Author: robbie Date: Wed Mar 27 18:36:47 2019 New Revision: 1042639 Log: refresh staged bits with recent changes
Added: websites/production/activemq/content/activemq-website/security-advisories.data/ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3576-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3579-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3600-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3612-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-8110-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-1830-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-5254-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-7559-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0734-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0782-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-3088-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-6810-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2017-15709-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-11775-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-8006-announcement.txt websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2019-0222-announcement.txt Modified: websites/production/activemq/content/activemq-website/projects/artemis/download/index.html websites/production/activemq/content/activemq-website/projects/artemis/download/past_releases.html websites/production/activemq/content/activemq-website/projects/classic/download/index.html websites/production/activemq/content/activemq-website/projects/cms/download/390-release.html websites/production/activemq/content/activemq-website/projects/cms/download/391-release.html websites/production/activemq/content/activemq-website/projects/cms/download/392-release.html websites/production/activemq/content/activemq-website/projects/cms/download/393-release.html websites/production/activemq/content/activemq-website/projects/cms/download/394-release.html websites/production/activemq/content/activemq-website/security-advisories.html Modified: websites/production/activemq/content/activemq-website/projects/artemis/download/index.html ============================================================================== --- websites/production/activemq/content/activemq-website/projects/artemis/download/index.html (original) +++ websites/production/activemq/content/activemq-website/projects/artemis/download/index.html Wed Mar 27 18:36:47 2019 @@ -116,58 +116,52 @@ <p>The keys file for verifying these releases can be obtained <a href="https://www.apache.org/dist/activemq/KEYS">here</a>.</p> -<h4 id="activemq-artemis-264--january-23-2019">ActiveMQ Artemis 2.6.4 (January 23, 2019)</h4> -<p><a href="release-notes-2.6.4">Release Notes</a> | <a href="commit-report-2.6.4">Git Report</a> | <a href="../documentation/latest">Documentation</a></p> +<h4 id="activemq-artemis-270--march-20-2019">ActiveMQ Artemis 2.7.0 (March 20, 2019)</h4> +<p><a href="release-notes-2.7.0">Release Notes</a> | <a href="commit-report-2.7.0">Git Report</a> | <a href="../documentation/latest">Documentation</a></p> <table> <tbody> <tr> <td>tar.gz:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz&action=download">apache-artemis-2.6.4-bin.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz.asc">GPG Signature</a></td> + <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.tar.gz&action=download">apache-artemis-2.7.0-bin.tar.gz</a></td> + <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.tar.gz.sha512">SHA512</a></td> + <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.tar.gz.asc">GPG Signature</a></td> </tr> <tr> <td>ZIP:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip&action=download">apache-artemis-2.6.4-bin.zip</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip.asc">GPG Signature</a></td> + <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.zip&action=download">apache-artemis-2.7.0-bin.zip</a></td> + <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.zip.sha512">SHA512</a></td> + <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-bin.zip.asc">GPG Signature</a></td> </tr> <tr> - <td>Source Code Distribution:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz&action=download">apache-artemis-2.6.4-source-release.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz.asc">GPG Signature</a></td> + <td>Source Distribution:</td> + <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-source-release.tar.gz&action=download">apache-artemis-2.7.0-source-release.tar.gz</a></td> + <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-source-release.tar.gz.sha512">SHA512</a></td> + <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.7.0/apache-artemis-2.7.0-source-release.tar.gz.asc">GPG Signature</a></td> </tr> </tbody> </table> -<h4 id="activemq-artemis-156--february-26-2018">ActiveMQ Artemis 1.5.6 (February 26, 2018)</h4> -<p><a href="release-notes-1.5.6">Release Notes</a> | <a href="../documentation/1.5.6">Documentation</a></p> +<p><br /></p> + +<h4 id="activemq-artemis-native-layer-100--march-7-2019">ActiveMQ Artemis Native Layer 1.0.0 (March 7, 2019)</h4> + +<p><a href="release-notes-native-1.0.0">Release Notes</a></p> <table> <tbody> <tr> - <td>tar.gz:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz&action=download">apache-artemis-1.5.6-bin.