JB, here's the email announcing the CVE and indicates that it was fixed in
the 5.15.6 release:
https://lists.apache.org/list.html?dev@activemq.apache.org:2018-9
Here is the JIRA issue:
https://issues.apache.org/jira/browse/AMQ-7047
I do see that this was cherry picked into the 5.15.x branch,
Hi JB,
Did you get a chance to look into this? Can you please confirm if the
mentioned vulnerabilities are already fixed from activemq end?
Thanks and regards,
Venu
On Thu, Jul 4, 2019 at 10:09 AM Jean-Baptiste Onofré
wrote:
> HI,
>
> I gonna take a look. If the CVE has been published, they
HI,
I gonna take a look. If the CVE has been published, they should be fixed
already. The point is more on which branch it has been fixed.
So, let me do a pass as I'm preparing 5.15.10.
Regards
JB
On 04/07/2019 06:01, venu madhav wrote:
> Hi team,
>
> I am running a dummy project to scan the
Hi team,
I am running a dummy project to scan the vulnerabilities using owasp
dependency-check. The project doesn't contain anything except for the
activemq jars added as dependencies in the pom.xml. Even when we use the
latest version of activemq-kahadb-store jar (5.15.9 version) we see some