of a cross-site scripting vulnerability was identified to be
present in the web based administration console. The root cause of this issue
is improper user data output validation.
+
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.14.2
+
+Credit:
+This issue was discovered by Toshitsugu Yoneyama of Mitsui Bussan Secure
Directions, Inc. and was reported by JPCERT/CC.
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2017-15709-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2017-15709-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2017-15709-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,21 @@
+
+CVE-2017-15709 - Information Leak
+
+Severity: Low
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.14.0 - 5.15.2
+
+Description:
+
+When using the OpenWire protocol it was found that certain system details
(such as the OS and kernel version) are exposed as plain text.
+
+Mitigation:
+
+Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.15.3.
+
+Credit:
+This issue was discovered by QingTeng cloud Security of Minded Security
Researcher jianan.huang
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-11775-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-11775-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-11775-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,21 @@
+
+CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.15.5
+
+Description:
+
+TLS hostname verification when using the Apache ActiveMQ Client was missing
which could make the client vulnerable to a MITM attack between a Java
application using the ActiveMQ client and the ActiveMQ server. This is now
enabled by default.
+
+Mitigation:
+
+Upgrade to Apache ActiveMQ 5.15.6
+
+Credit:
+This issue was discovered by Peter Stöckli (Alphabot Security)
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-8006-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-8006-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-8006-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,20 @@
+
+CVE-2018-8006: ActiveMQ Web Console - Cross-Site Scripting
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.15.5
+
+Description:
+An instance of a cross-site scripting vulnerability was identified to be
present in the web based administration console on the queue.jsp page. The root
cause of this issue is improper data filtering of the QueueFilter parameter.
+
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.15.6 or disable the Web Console
+
+Credit:
+This issue was discovered by Robert Foggia of SpiderLabs
Added:
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2019-0222-announcement.txt
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2019-0222-announcement.txt
(added)
+++
websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2019-0222-announcement.txt
Wed Mar 27 18:36:47 2019
@@ -0,0 +1,22 @@
+CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.15.8
+
+Description:
+Unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception
making it unresponsive.
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.15.9. Alternatevly, you can manually upgrade MQTT
library to version 1.15 in lib/extra directory. You can download the jar from
https://repo1.maven.org/maven2/org/fusesource/mqtt-client/mqtt-client/1.15/mqtt-client-1.15.jar.
If you don't use MQTT protocol, you can disable the transport as well.
+
+
+Credit:
+This issue was discovered by:
+
+* Indrajeet Singh - <insi_2...@ymail.com>
+
Modified:
websites/production/activemq/content/activemq-website/security-advisories.html
==============================================================================
---
websites/production/activemq/content/activemq-website/security-advisories.html
(original)
+++
websites/production/activemq/content/activemq-website/security-advisories.html
Wed Mar 27 18:36:47 2019
@@ -116,31 +116,43 @@
<h2 id="apache-activemq">Apache ActiveMQ</h2>
+<h4 id="2019">2019</h4>
+<ul>
+ <li><a
href="security-advisories.data/CVE-2019-0222-announcement.txt">CVE-2019-0222</a>
- Corrupt MQTT frame can cause broker shutdown</li>
+</ul>
+
+<h4 id="2018">2018</h4>
