Versions Affected: All versions prior to: 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2
Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. By default Cassandra only binds JMX locally. Mitigation: 2.1.x users should upgrade to 2.1.22 2.2.x users should upgrade to 2.2.18 3.0.x users should upgrade to 3.0.22 3.11.x users should upgrade to 3.11.8 4.0-beta1 users should upgrade to 4.0-beta2 Alternatively, users can upgrade their JVM to versions after those in the description. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org For additional commands, e-mail: user-h...@cassandra.apache.org