[
https://issues.apache.org/jira/browse/JAMES-3593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoit Tellier closed JAMES-3593.
---------------------------------
Resolution: Fixed
We endedup recommending RabbitMQ 3.8.17 as 3.8.16 is affected by undisclosed
CVE.
> Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE
> ----------------------------------------------------------
>
> Key: JAMES-3593
> URL: https://issues.apache.org/jira/browse/JAMES-3593
> Project: James Server
> Issue Type: New Feature
> Components: rabbitmq
> Affects Versions: 3.6.0
> Reporter: Benoit Tellier
> Priority: Major
> Fix For: 3.7.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> According to https://www.rabbitmq.com/changelog.html RabbitMQ prior this
> version is subject to several CVE:
> - https://tanzu.vmware.com/security/cve-2020-5419
> - https://tanzu.vmware.com/security/cve-2021-22117
> - https://tanzu.vmware.com/security/cve-2021-22116
> We currently recommend running on `3.8.3`...
> We should:
> - [ ] Test James against RabbitMQ 3.8.16 (update the image in
> apache/james-project and getting a green build is enough)
> - [ ] Recommand the upgrade in update instructions and changelog
> - [ ] Check the documentation
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
