You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Matan Keret (JIRA)" <ji...@apache.org> on 2018/01/29 11:05:00 UTC
[jira] [Created] (AMQ-6893) Security vulnerabilities in AMQ
(black-duck)
Matan Keret created AMQ-6893:
--------------------------------
Summary: Security vulnerabilities in AMQ (black-duck)
Key: AMQ-6893
URL: https://issues.apache.org/jira/browse/AMQ-6893
Project: ActiveMQ
Issue Type: Bug
Components: activemq-camel, activemq-leveldb-store, activemq-pool, AMQP
Affects Versions: 5.15.2, 5.15.1
Reporter: Matan Keret
In our organization's black-duck scan some critical security alerts came up, regarding several components used within the latest versions of AMQ. Here is the list:
|Apache Camel2.0-M1|
|Apache Camel2.19.0|
|Apache Camel2.19.1|
|Apache Commons Net3.6|
|Apache Tomcat8.0.24|
|Apache Tomcat8.0.33|
|Apache Tomcat8.0.22|
|Apache Tomcat1.2.3|
|Apache Velocity1.7|
|jackson-databind2.6.7|
|Jetspeed-2 Enterprise Portal2.1.4|
|log4j1.2.17|
The majority of the issues are resolved within the latest versions of these dependencies.
Is it planned to resolve these vulnerabilities in some upcoming version?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)