You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Harish Kumar (Jira)" <ji...@apache.org> on 2019/08/26 12:49:00 UTC
[jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ
dependent libraries.
Harish Kumar created AMQ-7288:
---------------------------------
Summary: Security Vulnerabilities in ActiveMQ dependent libraries.
Key: AMQ-7288
URL: https://issues.apache.org/jira/browse/AMQ-7288
Project: ActiveMQ
Issue Type: Bug
Affects Versions: 5.15.8
Reporter: Harish Kumar
*{color:#333333}spring-expression-4.3.11.RELEASE.jar{color}* : ActiveMQ is having depedency with Spring Expression 4.3.11 this has security vulnerabilities
:[https://nvd.nist.gov/vuln/detail/CVE-2018-1270]
Recommended Version: *{color:#333333}4.3.24 or 5.1.8 or latest available{color}*
*tomcat-websocket-api-8.0.53.jar:* ActiveMQ is having dependency with tomcat-websocket-api-8.0.53.jar which is having Security Vulnerabilities:
[https://nvd.nist.gov/vuln/detail/CVE-2016-5388]
Recommended Version: *8.5.42 or 9.0.21 or latest available*
*{color:#333333}*xstream-1.4.10.jar*{color}:* ActiveMQ is having dependency with xstream-1.4.10.jar which is having security vulnerabilities.
[https://nvd.nist.gov/vuln/detail/CVE-2013-7285]
Recommended Version: *{color:#333333}1.4.11.1 or latest available{color}*
--
This message was sent by Atlassian Jira
(v8.3.2#803003)