You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@uima.apache.org by "Jerry Cwiklik (JIRA)" <de...@uima.apache.org> on 2016/03/03 21:41:18 UTC

[jira] [Closed] (UIMA-4813) UIMA-AS: upgrade ActiveMQ to 5.13.1

     [ https://issues.apache.org/jira/browse/UIMA-4813?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jerry Cwiklik closed UIMA-4813.
-------------------------------
    Resolution: Fixed

Upgraded to the latest AMQ 5.13.1 to fix vulnerability associated with ObjectMessages

> UIMA-AS: upgrade ActiveMQ to 5.13.1
> -----------------------------------
>
>                 Key: UIMA-4813
>                 URL: https://issues.apache.org/jira/browse/UIMA-4813
>             Project: UIMA
>          Issue Type: Bug
>          Components: Async Scaleout
>            Reporter: Jerry Cwiklik
>            Assignee: Jerry Cwiklik
>             Fix For: 2.8.1AS
>
>
> Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be serialized in the broker. An attacker could exploit this vulnerability using a specially crafted serialized Java Message Service (JMS) ObjectMessage object to execute arbitrary code on the system.
> Fix for this is in 5.13.release. Upgrade UIMA-AS to the latest version (5.13.1) 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)