Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-6893

Security vulnerabilities in AMQ (black-duck)

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Important

    Description

      In our organization's black-duck scan some critical security alerts came up, regarding several components used within the latest versions of AMQ. Here is the list:

      Apache Camel2.0-M1
      Apache Camel2.19.0
      Apache Camel2.19.1
      Apache Commons Net3.6
      Apache Tomcat8.0.24
      Apache Tomcat8.0.33
      Apache Tomcat8.0.22
      Apache Tomcat1.2.3
      Apache Velocity1.7
      jackson-databind2.6.7
      Jetspeed-2 Enterprise Portal2.1.4
      log4j1.2.17

      The majority of the issues are resolved within the latest versions of these dependencies. 

      Is it planned to resolve these vulnerabilities in some upcoming version?

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            matank Matan Keret

            Dates

              Created:
              Updated:

              Slack

                Issue deployment