You are viewing a plain text version of this content. The canonical link for it is here.
Posted to gitbox@activemq.apache.org by GitBox <gi...@apache.org> on 2020/06/29 08:17:24 UTC
[GitHub] [activemq] liaomin-qq opened a new pull request #548: ActiveMQ 5.15.9 includes two vulnerable jar
liaomin-qq opened a new pull request #548:
URL: https://github.com/apache/activemq/pull/548
Hi We found some problems when using ActiveMQ
The ActiveMQ 5.15.9 includes geronimo-j2ee-management_1.1_spec.jar and geronimo-jms_1.1_spec.jar
These two jars have serious vulnerabilities
The vulnerability information is as follows
https://rnd-vulncenter.huawei.com/vuln/toViewOfficialDetail?cveId=CVE-2011-5034
https://rnd-vulncenter.huawei.com/vuln/toViewOfficialDetail?cveId=CVE-2013-1777
Can subsequent versions of ActiveMQ fix this problem
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [activemq] jbonofre commented on pull request #548: ActiveMQ 5.15.9 includes two vulnerable jar
Posted by GitBox <gi...@apache.org>.
jbonofre commented on pull request #548:
URL: https://github.com/apache/activemq/pull/548#issuecomment-671788657
The PR doesn't seem base on the right `master` branch. Can you please rebase ?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [activemq] jbonofre closed pull request #548: ActiveMQ 5.15.9 includes two vulnerable jar
Posted by GitBox <gi...@apache.org>.
jbonofre closed pull request #548:
URL: https://github.com/apache/activemq/pull/548
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org