You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Aman Mishra (Jira)" <ji...@apache.org> on 2022/01/14 10:30:00 UTC

[jira] [Commented] (AMQ-8458) Vulnerable Camel-Core Version (2.25.4) Needs to be upgraded

    [ https://issues.apache.org/jira/browse/AMQ-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17476057#comment-17476057 ] 

Aman Mishra commented on AMQ-8458:
----------------------------------

[~jbonofre]  : Thank you for the update.

> Vulnerable Camel-Core Version (2.25.4) Needs to be upgraded
> -----------------------------------------------------------
>
>                 Key: AMQ-8458
>                 URL: https://issues.apache.org/jira/browse/AMQ-8458
>             Project: ActiveMQ
>          Issue Type: Bug
>            Reporter: Aman Mishra
>            Priority: Major
>
> We are using activemq-all latest version i.e. 5.16.3. It internally uses camel-core version 2.25.4, which shows vulnerable in our aqua scan. It has been recommended to upgrade this camel-core to at least 3.14.0 version
> CVE-2020-11971
> remedy_platform/remedy/ars:latest (Harbor - Pune)
>  
> Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)