[jira] [Closed] (ARTEMIS-4481) CVE-2023-4586 verification

Robbie Gemmell (Jira) Thu, 02 Nov 2023 07:59:50 -0700


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robbie Gemmell closed ARTEMIS-4481.
-----------------------------------
    Resolution: Information Provided

> CVE-2023-4586 verification
> --------------------------
>
>                 Key: ARTEMIS-4481
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4481
>             Project: ActiveMQ Artemis
>          Issue Type: Task
>          Components: JMS
>    Affects Versions: 2.31.2
>            Reporter: Pawel Veselov
>            Priority: Major
>
> I do apologize for bringing this up here, but it's been a nuisance for us for 
> a while.
> There is an open vulnerability, CVE-2023-4586, discussed here:
> https://github.com/netty/netty/issues/8537
> https://github.com/netty/netty/issues/13665
> The only reason we are packaging Netty in one of our applications is because 
> we package Artemis client/server code as well.
> Is it possible to get a published statement from the maintainers of this 
> project that Artemis doesn't use Netty in an unsecure manner, as stated by 
> this vulnerability report?
> That at least will give justification for continuing to suppress this 
> vulnerability going forward.
> Thank you!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (ARTEMIS-4481) CVE-2023-4586 verification

Reply via email to