You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@uima.apache.org by "Jerry Cwiklik (JIRA)" <de...@uima.apache.org> on 2016/03/01 21:11:18 UTC

[jira] [Created] (UIMA-4813) UIMA-AS: upgrade ActiveMQ to 5.13.1

Jerry Cwiklik created UIMA-4813:
-----------------------------------

             Summary: UIMA-AS: upgrade ActiveMQ to 5.13.1
                 Key: UIMA-4813
                 URL: https://issues.apache.org/jira/browse/UIMA-4813
             Project: UIMA
          Issue Type: Bug
          Components: Async Scaleout
            Reporter: Jerry Cwiklik
            Assignee: Jerry Cwiklik
             Fix For: 2.8.1AS


Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be serialized in the broker. An attacker could exploit this vulnerability using a specially crafted serialized Java Message Service (JMS) ObjectMessage object to execute arbitrary code on the system.

Fix for this is in 5.13.release. Upgrade UIMA-AS to the latest version (5.13.1) 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)