You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/06/05 01:17:00 UTC

[jira] [Created] (JAMES-3593) Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE

Benoit Tellier created JAMES-3593:
-------------------------------------

             Summary: Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE
                 Key: JAMES-3593
                 URL: https://issues.apache.org/jira/browse/JAMES-3593
             Project: James Server
          Issue Type: New Feature
          Components: rabbitmq
    Affects Versions: 3.6.0
            Reporter: Benoit Tellier
             Fix For: 3.7.0


According to https://www.rabbitmq.com/changelog.html RabbitMQ prior this version is subject to several CVE:

 - https://tanzu.vmware.com/security/cve-2020-5419
 - https://tanzu.vmware.com/security/cve-2021-22117
 - https://tanzu.vmware.com/security/cve-2021-22116

We currently recommend running on `3.8.3`...

We should:

 - [ ] Test James against RabbitMQ 3.8.16 (update the image in apache/james-project and getting a green build is enough)
 - [ ] Recommand the upgrade in update instructions and changelog
 - [ ] Check the documentation



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org