Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
qpid-java-6.0.6, qpid-java-6.1.2, qpid-java-broker-7.0.0
-
None
Description
We are currently depending on Apache Derby version 10.11.1.1 which was released August 26, 2014.
It contains a vulnerability CVE-2015-1832
Since then there were two releases 1.12.1.1 (October 11, 2015) and 1.13.1.1 (October 25, 2016) which both contain a fix for the above CVE.
We should review the changes and move to a version without known CVE.