Uploaded image for project: 'ActiveMQ Artemis'
  1. ActiveMQ Artemis
  2. ARTEMIS-2413

Upgrade JGroups

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.6.4
    • 2.21.0
    • None
    • None

    Description

      I have noticed with the OWASP dependency-check plugin (org.owasp:dependency-check-maven:5.0.0) that the currently used org.jgroups:jgroups:3.6.13.Final has a CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle') vulnerability. The problem has not been reported in the NVD database, therefore there is no CVE record.

      The vulnerability has been addressed in version org.jgroups:jgroups:4.0.2.Final (at the moment the latest version is org.jgroups:jgroups:4.1.1.Final).

      The org.jgroups:jgroups dependency would require an upgrade to resolve the vulnerability.

       

      Attachments

        Issue Links

        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. ARTEMIS-2469 Deprecate old JGroups properties syntax

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Resolved

        Improvement - An improvement or enhancement to an existing feature or task. ARTEMIS-2436 Upgrade Groups Version to 4.x

        • Major - Major loss of function.
        • Resolved

        Improvement - An improvement or enhancement to an existing feature or task. ARTEMIS-3066 Upgrade JGroups from 3.x to 5.x

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Resolved
        links to

        Web Link GitHub Pull Request #3934

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jbertram Justin Bertram
            endre.jeges Endre Jeges
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h 10m
                1h 10m

                Slack

                  Issue deployment