You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/08/24 05:23:00 UTC
[jira] [Commented] (AMQ-7249) Upgrade to Camel 2.24.1 and Jetty
9.4.19
[ https://issues.apache.org/jira/browse/AMQ-7249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16914828#comment-16914828 ]
ASF subversion and git services commented on AMQ-7249:
------------------------------------------------------
Commit 973c78cbecd1c0c5eb61c8e16d60979574c9b751 in activemq's branch refs/heads/master from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=973c78c ]
[AMQ-7249] Upgrade to Jetty 9.4.19.v20190610
> Upgrade to Camel 2.24.1 and Jetty 9.4.19
> ----------------------------------------
>
> Key: AMQ-7249
> URL: https://issues.apache.org/jira/browse/AMQ-7249
> Project: ActiveMQ
> Issue Type: Bug
> Components: activemq-camel
> Affects Versions: 5.15.9
> Reporter: Harish Kumar
> Assignee: Jean-Baptiste Onofré
> Priority: Critical
> Labels: Apache, camel-core
> Fix For: 5.16.0, 5.15.10
>
> Time Spent: 2h 10m
> Remaining Estimate: 0h
>
> Latest version of ActiveMQ(5.15.9) which has dependent jars has Security Vulnerabilities.
> *Below are the jars with Security Vulnerabilities.*
>
> *1) camel-core-2.19.5.jar :* To be updated to latest version(camel-core-2.24.1.jar or above).
> *Reference* : CVE-2019-0188
> *Path :* org.apache.activemq-5.15.9_1/lib/camel/camel-core-2.19.5.jar
>
> *2) apache-jsp-9.2.25.v20180606.jar:* To be updated to latest version (apache-jsp-9.4.19.v20190610.jar)
> *Reference:* CVE-2018-8014 , CVE-2018-8034, CVE-2019-10241, CVE-2019-10247,CVE-2017-6056
>
> *Path:* org.apache.activemq-5.15.9_1/lib/web/apache-jsp-8.0.33.jar
> : org.apache.activemq-5.15.9_1/lib/web/apache-jsp-9.2.25.v20180606.jar
>
> 3) *scala-library-2.11.0.jar:* To be updated to 2.13.0 version. ActiveMQ library has dependency with scala-library.jar
> *Path:* org.apache.activemq-5.15.9_1/lib/optional/scala-library-2.11.0.jar
> *Reference:* [https://nvd.nist.gov/vuln/detail/CVE-2017-15288]
> Need to upgrade the above jars to the the recommended version or provide an alternative way to replace the existing jar version with the updated versions.
>
--
This message was sent by Atlassian Jira
(v8.3.2#803003)