You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Christopher L. Shannon (Jira)" <ji...@apache.org> on 2019/08/26 12:51:01 UTC
[jira] [Closed] (AMQ-7288) Security Vulnerabilities in ActiveMQ
dependent libraries.
[ https://issues.apache.org/jira/browse/AMQ-7288?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher L. Shannon closed AMQ-7288.
---------------------------------------
Resolution: Duplicate
> Security Vulnerabilities in ActiveMQ dependent libraries.
> ---------------------------------------------------------
>
> Key: AMQ-7288
> URL: https://issues.apache.org/jira/browse/AMQ-7288
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.15.8
> Reporter: Harish Kumar
> Priority: Critical
>
> *{color:#333333}spring-expression-4.3.11.RELEASE.jar{color}* : ActiveMQ is having depedency with Spring Expression 4.3.11 this has security vulnerabilities
> :[https://nvd.nist.gov/vuln/detail/CVE-2018-1270]
> Recommended Version: *{color:#333333}4.3.24 or 5.1.8 or latest available{color}*
> *tomcat-websocket-api-8.0.53.jar:* ActiveMQ is having dependency with tomcat-websocket-api-8.0.53.jar which is having Security Vulnerabilities:
> [https://nvd.nist.gov/vuln/detail/CVE-2016-5388]
> Recommended Version: *8.5.42 or 9.0.21 or latest available*
> *{color:#333333}*xstream-1.4.10.jar*{color}:* ActiveMQ is having dependency with xstream-1.4.10.jar which is having security vulnerabilities.
> [https://nvd.nist.gov/vuln/detail/CVE-2013-7285]
> Recommended Version: *{color:#333333}1.4.11.1 or latest available{color}*
>
--
This message was sent by Atlassian Jira
(v8.3.2#803003)