You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/06/15 14:11:00 UTC

[jira] [Commented] (ARTEMIS-3348) update hawtio

    [ https://issues.apache.org/jira/browse/ARTEMIS-3348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17363665#comment-17363665 ] 

ASF subversion and git services commented on ARTEMIS-3348:
----------------------------------------------------------

Commit 1430972c62bd55c0a7b15f9dc2c09349f5002506 in activemq-artemis's branch refs/heads/main from Robbie Gemmell
[ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=1430972 ]

ARTEMIS-3348, ARTEMIS-3347: update to hawtio 2.13.4


> update hawtio
> -------------
>
>                 Key: ARTEMIS-3348
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3348
>             Project: ActiveMQ Artemis
>          Issue Type: Dependency upgrade
>          Components: Web Console
>    Affects Versions: 2.17.0
>            Reporter: Robbie Gemmell
>            Priority: Major
>             Fix For: 2.18.0
>
>
> Update hawtio to 2.13.4.
>  
> The existing 2.13.2 version used by the console uses an older version of commons-io susceptible to a path traversal CVE [https://nvd.nist.gov/vuln/detail/CVE-2021-29425|https://nvd.nist.gov/vuln/detail/CVE-2021-29425.], which affects < 2.7.0.
>  
> The only differences from 2.13.2 were dependency upgrades for commons-io and jackson to get various CVE fixes such as the above:
> https://github.com/hawtio/hawtio/compare/hawtio-2.13.2...hawtio-2.13.4



--
This message was sent by Atlassian Jira
(v8.3.4#803005)