[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread ASF GitHub Bot (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560880#comment-16560880 ] ASF GitHub Bot commented on AMQ-7023: - Github user asfgit closed the pull request at:

[jira] [Resolved] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread Jeff Genender (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Genender resolved AMQ-7023. Resolution: Fixed Fix Version/s: 5.15.5 5.16.0 > Add OWASP Dependency

[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560878#comment-16560878 ] ASF subversion and git services commented on AMQ-7023: -- Commit

[jira] [Commented] (AMQ-6988) ActiveMQ 5.15.4 contains activemq-protobuf-1.1.jar which has three high severity CVEs against it.Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and run

2018-07-28 Thread Albert Baker (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-6988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560918#comment-16560918 ] Albert Baker commented on AMQ-6988: --- Rethinking...adding OWASP DC to too many projects to fast will slam

[jira] [Created] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread Albert Baker (JIRA)
Albert Baker created AMQ-7023: - Summary: Add OWASP Dependency Check to build (all open source projects everywhere) Key: AMQ-7023 URL: https://issues.apache.org/jira/browse/AMQ-7023 Project: ActiveMQ

[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560887#comment-16560887 ] ASF subversion and git services commented on AMQ-7023: -- Commit

[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560877#comment-16560877 ] ASF subversion and git services commented on AMQ-7023: -- Commit

[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560886#comment-16560886 ] ASF subversion and git services commented on AMQ-7023: -- Commit

[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560879#comment-16560879 ] ASF subversion and git services commented on AMQ-7023: -- Commit

[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread Albert Baker (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560897#comment-16560897 ] Albert Baker commented on AMQ-7023: --- Thank you Jamie & Jeff :) > Add OWASP Dependency Check to build

[jira] [Commented] (AMQ-6988) ActiveMQ 5.15.4 contains activemq-protobuf-1.1.jar which has three high severity CVEs against it.Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and run

2018-07-28 Thread Albert Baker (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-6988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560807#comment-16560807 ] Albert Baker commented on AMQ-6988: --- I would /love/ to contribute but am bound by a highly restrictive

[jira] [Commented] (AMQ-6988) ActiveMQ 5.15.4 contains activemq-protobuf-1.1.jar which has three high severity CVEs against it.Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and run

2018-07-28 Thread Jeff Genender (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-6988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560813#comment-16560813 ] Jeff Genender commented on AMQ-6988: Creating a Jira is a great start! :) > ActiveMQ 5.15.4 contains

[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread Jamie goodyear (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560871#comment-16560871 ] Jamie goodyear commented on AMQ-7023: - Hi, I've added a PR to provide a Profile for executing the

[jira] [Commented] (AMQ-6988) ActiveMQ 5.15.4 contains activemq-protobuf-1.1.jar which has three high severity CVEs against it.Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and run

2018-07-28 Thread Christopher L. Shannon (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-6988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560730#comment-16560730 ] Christopher L. Shannon commented on AMQ-6988: - I agree with the dependency check, I don't see

[jira] [Commented] (AMQ-6988) ActiveMQ 5.15.4 contains activemq-protobuf-1.1.jar which has three high severity CVEs against it.Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and run

2018-07-28 Thread Jeff Genender (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-6988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560763#comment-16560763 ] Jeff Genender commented on AMQ-6988: Hi Albert, May I suggest that you create a Jira with for OWASP

[jira] [Commented] (AMQ-6988) ActiveMQ 5.15.4 contains activemq-protobuf-1.1.jar which has three high severity CVEs against it.Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and run

2018-07-28 Thread Albert Baker (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-6988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560808#comment-16560808 ] Albert Baker commented on AMQ-6988: --- I couldcreate Jira issues in all apache projects to help kick

[jira] [Commented] (AMQ-6988) ActiveMQ 5.15.4 contains activemq-protobuf-1.1.jar which has three high severity CVEs against it.Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and run

2018-07-28 Thread Albert Baker (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-6988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560856#comment-16560856 ] Albert Baker commented on AMQ-6988: --- Done for AMQ.   Will add more for other Java Apache projects this

[jira] [Commented] (AMQ-7023) Add OWASP Dependency Check to build (all open source projects everywhere)

2018-07-28 Thread ASF GitHub Bot (JIRA)
[ https://issues.apache.org/jira/browse/AMQ-7023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16560870#comment-16560870 ] ASF GitHub Bot commented on AMQ-7023: - GitHub user jgoodyear opened a pull request: