You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/02/05 05:45:00 UTC
[jira] [Closed] (JAMES-3496) Update ActiveMQ and Artemis
[ https://issues.apache.org/jira/browse/JAMES-3496?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benoit Tellier closed JAMES-3496.
---------------------------------
Fix Version/s: 3.6.0
Resolution: Fixed
The dependency had been updated
> Update ActiveMQ and Artemis
> ---------------------------
>
> Key: JAMES-3496
> URL: https://issues.apache.org/jira/browse/JAMES-3496
> Project: James Server
> Issue Type: New Feature
> Components: Queue
> Reporter: Benoit Tellier
> Priority: Major
> Labels: dependency-upgrade, security
> Fix For: 3.6.0
>
>
> Several CVE had been announced by the ActiveMQ PMC, namely:
> - CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support
> - CVE-2021-26117: ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
> We do not use these features thus JAMES server is unaffected however updating these components seems like to be a good idea to me.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org