[AMQ-9196] ActiveMQ jar bundled with Xsteam library is vulnerable which should upgrade to Xstream 1.4.20 (CVE-2022-41966) - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: 5.17.3
Fix Version/s: 5.18.0, 5.17.4
Component/s: Broker
Labels:
None

Description

ActiveMQ jar bundled with Xsteam library is vulnerable which should upgrade to Xstream 1.4.20 (CVE-2022-41966)

Attachments

Attach one or more files to this issue
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Manage Attachments

Issue Links

Add Link

is duplicated by

AMQ-9208 Upgrade xstream to 1.4.20

Resolved

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Kishore KN

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Jan/23 10:09

Updated:: 02/Feb/23 13:38

Resolved:: 02/Feb/23 13:38

Agile

View on Board

ActiveMQ jar bundled with Xsteam library is vulnerable which should upgrade to Xstream 1.4.20 (CVE-2022-41966)

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment