Benoit Tellier created JAMES-3593:
-------------------------------------
Summary: Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE
Key: JAMES-3593
URL: https://issues.apache.org/jira/browse/JAMES-3593
Project: James Server
Issue Type: New Feature
Components: rabbitmq
Affects Versions: 3.6.0
Reporter: Benoit Tellier
Fix For: 3.7.0
According to https://www.rabbitmq.com/changelog.html RabbitMQ prior this
version is subject to several CVE:
- https://tanzu.vmware.com/security/cve-2020-5419
- https://tanzu.vmware.com/security/cve-2021-22117
- https://tanzu.vmware.com/security/cve-2021-22116
We currently recommend running on `3.8.3`...
We should:
- [ ] Test James against RabbitMQ 3.8.16 (update the image in
apache/james-project and getting a green build is enough)
- [ ] Recommand the upgrade in update instructions and changelog
- [ ] Check the documentation
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