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.asc">GPG Signature</a></td> - </tr> - <tr> - <td>ZIP:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip&action=download">apache-artemis-1.5.6-bin.zip</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.asc">GPG Signature</a></td> - </tr> - <tr> - <td>Source Code Distribution:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz&action=download">apache-artemis-1.5.6-source-release.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.asc">GPG Signature</a></td> + <td>Source Distribution:</td> + <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis-native/1.0.0/activemq-artemis-native-1.0.0-source-release.zip&action=download">apache-artemis-native-1.0.0-source-release.zip</a></td> + <td><a href="https://www.apache.org/dist/activemq/activemq-artemis-native/1.0.0/activemq-artemis-native-1.0.0-source-release.zip.sha512">SHA512</a></td> + <td><a href="https://www.apache.org/dist/activemq/activemq-artemis-native/1.0.0/activemq-artemis-native-1.0.0-source-release.zip.asc">GPG Signature</a></td> </tr> </tbody> </table> +<p>This is the native layer used by ActiveMQ Artemis on storage.</p> + + </div> </div> </div> Modified: websites/production/activemq/content/activemq-website/projects/artemis/download/past_releases.html ============================================================================== --- websites/production/activemq/content/activemq-website/projects/artemis/download/past_releases.html (original) +++ websites/production/activemq/content/activemq-website/projects/artemis/download/past_releases.html Wed Mar 27 18:36:47 2019 @@ -118,6 +118,35 @@ <p>For any releases not shown here, check the <a href="https://archive.apache.org/dist/activemq/activemq-artemis/">archive</a>.</p> +<h4 id="activemq-artemis-264">ActiveMQ Artemis 2.6.4</h4> + +<p><a href="release-notes-2.6.4">Release Notes</a> | <a href="commit-report-2.6.4">Git Report</a> | <a href="../documentation/2.6.0">Documentation</a></p> + +<table> + <tbody> + <tr> + <td>tar.gz:</td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz">apache-artemis-2.6.4-bin.tar.gz</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.tar.gz.asc">GPG Signature</a></td> + </tr> + <tr> + <td>ZIP:</td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip">apache-artemis-2.6.4-bin.zip</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-bin.zip.asc">GPG Signature</a></td> + </tr> + <tr> + <td>Source Code Distribution:</td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz">apache-artemis-2.6.4-source-release.tar.gz</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.4/apache-artemis-2.6.4-source-release.tar.gz.asc">GPG Signature</a></td> + </tr> + </tbody> +</table> + +<p><br /></p> + <h4 id="activemq-artemis-263">ActiveMQ Artemis 2.6.3</h4> <p><a href="release-notes-2.6.3">Release Notes</a> | <a href="commit-report-2.6.3">Git Report</a> | <a href="../documentation/2.6.0">Documentation</a></p> @@ -126,21 +155,21 @@ <tbody> <tr> <td>tar.gz:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz&action=download">apache-artemis-2.6.3-bin.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz">apache-artemis-2.6.3-bin.tar.gz</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.tar.gz.asc">GPG Signature</a></td> </tr> <tr> <td>ZIP:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip&action=download">apache-artemis-2.6.3-bin.zip</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip">apache-artemis-2.6.3-bin.zip</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-bin.zip.asc">GPG Signature</a></td> </tr> <tr> <td>Source Code Distribution:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz&action=download">apache-artemis-2.6.3-source-release.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz">apache-artemis-2.6.3-source-release.tar.gz</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.3/apache-artemis-2.6.3-source-release.tar.gz.asc">GPG Signature</a></td> </tr> </tbody> </table> @@ -155,21 +184,21 @@ <tbody> <tr> <td>tar.gz:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz&action=download">apache-artemis-2.6.2-bin.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz">apache-artemis-2.6.2-bin.tar.gz</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.tar.gz.asc">GPG Signature</a></td> </tr> <tr> <td>ZIP:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip&action=download">apache-artemis-2.6.2-bin.zip</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip">apache-artemis-2.6.2-bin.zip</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-bin.zip.asc">GPG Signature</a></td> </tr> <tr> <td>Source Code Distribution:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz&action=download">apache-artemis-2.6.2-source-release.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz">apache-artemis-2.6.2-source-release.tar.gz</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/2.6.2/apache-artemis-2.6.2-source-release.tar.gz.asc">GPG Signature</a></td> </tr> </tbody> </table> @@ -431,21 +460,21 @@ <tbody> <tr> <td>tar.gz:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz&action=download">apache-artemis-1.5.6-bin.