+<ul>
+ <li><a
href="security-advisories.data/CVE-2018-8006-announcement.txt">CVE-2018-8006</a>
- ActiveMQ Web Console - Cross-Site Scripting</li>
+ <li><a
href="security-advisories.data/CVE-2017-15709-announcement.txt">CVE-2017-15709</a>
- Information Leak</li>
+ <li><a
href="security-advisories.data/CVE-2018-11775-announcement.txt">CVE-2018-11775</a>
- Missing TLS Hostname Verification</li>
+</ul>
+
<h4 id="2017">2017</h4>
<ul>
- <li><a
href="security-advisories.data/CVE-2015-7559-announcement.txt?version=1&modificationDate=1493024710000&api=v2">CVE-2015-7559</a>
-Â DoS in client via shutdown command</li>
+ <li><a
href="security-advisories.data/CVE-2015-7559-announcement.txt">CVE-2015-7559</a>
-Â DoS in client via shutdown command</li>
</ul>
<h4 id="2016">2016</h4>
<ul>
- <li><a
href="security-advisories.data/CVE-2016-6810-announcement.txt?version=2&modificationDate=1481290006000&api=v2">CVE-2016-6810</a>Â
-Â ActiveMQ Web Console - Cross-Site Scripting</li>
- <li><a
href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&modificationDate=1457613666000&api=v2">CVE-2016-0734</a>Â
-Â ActiveMQ Web Console - Clickjacking</li>
- <li><a
href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&modificationDate=1458229308000&api=v2">CVE-2016-0782</a>Â
-Â ActiveMQ Web Console - Cross-Site Scripting</li>
- <li><a
href="security-advisories.data/CVE-2016-3088-announcement.txt?version=5&modificationDate=1464092715000&api=v2">CVE-2016-3088</a>
-Â ActiveMQ Fileserver web application vulnerabilities</li>
+ <li><a
href="security-advisories.data/CVE-2016-6810-announcement.txt">CVE-2016-6810</a>Â
-Â ActiveMQ Web Console - Cross-Site Scripting</li>
+ <li><a
href="security-advisories.data/CVE-2016-0734-announcement.txt">CVE-2016-0734</a>Â
-Â ActiveMQ Web Console - Clickjacking</li>
+ <li><a
href="security-advisories.data/CVE-2016-0782-announcement.txt">CVE-2016-0782</a>Â
-Â ActiveMQ Web Console - Cross-Site Scripting</li>
+ <li><a
href="security-advisories.data/CVE-2016-3088-announcement.txt">CVE-2016-3088</a>
-Â ActiveMQ Fileserver web application vulnerabilities</li>
</ul>
<h4 id="2015">2015</h4>
<ul>
- <li><a
href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2">CVE-2015-5254</a>
-Â Unsafe deserialization in ActiveMQ</li>
- <li><a
href="security-advisories.data/CVE-2015-1830-announcement.txt?version=2&modificationDate=1440426986000&api=v2">CVE-2015-1830</a>
- Path traversal leading to unauthenticated RCE in ActiveMQÂ </li>
+ <li><a
href="security-advisories.data/CVE-2015-5254-announcement.txt">CVE-2015-5254</a>
-Â Unsafe deserialization in ActiveMQ</li>
+ <li><a
href="security-advisories.data/CVE-2015-1830-announcement.txt">CVE-2015-1830</a>
- Path traversal leading to unauthenticated RCE in ActiveMQÂ </li>
</ul>
<h4 id="2014">2014</h4>
<ul>
- <li><a
href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&modificationDate=1446901063000&api=v2">CVE-2014-3576</a>
-Â Remote Unauthenticated Shutdown of Broker (DoS)</li>
- <li><a
href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2">CVE-2014-3600</a>Â
-Â Apache ActiveMQ XXE with XPath selectors</li>
- <li><a
href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2">CVE-2014-3612</a>
-Â ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and
Wildcard Interpretation</li>
- <li><a
href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2">CVE-2014-8110</a>
-Â ActiveMQ Web Console - Cross-Site Scripting</li>
+ <li><a
href="security-advisories.data/CVE-2014-3576-announcement.txt">CVE-2014-3576</a>
-Â Remote Unauthenticated Shutdown of Broker (DoS)</li>
+ <li><a
href="security-advisories.data/CVE-2014-3600-announcement.txt">CVE-2014-3600</a>Â
-Â Apache ActiveMQ XXE with XPath selectors</li>
+ <li><a
href="security-advisories.data/CVE-2014-3612-announcement.txt">CVE-2014-3612</a>
-Â ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and
Wildcard Interpretation</li>
+ <li><a
href="security-advisories.data/CVE-2014-8110-announcement.txt">CVE-2014-8110</a>
-Â ActiveMQ Web Console - Cross-Site Scripting</li>
</ul>
<h2 id="activemq-apollo">ActiveMQ Apollo</h2>
