Pawel Veselov created ARTEMIS-4481:
--------------------------------------
Summary: CVE-2023-4586 verification
Key: ARTEMIS-4481
URL: https://issues.apache.org/jira/browse/ARTEMIS-4481
Project: ActiveMQ Artemis
Issue Type: Task
Components: JMS
Affects Versions: 2.31.2
Reporter: Pawel Veselov
I do apologize for bringing this up here, but it's been a nuisance for us for a
while.
There is an open vulnerability, CVE-2023-4586, discussed here:
https://github.com/netty/netty/issues/8537
https://github.com/netty/netty/issues/13665
The only reason we are packaging Netty in one of our applications is because we
package Artemis client/server code as well.
Is it possible to get a published statement from the maintainers of this
project that Artemis doesn't use Netty in an unsecure manner, as stated by this
vulnerability report?
That at least will give justification for continuing to suppress this
vulnerability going forward.
Thank you!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