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz">apache-artemis-1.5.6-bin.tar.gz</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.tar.gz.asc">GPG Signature</a></td> </tr> <tr> <td>ZIP:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip&action=download">apache-artemis-1.5.6-bin.zip</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip">apache-artemis-1.5.6-bin.zip</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-bin.zip.asc">GPG Signature</a></td> </tr> <tr> <td>Source Code Distribution:</td> - <td><a href="https://www.apache.org/dyn/closer.cgi?filename=activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz&action=download">apache-artemis-1.5.6-source-release.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.asc">GPG Signature</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz">apache-artemis-1.5.6-source-release.tar.gz</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.sha512">SHA512</a></td> + <td><a href="https://archive.apache.org/dist/activemq/activemq-artemis/1.5.6/apache-artemis-1.5.6-source-release.tar.gz.asc">GPG Signature</a></td> </tr> </tbody> </table> Modified: websites/production/activemq/content/activemq-website/projects/classic/download/index.html ============================================================================== --- websites/production/activemq/content/activemq-website/projects/classic/download/index.html (original) +++ websites/production/activemq/content/activemq-website/projects/classic/download/index.html Wed Mar 27 18:36:47 2019 @@ -114,7 +114,7 @@ <div class="col-12 activemq5"> <p>These are the current releases. For prior releases, please see the <a href="../../../download-archives">past releases</a> page.</p> -<h4 id="activemq-5158-released-nov-21-2018">ActiveMQ 5.15.8 (Released Nov 21, 2018)</h4> +<h4 id="activemq-5159-march-19-2019">ActiveMQ 5.15.9 (March 19, 2019)</h4> <p><a href="../documentation">Documentation</a></p> @@ -122,21 +122,21 @@ <tbody> <tr> <td>Windows</td> - <td><a href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.8/apache-activemq-5.15.8-bin.tar.gz&action=download">apache-activemq-5.15.8-bin.zip</a></td> - <td><a href="https://www.apache.org/dist/activemq/5.15.8/apache-activemq-5.15.8-bin.zip.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/5.15.8/apache-activemq-5.15.8-bin.zip.asc">GPG Signature</a></td> + <td><a href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.9/apache-activemq-5.15.9-bin.tar.gz&action=download">apache-activemq-5.15.9-bin.zip</a></td> + <td><a href="https://www.apache.org/dist/activemq/5.15.9/apache-activemq-5.15.9-bin.zip.sha512">SHA512</a></td> + <td><a href="https://www.apache.org/dist/activemq/5.15.9/apache-activemq-5.15.9-bin.zip.asc">GPG Signature</a></td> </tr> <tr> <td>Unix/Linux/Cygwin</td> - <td><a href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.8/apache-activemq-5.15.8-bin.tar.gz&action=download">apache-activemq-5.15.8-bin.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/activemq/5.15.8/apache-activemq-5.15.8-bin.tar.gz.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/5.15.8/apache-activemq-5.15.8-bin.tar.gz.asc">GPG Signature</a></td> + <td><a href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.9/apache-activemq-5.15.9-bin.tar.gz&action=download">apache-activemq-5.15.9-bin.tar.gz</a></td> + <td><a href="https://www.apache.org/dist/activemq/5.15.9/apache-activemq-5.15.9-bin.tar.gz.sha512">SHA512</a></td> + <td><a href="https://www.apache.org/dist/activemq/5.15.9/apache-activemq-5.15.9-bin.tar.gz.asc">GPG Signature</a></td> </tr> <tr> <td>Source Code Distribution:</td> - <td><a href="http://www.apache.org/dyn/closer.cgi?path=/activemq/5.15.8/activemq-parent-5.15.8-source-release.zip">activemq-parent-5.15.8-source-release.zip</a></td> - <td><a href="https://www.apache.org/dist/activemq/5.15.8/activemq-parent-5.15.8-source-release.zip.sha512">SHA512</a></td> - <td><a href="https://www.apache.org/dist/activemq/5.15.8/activemq-parent-5.15.8-source-release.zip.asc">GPG Signature</a></td> + <td><a href="http://www.apache.org/dyn/closer.cgi?path=/activemq/5.15.9/activemq-parent-5.15.9-source-release.zip">activemq-parent-5.15.9-source-release.zip</a></td> + <td><a href="https://www.apache.org/dist/activemq/5.15.9/activemq-parent-5.15.9-source-release.zip.sha512">SHA512</a></td> + <td><a href="https://www.apache.org/dist/activemq/5.15.9/activemq-parent-5.15.9-source-release.zip.asc">GPG Signature</a></td> </tr> </tbody> </table> Modified: websites/production/activemq/content/activemq-website/projects/cms/download/390-release.html ============================================================================== --- websites/production/activemq/content/activemq-website/projects/cms/download/390-release.html (original) +++ websites/production/activemq/content/activemq-website/projects/cms/download/390-release.html Wed Mar 27 18:36:47 2019 @@ -137,18 +137,18 @@ <tbody> <tr> <td>Source code for Windows</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.zip">activemq-cpp-library-3.9.0.src.zip</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.zip.asc">activemq-cpp-library-3.9.0-src.zip.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.zip">activemq-cpp-library-3.9.0.src.zip</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.zip.asc">activemq-cpp-library-3.9.0-src.zip.asc</a></td> </tr> <tr> <td>Source code for Unix (gzipped)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.gz">activemq-cpp-library-3.9.0-src.tar.gz</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.gz.asc">activemq-cpp-library-3.9.0-src.tar.gz.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.gz">activemq-cpp-library-3.9.0-src.tar.gz</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.gz.asc">activemq-cpp-library-3.9.0-src.tar.gz.asc</a></td> </tr> <tr> <td>Source code for Unix (bz2)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.bz2">activemq-cpp-library-3.9.0-src.tar.bz2</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.bz2.asc">activemq-cpp-library-3.9.0.src.tar.bz2.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.bz2">activemq-cpp-library-3.9.0-src.tar.bz2</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.0/activemq-cpp-library-3.9.0-src.tar.bz2.asc">activemq-cpp-library-3.9.0.src.tar.bz2.asc</a></td> </tr> </tbody> </table> Modified: websites/production/activemq/content/activemq-website/projects/cms/download/391-release.html ============================================================================== --- websites/production/activemq/content/activemq-website/projects/cms/download/391-release.html (original) +++ websites/production/activemq/content/activemq-website/projects/cms/download/391-release.html Wed Mar 27 18:36:47 2019 @@ -137,18 +137,18 @@ <tbody> <tr> <td>Source code for Windows</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.zip">activemq-cpp-library-3.9.1.src.zip</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.zip.asc">activemq-cpp-library-3.9.1-src.zip.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.zip">activemq-cpp-library-3.9.1.src.zip</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.zip.asc">activemq-cpp-library-3.9.1-src.zip.asc</a></td> </tr> <tr> <td>Source code for Unix (gzipped)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.gz">activemq-cpp-library-3.9.1-src.tar.gz</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.gz.asc">activemq-cpp-library-3.9.1-src.tar.gz.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.gz">activemq-cpp-library-3.9.1-src.tar.gz</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.gz.asc">activemq-cpp-library-3.9.1-src.tar.gz.asc</a></td> </tr> <tr> <td>Source code for Unix (bz2)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.bz2">activemq-cpp-library-3.9.1-src.tar.bz2</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.bz2.asc">activemq-cpp-library-3.9.1.src.tar.bz2.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.bz2">activemq-cpp-library-3.9.1-src.tar.bz2</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.1/activemq-cpp-library-3.9.1-src.tar.bz2.asc">activemq-cpp-library-3.9.1.src.tar.bz2.asc</a></td> </tr> </tbody> </table> Modified: websites/production/activemq/content/activemq-website/projects/cms/download/392-release.html ============================================================================== --- websites/production/activemq/content/activemq-website/projects/cms/download/392-release.html (original) +++ websites/production/activemq/content/activemq-website/projects/cms/download/392-release.html Wed Mar 27 18:36:47 2019 @@ -137,18 +137,18 @@ <tbody> <tr> <td>Source code for Windows</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.zip">activemq-cpp-library-3.9.2.src.zip</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.zip.asc">activemq-cpp-library-3.9.2-src.zip.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.zip">activemq-cpp-library-3.9.2.src.zip</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.zip.asc">activemq-cpp-library-3.9.2-src.zip.asc</a></td> </tr> <tr> <td>Source code for Unix (gzipped)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.gz">activemq-cpp-library-3.9.2-src.tar.gz</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.gz.asc">activemq-cpp-library-3.9.2-src.tar.gz.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.gz">activemq-cpp-library-3.9.2-src.tar.gz</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.gz.asc">activemq-cpp-library-3.9.2-src.tar.gz.asc</a></td> </tr> <tr> <td>Source code for Unix (bz2)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.bz2">activemq-cpp-library-3.9.2-src.tar.bz2</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.bz2.asc">activemq-cpp-library-3.9.2.src.tar.bz2.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.bz2">activemq-cpp-library-3.9.2-src.tar.bz2</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.2/activemq-cpp-library-3.9.2-src.tar.bz2.asc">activemq-cpp-library-3.9.2.src.tar.bz2.asc</a></td> </tr> </tbody> </table> Modified: websites/production/activemq/content/activemq-website/projects/cms/download/393-release.html ============================================================================== --- websites/production/activemq/content/activemq-website/projects/cms/download/393-release.html (original) +++ websites/production/activemq/content/activemq-website/projects/cms/download/393-release.html Wed Mar 27 18:36:47 2019 @@ -137,18 +137,18 @@ <tbody> <tr> <td>Source code for Windows</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.zip">activemq-cpp-library-3.9.3.src.zip</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.zip.asc">activemq-cpp-library-3.9.3-src.zip.