You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2019/08/20 19:52:00 UTC

[jira] [Updated] (AMQ-7249) Upgrade to Camel 2.24.1 and Jetty 9.4.19

     [ https://issues.apache.org/jira/browse/AMQ-7249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré updated AMQ-7249:
--------------------------------------
    Summary: Upgrade to Camel 2.24.1 and Jetty 9.4.19  (was: Security Vulnerabilities in the ActiveMQ dependent jars.)

> Upgrade to Camel 2.24.1 and Jetty 9.4.19
> ----------------------------------------
>
>                 Key: AMQ-7249
>                 URL: https://issues.apache.org/jira/browse/AMQ-7249
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: activemq-camel
>    Affects Versions: 5.15.9
>            Reporter: Harish Kumar
>            Assignee: Jean-Baptiste Onofré
>            Priority: Critical
>              Labels: Apache, camel-core
>             Fix For: 5.16.0, 5.15.10
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> Latest version of ActiveMQ(5.15.9) which has dependent jars has Security Vulnerabilities.
> *Below are the jars with Security Vulnerabilities.*
>  
> *1) camel-core-2.19.5.jar :* To be updated to latest version(camel-core-2.24.1.jar or above).
> *Reference* : CVE-2019-0188 
> *Path :* org.apache.activemq-5.15.9_1/lib/camel/camel-core-2.19.5.jar
>  
> *2) apache-jsp-9.2.25.v20180606.jar:* To be updated to latest version (apache-jsp-9.4.19.v20190610.jar) 
> *Reference:* CVE-2018-8014 , CVE-2018-8034, CVE-2019-10241, CVE-2019-10247,CVE-2017-6056
>  
> *Path:* org.apache.activemq-5.15.9_1/lib/web/apache-jsp-8.0.33.jar
>         : org.apache.activemq-5.15.9_1/lib/web/apache-jsp-9.2.25.v20180606.jar
>  
> 3) *scala-library-2.11.0.jar:* To be updated to 2.13.0 version. ActiveMQ library has dependency with scala-library.jar
> *Path:* org.apache.activemq-5.15.9_1/lib/optional/scala-library-2.11.0.jar
> *Reference:*  [https://nvd.nist.gov/vuln/detail/CVE-2017-15288]
> Need to upgrade the above jars to the the recommended version or provide an alternative way to replace the existing jar version with the updated versions.
>  



--
This message was sent by Atlassian Jira
(v8.3.2#803003)