[QPID-7745] [Java Broker] Bump dependency version of Apache Derby - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: qpid-java-6.0.6, qpid-java-6.1.2, qpid-java-broker-7.0.0
Fix Version/s: qpid-java-6.0.7, qpid-java-6.1.3, qpid-java-broker-7.0.0
Component/s: Broker-J
Labels:
None

Description

We are currently depending on Apache Derby version 10.11.1.1 which was released August 26, 2014.
It contains a vulnerability CVE-2015-1832
Since then there were two releases 1.12.1.1 (October 11, 2015) and 1.13.1.1 (October 25, 2016) which both contain a fix for the above CVE.

We should review the changes and move to a version without known CVE.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Lorenz Quack

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 14/Apr/17 10:00

Updated:: 02/Oct/19 19:21

Resolved:: 27/Apr/17 13:07