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.zip">activemq-cpp-library-3.9.3.src.zip</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.zip.asc">activemq-cpp-library-3.9.3-src.zip.asc</a></td> </tr> <tr> <td>Source code for Unix (gzipped)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.gz">activemq-cpp-library-3.9.3-src.tar.gz</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.gz.asc">activemq-cpp-library-3.9.3-src.tar.gz.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.gz">activemq-cpp-library-3.9.3-src.tar.gz</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.gz.asc">activemq-cpp-library-3.9.3-src.tar.gz.asc</a></td> </tr> <tr> <td>Source code for Unix (bz2)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.bz2">activemq-cpp-library-3.9.3-src.tar.bz2</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.bz2.asc">activemq-cpp-library-3.9.3.src.tar.bz2.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.bz2">activemq-cpp-library-3.9.3-src.tar.bz2</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.3/activemq-cpp-library-3.9.3-src.tar.bz2.asc">activemq-cpp-library-3.9.3.src.tar.bz2.asc</a></td> </tr> </tbody> </table> Modified: websites/production/activemq/content/activemq-website/projects/cms/download/394-release.html ============================================================================== --- websites/production/activemq/content/activemq-website/projects/cms/download/394-release.html (original) +++ websites/production/activemq/content/activemq-website/projects/cms/download/394-release.html Wed Mar 27 18:36:47 2019 @@ -137,18 +137,18 @@ <tbody> <tr> <td>Source code for Windows</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.zip">activemq-cpp-library-3.9.4.src.zip</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.zip.asc">activemq-cpp-library-3.9.4-src.zip.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.zip">activemq-cpp-library-3.9.4.src.zip</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.zip.asc">activemq-cpp-library-3.9.4-src.zip.asc</a></td> </tr> <tr> <td>Source code for Unix (gzipped)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.gz">activemq-cpp-library-3.9.4-src.tar.gz</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.gz.asc">activemq-cpp-library-3.9.4-src.tar.gz.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.gz">activemq-cpp-library-3.9.4-src.tar.gz</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.gz.asc">activemq-cpp-library-3.9.4-src.tar.gz.asc</a></td> </tr> <tr> <td>Source code for Unix (bz2)</td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.bz2">activemq-cpp-library-3.9.4-src.tar.bz2</a></td> - <td><a href="http://www.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.bz2.asc">activemq-cpp-library-3.9.4.src.tar.bz2.asc</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.bz2">activemq-cpp-library-3.9.4-src.tar.bz2</a></td> + <td><a href="http://archive.apache.org/dist/activemq/activemq-cpp/3.9.4/activemq-cpp-library-3.9.4-src.tar.bz2.asc">activemq-cpp-library-3.9.4.src.tar.bz2.asc</a></td> </tr> </tbody> </table> Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3576-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3576-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3576-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,18 @@ +CVE-2014-3576: Remote Unauthenticated Shutdown of Broker (DoS) + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.10.1 + +Description: +It is possible to shutdown an ActiveMQ broker remotely without authentication. The offending network packet is sent to the same port as a message consumer or producer would connect to. If the port is exposed, +the attack will be possible. + +Mitigation: +Upgrade to Apache ActiveMQ 5.11.0 + + Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3579-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3579-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3579-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,18 @@ +CVE-2014-3579: Apache ActiveMQ Apollo XXE with XPath selectors + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ Apollo 1.0 - 1.7 + +Description: +It is possible for a consumer dequeuing XML message(s) to specify an XPath based selector thus causing the broker to evaluate the expression and attempt to match it against the messages in the queue while also performing an XML external entity resolution. + +Mitigation: +Upgrade to Apache ActiveMQ Apollo 1.7.1 + +Credit: +This issue was discovered by Georgi Geshev from MWR Labs. \ No newline at end of file Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3600-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3600-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3600-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,18 @@ +CVE-2014-3600: Apache ActiveMQ XXE with XPath selectors + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.10.0 + +Description: +It is possible for a consumer dequeuing XML message(s) to specify an XPath based selector thus causing the broker to evaluate the expression and attempt to match it against the messages in the queue while also performing an XML external entity resolution. + +Mitigation: +Upgrade to Apache ActiveMQ 5.10.1 or 5.11.0 + +Credit: +This issue was discovered by Georgi Geshev from MWR Labs. \ No newline at end of file Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3612-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3612-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-3612-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,19 @@ +CVE-2014-3612: ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.10.0 + +Description: +It was found that if a configured LDAP server supported the unauthenticated authentication mechanism (as described by RFC 4513), the LDAPLoginModule implementation, provided by ActiveMQ Java Authentication and Authorization Service (JAAS), would consider an authentication attempt to be successful for a valid user that provided an empty password. A remote attacker could use this flaw to bypass the authentication mechanism of an application using LDAPLoginModule, and assume a role of any valid user within that application. Additionally, when LDAP authentication is enabled, it is possible for an attacker to supply a wildcard operator instead of a username, which will effectively allow him to brute force a password for an unknown but valid account as opposed to brute forcing a combination of username and password. Once a valid password is found, the attacker can successfully authenticate with LDAP and publish/subscribe to a queue. + + +Mitigation: +Upgrade to Apache ActiveMQ 5.10.1 or 5.11.0 + +Credit: +This issue was discovered by Georgi Geshev from MWR Labs and Arun Babu Neelicattu from RedHat. \ No newline at end of file Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-8110-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-8110-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2014-8110-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,19 @@ +CVE-2014-8110: ActiveMQ Web Console - Cross-Site Scripting + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.10.0 + +Description: +Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. + + +Mitigation: +Upgrade to Apache ActiveMQ 5.10.1 or 5.11.0 + +Credit: +This issue was discovered by Georgi Geshev from MWR Labs \ No newline at end of file Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-1830-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-1830-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-1830-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,28 @@ +CVE-2015-1830 - Path traversal leading to unauthenticated RCE in ActiveMQ + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.11.1 + +Description: + +There is a directory traversal flaw in the fileserver upload/download functionality used for blob messages. +The attacker can put a jsp file in the admin console and execute shell command from there. Itâs only vulnerable in the Windows OS. + +Mitigation: + +Upgrade to Apache ActiveMQ 5.12.0 or 5.11.2. The workaround in case fileserver is not used and upgrade is not prefereable is to disable that functionality. It can be done by removing (commenting out) the following lines from conf\jetty.xml file + +<bean class="org.eclipse.jetty.webapp.WebAppContext"> + <property name="contextPath" value="/fileserver" /> + <property name="resourceBase" value="${activemq.home}/webapps/fileserver" /> + <property name="logUrlOnStart" value="true" /> + <property name="parentLoaderPriority" value="true" /> +</bean> + +Credit: +This issue was discovered by separated reports of David Jorm from IIX Product Security and Steven Seeley from Source Incite working with HP's Zero Day Initiative (ZDI) Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-5254-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-5254-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-5254-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,28 @@ +CVE-2015-5254 - Unsafe deserialization in ActiveMQ + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.12.1 + +Description: + +JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message transformation. As deserialization of untrusted data can leaed to security flaws as demonstrated in various reports, this leaves the broker vunerable to this attack vector. Additionally, applications that consume ObjectMessage type of messages can be vunerable as they deserlize objects on ObjectMessage.getObject() calls. + +Mitigation: + +Upgrade to Apache ActiveMQ 5.13.0. Additionally if you're using ObjectMessage message type, you need to explicitly list trusted packages. To see how to do that, please take a look at: http://activemq.apache.org/objectmessage.html + + + +Credit: +This issue was discovered by: + +* Alvaro Muñoz - @pwntester +* Matthias Kaiser - @matthias_kaiser +* Christian Schneider - @cschneider4711 + +Special thanks to Matthias Kaiser for providing the detailed analysis of the vunerability. Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-7559-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-7559-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2015-7559-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,23 @@ +CVE-2015-7559 - DoS in client via shutdown command + +Severity: Low + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.14.4 + +Description: + +It was found that Apache ActiveMQ client exposed a remote shutdown command in the ActiveMQConnection class. An attacker could use this flaw to achieve denial of service on a client. + +Mitigation: + +Upgrade to Apache ActiveMQ 5.14.5. + + + +Credit: + +Thanks to Chess Hazlett for reporting this vulnerability Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0734-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0734-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0734-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,19 @@ +CVE-2016-0734: ActiveMQ Web Console - Clickjacking + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.13.1 + +Description: +The web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console. + + +Mitigation: +Upgrade to Apache ActiveMQ 5.13.2 + +Credit: +This issue was discovered by Michael Furman Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0782-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0782-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-0782-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,19 @@ +CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.13.0 + +Description: +Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia. + + +Mitigation: +Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.1 + +Credit: +This issue was discovered by Vladimir Ivanov (Positive Technologies) Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-3088-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-3088-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-3088-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,26 @@ +CVE-2016-3088 - ActiveMQ Fileserver web application vulnerabilities +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.13.x + +Description: + +Multiple vulnerabilities have been identified in the Apache ActiveMQ Fileserver web application. These are similar to those reported in CVE-2015-1830 and can allow attackers to replace web application files with malicious code and perform remote code execution on the system. + +Mitigation: + +Fileserver feature will be completely removed starting with 5.14.0 release. Users are advised to use other FTP and HTTP based file servers for transferring blob messages. Fileserver web application SHOULD NOT be used in older version of the broker and it should be disabled (it has been disabled by default since 5.12.0). This can be done by removing (commenting out) the following lines from conf\jetty.xml file + +<bean class="org.eclipse.jetty.webapp.WebAppContext"> + <property name="contextPath" value="/fileserver" /> + <property name="resourceBase" value="${activemq.home}/webapps/fileserver" /> + <property name="logUrlOnStart" value="true" /> + <property name="parentLoaderPriority" value="true" /> +</bean> + +Credit: +This issue was discovered by separated reports of Simon Zuckerbraun and Andrea Micalizzi (rgod) of Trend Micro Zero Day Initiative \ No newline at end of file Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-6810-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-6810-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2016-6810-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,19 @@ +CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.14.1 + +Description: +An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. + + +Mitigation: +Upgrade to Apache ActiveMQ 5.14.2 + +Credit: +This issue was discovered by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. and was reported by JPCERT/CC. Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2017-15709-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2017-15709-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2017-15709-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,21 @@ + +CVE-2017-15709 - Information Leak + +Severity: Low + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.14.0 - 5.15.2 + +Description: + +When using the OpenWire protocol it was found that certain system details (such as the OS and kernel version) are exposed as plain text. + +Mitigation: + +Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.15.3. + +Credit: +This issue was discovered by QingTeng cloud Security of Minded Security Researcher jianan.huang Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-11775-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-11775-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-11775-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,21 @@ + +CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.15.5 + +Description: + +TLS hostname verification when using the Apache ActiveMQ Client was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. + +Mitigation: + +Upgrade to Apache ActiveMQ 5.15.6 + +Credit: +This issue was discovered by Peter Stöckli (Alphabot Security) Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-8006-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-8006-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2018-8006-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,20 @@ + +CVE-2018-8006: ActiveMQ Web Console - Cross-Site Scripting + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.15.5 + +Description: +An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter. + + +Mitigation: +Upgrade to Apache ActiveMQ 5.15.6 or disable the Web Console + +Credit: +This issue was discovered by Robert Foggia of SpiderLabs Added: websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2019-0222-announcement.txt ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2019-0222-announcement.txt (added) +++ websites/production/activemq/content/activemq-website/security-advisories.data/CVE-2019-0222-announcement.txt Wed Mar 27 18:36:47 2019 @@ -0,0 +1,22 @@ +CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.15.8 + +Description: +Unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. + +Mitigation: +Upgrade to Apache ActiveMQ 5.15.9. Alternatevly, you can manually upgrade MQTT library to version 1.15 in lib/extra directory. You can download the jar from https://repo1.maven.org/maven2/org/fusesource/mqtt-client/mqtt-client/1.15/mqtt-client-1.15.jar. If you don't use MQTT protocol, you can disable the transport as well. + + +Credit: +This issue was discovered by: + +* Indrajeet Singh - <insi_2...@ymail.com> + Modified: websites/production/activemq/content/activemq-website/security-advisories.html ============================================================================== --- websites/production/activemq/content/activemq-website/security-advisories.html (original) +++ websites/production/activemq/content/activemq-website/security-advisories.html Wed Mar 27 18:36:47 2019 @@ -116,31 +116,43 @@ <h2 id="apache-activemq">Apache ActiveMQ</h2> +<h4 id="2019">2019</h4> +<ul> + <li><a href="security-advisories.data/CVE-2019-0222-announcement.txt">CVE-2019-0222</a> - Corrupt MQTT frame can cause broker shutdown</li> +</ul> + +<h4 id="2018">2018</h4> +<ul> + <li><a href="security-advisories.data/CVE-2018-8006-announcement.txt">CVE-2018-8006</a> - ActiveMQ Web Console - Cross-Site Scripting</li> + <li><a href="security-advisories.data/CVE-2017-15709-announcement.txt">CVE-2017-15709</a> - Information Leak</li> + <li><a href="security-advisories.data/CVE-2018-11775-announcement.txt">CVE-2018-11775</a> - Missing TLS Hostname Verification</li> +</ul> + <h4 id="2017">2017</h4> <ul> - <li><a href="security-advisories.data/CVE-2015-7559-announcement.txt?version=1&modificationDate=1493024710000&api=v2">CVE-2015-7559</a> - DoS in client via shutdown command</li> + <li><a href="security-advisories.data/CVE-2015-7559-announcement.txt">CVE-2015-7559</a> - DoS in client via shutdown command</li> </ul> <h4 id="2016">2016</h4> <ul> - <li><a href="security-advisories.data/CVE-2016-6810-announcement.txt?version=2&modificationDate=1481290006000&api=v2">CVE-2016-6810</a> - ActiveMQ Web Console - Cross-Site Scripting</li> - <li><a href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&modificationDate=1457613666000&api=v2">CVE-2016-0734</a> - ActiveMQ Web Console - Clickjacking</li> - <li><a href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&modificationDate=1458229308000&api=v2">CVE-2016-0782</a> - ActiveMQ Web Console - Cross-Site Scripting</li> - <li><a href="security-advisories.data/CVE-2016-3088-announcement.txt?version=5&modificationDate=1464092715000&api=v2">CVE-2016-3088</a> - ActiveMQ Fileserver web application vulnerabilities</li> + <li><a href="security-advisories.data/CVE-2016-6810-announcement.txt">CVE-2016-6810</a> - ActiveMQ Web Console - Cross-Site Scripting</li> + <li><a href="security-advisories.data/CVE-2016-0734-announcement.txt">CVE-2016-0734</a> - ActiveMQ Web Console - Clickjacking</li> + <li><a href="security-advisories.data/CVE-2016-0782-announcement.txt">CVE-2016-0782</a> - ActiveMQ Web Console - Cross-Site Scripting</li> + <li><a href="security-advisories.data/CVE-2016-3088-announcement.txt">CVE-2016-3088</a> - ActiveMQ Fileserver web application vulnerabilities</li> </ul> <h4 id="2015">2015</h4> <ul> - <li><a href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2">CVE-2015-5254</a> - Unsafe deserialization in ActiveMQ</li> - <li><a href="security-advisories.data/CVE-2015-1830-announcement.txt?version=2&modificationDate=1440426986000&api=v2">CVE-2015-1830</a> - Path traversal leading to unauthenticated RCE in ActiveMQ </li> + <li><a href="security-advisories.data/CVE-2015-5254-announcement.txt">CVE-2015-5254</a> - Unsafe deserialization in ActiveMQ</li> + <li><a href="security-advisories.data/CVE-2015-1830-announcement.txt">CVE-2015-1830</a> - Path traversal leading to unauthenticated RCE in ActiveMQ </li> </ul> <h4 id="2014">2014</h4> <ul> - <li><a href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&modificationDate=1446901063000&api=v2">CVE-2014-3576</a> - Remote Unauthenticated Shutdown of Broker (DoS)</li> - <li><a href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2">CVE-2014-3600</a> - Apache ActiveMQ XXE with XPath selectors</li> - <li><a href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2">CVE-2014-3612</a> - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li> - <li><a href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2">CVE-2014-8110</a> - ActiveMQ Web Console - Cross-Site Scripting</li> + <li><a href="security-advisories.data/CVE-2014-3576-announcement.txt">CVE-2014-3576</a> - Remote Unauthenticated Shutdown of Broker (DoS)</li> + <li><a href="security-advisories.data/CVE-2014-3600-announcement.txt">CVE-2014-3600</a> - Apache ActiveMQ XXE with XPath selectors</li> + <li><a href="security-advisories.data/CVE-2014-3612-announcement.txt">CVE-2014-3612</a> - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li> + <li><a href="security-advisories.data/CVE-2014-8110-announcement.txt">CVE-2014-8110</a> - ActiveMQ Web Console - Cross-Site Scripting</li> </ul> <h2 id="activemq-apollo">ActiveMQ Apollo</h2>