Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-6893

Security vulnerabilities in AMQ (black-duck)

    XMLWordPrintableJSON

    Details

    • Flags:
      Important

      Description

      In our organization's black-duck scan some critical security alerts came up, regarding several components used within the latest versions of AMQ. Here is the list:

      Apache Camel2.0-M1
      Apache Camel2.19.0
      Apache Camel2.19.1
      Apache Commons Net3.6
      Apache Tomcat8.0.24
      Apache Tomcat8.0.33
      Apache Tomcat8.0.22
      Apache Tomcat1.2.3
      Apache Velocity1.7
      jackson-databind2.6.7
      Jetspeed-2 Enterprise Portal2.1.4
      log4j1.2.17

      The majority of the issues are resolved within the latest versions of these dependencies. 

      Is it planned to resolve these vulnerabilities in some upcoming version?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              matank Matan Keret
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: