You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Bruce Snyder (Issue Comment Edited) (JIRA)" <ji...@apache.org> on 2012/02/01 04:07:00 UTC
[jira] [Issue Comment Edited] (AMQ-3693) Upgrade Jetty to address
CVE-2011-4461
[ https://issues.apache.org/jira/browse/AMQ-3693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13197539#comment-13197539 ]
Bruce Snyder edited comment on AMQ-3693 at 2/1/12 3:06 AM:
-----------------------------------------------------------
I have attached a patch for this work, but please note that the patch was created against Jetty 7.6.0.RC4. The changes will need to use the full Jetty 7.6.0 release when that release is made available.
Is it possible to get a new version of ActiveMQ cut when Jetty 7.6.0 is released so that this CVE can be addressed right away?
was (Author: bsnyder):
I have attached a patch for this work, but please note that the patch was created against Jetty 7.6.0.RC4. The changes will need to use the full Jetty 7.6.0 release when that release is made available.
> Upgrade Jetty to address CVE-2011-4461
> --------------------------------------
>
> Key: AMQ-3693
> URL: https://issues.apache.org/jira/browse/AMQ-3693
> Project: ActiveMQ
> Issue Type: Task
> Affects Versions: 5.5.1
> Reporter: Bruce Snyder
> Attachments: upgrade-jetty.patch
>
>
> Upgrade Jetty to the 7.6.0 release when it becomes final so as to address a DoS vulnerability. See the [CVE-2011-4461|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4461] for more information. See also the attached patch for changes.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira