Details
-
Dependency upgrade
-
Status: Resolved
-
Major
-
Resolution: Invalid
-
5.18.3
-
None
-
Patch, Important
Description
We are recently flagged by JFROG XRay scanner that ActiveMQ component which we are using in our API has been affected by a critical vulnerability CVE-2020-11971. PFB the summary of the vulnerability:
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
We would like to understand the timelines of the next ActiveMQ release which would contain the fix/upgrade for this vulnerability.
Currently we are using version 5.18.3 which is affected.