You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/06/05 01:17:00 UTC
[jira] [Created] (JAMES-3593) Recommand RabbitMQ upgrade - prior
3.8.16 has multiple CVE
Benoit Tellier created JAMES-3593:
-------------------------------------
Summary: Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE
Key: JAMES-3593
URL: https://issues.apache.org/jira/browse/JAMES-3593
Project: James Server
Issue Type: New Feature
Components: rabbitmq
Affects Versions: 3.6.0
Reporter: Benoit Tellier
Fix For: 3.7.0
According to https://www.rabbitmq.com/changelog.html RabbitMQ prior this version is subject to several CVE:
- https://tanzu.vmware.com/security/cve-2020-5419
- https://tanzu.vmware.com/security/cve-2021-22117
- https://tanzu.vmware.com/security/cve-2021-22116
We currently recommend running on `3.8.3`...
We should:
- [ ] Test James against RabbitMQ 3.8.16 (update the image in apache/james-project and getting a green build is enough)
- [ ] Recommand the upgrade in update instructions and changelog
- [ ] Check the documentation
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org