Uploaded image for project: 'ActiveMQ Artemis'
  1. ActiveMQ Artemis
  2. ARTEMIS-3348

update hawtio

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.17.0
    • 2.18.0
    • Web Console
    • None

    Description

      Update hawtio to 2.13.4.

       

      The existing 2.13.2 version used by the console uses an older version of commons-io susceptible to a path traversal CVE https://nvd.nist.gov/vuln/detail/CVE-2021-29425, which affects < 2.7.0.

       

      The only differences from 2.13.2 were dependency upgrades for commons-io and jackson to get various CVE fixes such as the above:
      https://github.com/hawtio/hawtio/compare/hawtio-2.13.2...hawtio-2.13.4

      Attachments

        Issue Links

          is part of

          Dependency upgrade - Upgrading a dependency to a newer version ARTEMIS-3347 update commons-io

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              robbie Robbie Gemmell
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: