Pawel Veselov created ARTEMIS-4481: -------------------------------------- Summary: CVE-2023-4586 verification Key: ARTEMIS-4481 URL: https://issues.apache.org/jira/browse/ARTEMIS-4481 Project: ActiveMQ Artemis Issue Type: Task Components: JMS Affects Versions: 2.31.2 Reporter: Pawel Veselov
I do apologize for bringing this up here, but it's been a nuisance for us for a while. There is an open vulnerability, CVE-2023-4586, discussed here: https://github.com/netty/netty/issues/8537 https://github.com/netty/netty/issues/13665 The only reason we are packaging Netty in one of our applications is because we package Artemis client/server code as well. Is it possible to get a published statement from the maintainers of this project that Artemis doesn't use Netty in an unsecure manner, as stated by this vulnerability report? That at least will give justification for continuing to suppress this vulnerability going forward. Thank you! -- This message was sent by Atlassian Jira (v8.20.10#820010)