[ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification

[Christopher Shannon <ch...@gmail.com>]

The following security vulnerability was reported against Apache
ActiveMQ 5.15.5 and older versions.

Please check the following document and see if you’re affected by the issue.

http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt

Apache ActiveMQ 5.15.6 has been released with appropriate fixes and is
available for upgrade.

Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification

[Christopher Shannon <ch...@gmail.com>]

I just realized I had a typo in the announcement, the versions
affected should be:
Apache ActiveMQ 5.0.0 - 5.15.5

The file will be updated shortly.
On Mon, Sep 10, 2018 at 2:40 PM Christopher Shannon
<ch...@gmail.com> wrote:
>
> The following security vulnerability was reported against Apache
> ActiveMQ 5.15.5 and older versions.
>
> Please check the following document and see if you’re affected by the issue.
>
> http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
>
> Apache ActiveMQ 5.15.6 has been released with appropriate fixes and is
> available for upgrade.

Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification

[Christopher Shannon <ch...@gmail.com>]

I just realized I had a typo in the announcement, the versions
affected should be:
Apache ActiveMQ 5.0.0 - 5.15.5

The file will be updated shortly.
On Mon, Sep 10, 2018 at 2:40 PM Christopher Shannon
<ch...@gmail.com> wrote:
>
> The following security vulnerability was reported against Apache
> ActiveMQ 5.15.5 and older versions.
>
> Please check the following document and see if you’re affected by the issue.
>
> http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
>
> Apache ActiveMQ 5.15.6 has been released with appropriate fixes and is
> available for upgrade.