You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Robbie Gemmell (Jira)" <ji...@apache.org> on 2021/06/15 10:56:00 UTC
[jira] [Created] (ARTEMIS-3348) update hawtio
Robbie Gemmell created ARTEMIS-3348:
---------------------------------------
Summary: update hawtio
Key: ARTEMIS-3348
URL: https://issues.apache.org/jira/browse/ARTEMIS-3348
Project: ActiveMQ Artemis
Issue Type: Dependency upgrade
Components: Web Console
Affects Versions: 2.17.0
Reporter: Robbie Gemmell
Fix For: 2.18.0
Update hawtio to 2.13.4.
The existing 2.13.2 version used by the console uses an older version of commons-io susceptible to a path traversal CVE [https://nvd.nist.gov/vuln/detail/CVE-2021-29425|https://nvd.nist.gov/vuln/detail/CVE-2021-29425.], which affects < 2.7.0.
The only differences from 2.13.2 were dependency upgrades for commons-io and jackson to get various CVE fixes such as the above:
https://github.com/hawtio/hawtio/compare/hawtio-2.13.2...hawtio-2.13.4
--
This message was sent by Atlassian Jira
(v8.3.4#803005)