You are viewing a plain text version of this content. The canonical link for it is here.
Posted to gitbox@activemq.apache.org by GitBox <gi...@apache.org> on 2020/06/29 08:17:24 UTC

[GitHub] [activemq] liaomin-qq opened a new pull request #548: ActiveMQ 5.15.9 includes two vulnerable jar

liaomin-qq opened a new pull request #548:
URL: https://github.com/apache/activemq/pull/548


   Hi We found some problems when using ActiveMQ
   The ActiveMQ 5.15.9 includes geronimo-j2ee-management_1.1_spec.jar and geronimo-jms_1.1_spec.jar
   
   These two jars have serious vulnerabilities
   The vulnerability information is as follows
   https://rnd-vulncenter.huawei.com/vuln/toViewOfficialDetail?cveId=CVE-2011-5034
   https://rnd-vulncenter.huawei.com/vuln/toViewOfficialDetail?cveId=CVE-2013-1777
   
   Can subsequent versions of ActiveMQ fix this problem


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] jbonofre commented on pull request #548: ActiveMQ 5.15.9 includes two vulnerable jar

Posted by GitBox <gi...@apache.org>.
jbonofre commented on pull request #548:
URL: https://github.com/apache/activemq/pull/548#issuecomment-671788657


   The PR doesn't seem base on the right `master` branch. Can you please rebase ?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [activemq] jbonofre closed pull request #548: ActiveMQ 5.15.9 includes two vulnerable jar

Posted by GitBox <gi...@apache.org>.
jbonofre closed pull request #548:
URL: https://github.com/apache/activemq/pull/548


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org