There has been a fair amount of coverage about a security vulnerability in certain versions of the Java commons collections library.
The current version (5.13.0) of ActiveMQ installs with version 3.2.2 of commons-collections in the lib\optional folder. Are there any plans to uprev this version to a "safe" version of the library in the next version of ActiveMQ, or has it been determined that it is OK to perform this uprev manually as a post-install step, or has someone already determined that ActiveMQ does not make use of the library in such a way as to expose the vulnerability. Many thanks -- View this message in context: http://activemq.2283324.n4.nabble.com/ActiveMQ-and-commons-collection-security-vulnerabilty-tp4704819.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
