[UIMA-4813] UIMA-AS: upgrade ActiveMQ to 5.13.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.1AS
Component/s: Async Scaleout
Labels:
None

Description

Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be serialized in the broker. An attacker could exploit this vulnerability using a specially crafted serialized Java Message Service (JMS) ObjectMessage object to execute arbitrary code on the system.

Fix for this is in 5.13.release. Upgrade UIMA-AS to the latest version (5.13.1)

Attachments

Activity

People

Assignee:: Jaroslaw Cwiklik

Reporter:: Jaroslaw Cwiklik

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Mar/16 20:10

Updated:: 03/Mar/16 20:41

Resolved:: 03/Mar/16 20:41