Hello everyone, We scan the vulnerabilities in TomEE Plus 8.0.14 and we have discovered the following CVE: CVE-2016-3088 which prevent us to use this version :( It seems it is due to activemq-protobuf-1.1.jar.
The question: Is the ActiveMQ Fileserver web application deployed in TomEE 8.0.14 and TomEE 9.0.0 ? If not the CVE-2016-3088 doesn't affect TomEE 8.0.14 and 9.0.0, right ? Best Regards.
