You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Matan Keret (JIRA)" <ji...@apache.org> on 2018/01/29 11:05:00 UTC

[jira] [Created] (AMQ-6893) Security vulnerabilities in AMQ (black-duck)

Matan Keret created AMQ-6893:
--------------------------------

             Summary: Security vulnerabilities in AMQ (black-duck)
                 Key: AMQ-6893
                 URL: https://issues.apache.org/jira/browse/AMQ-6893
             Project: ActiveMQ
          Issue Type: Bug
          Components: activemq-camel, activemq-leveldb-store, activemq-pool, AMQP
    Affects Versions: 5.15.2, 5.15.1
            Reporter: Matan Keret


In our organization's black-duck scan some critical security alerts came up, regarding several components used within the latest versions of AMQ. Here is the list:
|Apache Camel2.0-M1|
|Apache Camel2.19.0|
|Apache Camel2.19.1|
|Apache Commons Net3.6|
|Apache Tomcat8.0.24|
|Apache Tomcat8.0.33|
|Apache Tomcat8.0.22|
|Apache Tomcat1.2.3|
|Apache Velocity1.7|
|jackson-databind2.6.7|
|Jetspeed-2 Enterprise Portal2.1.4|
|log4j1.2.17|

The majority of the issues are resolved within the latest versions of these dependencies. 

Is it planned to resolve these vulnerabilities in some upcoming version?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)