Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-9196

ActiveMQ jar bundled with Xsteam library is vulnerable which should upgrade to Xstream 1.4.20 (CVE-2022-41966)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 5.17.3
    • 5.18.0, 5.17.4
    • Broker
    • None

    Description

      ActiveMQ jar bundled with Xsteam library is vulnerable which should upgrade to Xstream 1.4.20 (CVE-2022-41966)

      Attachments

        Issue Links

          is duplicated by

          Sub-task - The sub-task of the issue AMQ-9208 Upgrade xstream to 1.4.20

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              jbonofre Jean-Baptiste Onofré
              kishoreactivemq Kishore KN
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: