[jira] [Closed] (JAMES-3496) Update ActiveMQ and Artemis

Benoit Tellier (Jira) Thu, 04 Feb 2021 21:45:06 -0800


     [ 
https://issues.apache.org/jira/browse/JAMES-3496?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Benoit Tellier closed JAMES-3496.
---------------------------------
    Fix Version/s: 3.6.0
       Resolution: Fixed

The dependency had been updated

> Update ActiveMQ and Artemis
> ---------------------------
>
>                 Key: JAMES-3496
>                 URL: https://issues.apache.org/jira/browse/JAMES-3496
>             Project: James Server
>          Issue Type: New Feature
>          Components: Queue
>            Reporter: Benoit Tellier
>            Priority: Major
>              Labels: dependency-upgrade, security
>             Fix For: 3.6.0
>
>
> Several CVE had been announced by the ActiveMQ PMC, namely:
>  - CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support
>  - CVE-2021-26117: ActiveMQ: LDAP-Authentication does not verify passwords on 
> servers with anonymous bind
> We do not use these features thus JAMES server is unaffected however updating 
> these components seems like to be a good idea to me.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Closed] (JAMES-3496) Update ActiveMQ and Artemis

Reply via email to