This is an automated email from the ASF dual-hosted git repository.
cshannon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/main by this push:
new 3263bcfe4 fix CVE descriptions
3263bcfe4 is described below
commit 3263bcfe42cece5debfba9ab4f8ebd3a50f3f777
Author: Christopher L. Shannon <[email protected]>
AuthorDate: Mon Jun 29 15:15:40 2026 -0400
fix CVE descriptions
---
src/components/classic/security.md | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/components/classic/security.md
b/src/components/classic/security.md
index c9d64cebc..c7f74f3a8 100644
--- a/src/components/classic/security.md
+++ b/src/components/classic/security.md
@@ -9,15 +9,15 @@ Details of security problems fixed in released versions of
Apache ActiveMQ Class
See the main [Security Advisories](../../security-advisories) page for details
for other components and general information such as reporting new security
issues.
-*
[CVE-2026-54475](../../security-advisories.data/CVE-2026-54475-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
-*
[CVE-2026-53917](../../security-advisories.data/CVE-2026-53917-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
-*
[CVE-2026-53916](../../security-advisories.data/CVE-2026-49157-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
-*
[CVE-2026-50760](../../security-advisories.data/CVE-2026-50760-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
-*
[CVE-2026-50750](../../security-advisories.data/CVE-2026-50750-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
-*
[CVE-2026-50734](../../security-advisories.data/CVE-2026-50734-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
-*
[CVE-2026-49877](../../security-advisories.data/CVE-2026-49877-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
-*
[CVE-2026-49434](../../security-advisories.data/CVE-2026-49434-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
-*
[CVE-2026-49432](../../security-advisories.data/CVE-2026-49432-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
+*
[CVE-2026-54475](../../security-advisories.data/CVE-2026-54475-announcement.txt)
- Temporary destination ownership takeover
+*
[CVE-2026-53917](../../security-advisories.data/CVE-2026-53917-announcement.txt)
- Unbounded memory allocation in OpenWire property unmarshalling
+*
[CVE-2026-53916](../../security-advisories.data/CVE-2026-49157-announcement.txt)
- Unbounded header buffer in STOMP NIO codec
+*
[CVE-2026-50760](../../security-advisories.data/CVE-2026-50760-announcement.txt)
- Stored XSS via Unescaped values in ActiveMQ Web Console
+*
[CVE-2026-50750](../../security-advisories.data/CVE-2026-50750-announcement.txt)
- Pre-authentication OpenWire DoS following fix for CVE-2026-49270
+*
[CVE-2026-50734](../../security-advisories.data/CVE-2026-50734-announcement.txt)
- Pre-authentication OpenWire memory-allocation DoS during wire format
negotiation
+*
[CVE-2026-49877](../../security-advisories.data/CVE-2026-49877-announcement.txt)
- Authenticated web users retain admin access by default in the Web Console
+*
[CVE-2026-49434](../../security-advisories.data/CVE-2026-49434-announcement.txt)
- LdapNetworkConnector instantiates denied transports and a remote-properties
broker
+*
[CVE-2026-49432](../../security-advisories.data/CVE-2026-49432-announcement.txt)
- STOMP negative content-length enables denial of service
*
[CVE-2026-49270](../../security-advisories.data/CVE-2026-49270-announcement.txt)
- Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)
*
[CVE-2026-49157](../../security-advisories.data/CVE-2026-49157-announcement.txt)
- Authenticated low-privilege Web users retain Jolokia broker-management
capability by default
*
[CVE-2026-46605](../../security-advisories.data/CVE-2026-46605-announcement.txt)
- Incomplete authorization during destination removal
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact