[jira] [Created] (JAMES-3593) Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE

Benoit Tellier (Jira) Fri, 04 Jun 2021 18:17:04 -0700

Benoit Tellier created JAMES-3593:
-------------------------------------

             Summary: Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE
                 Key: JAMES-3593
                 URL: https://issues.apache.org/jira/browse/JAMES-3593
             Project: James Server
          Issue Type: New Feature
          Components: rabbitmq
    Affects Versions: 3.6.0
            Reporter: Benoit Tellier
             Fix For: 3.7.0



According to https://www.rabbitmq.com/changelog.html RabbitMQ prior this 
version is subject to several CVE:

 - https://tanzu.vmware.com/security/cve-2020-5419
 - https://tanzu.vmware.com/security/cve-2021-22117
 - https://tanzu.vmware.com/security/cve-2021-22116

We currently recommend running on `3.8.3`...

We should:

 - [ ] Test James against RabbitMQ 3.8.16 (update the image in 
apache/james-project and getting a green build is enough)
 - [ ] Recommand the upgrade in update instructions and changelog
 - [ ] Check the documentation



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

[jira] [Created] (JAMES-3593) Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE

Reply via email to