[
https://issues.apache.org/jira/browse/AMQ-4940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14175567#comment-14175567
]
Steve Siebert commented on AMQ-4940:
------------------------------------
Awesome, good to hear. Having it not included with 5.11 isn't a concern for
me...honestly, for the government, I simply need to be able to show that we
have a plan in place and we're making progress towards fixing the vulnerability
in the software itself. Having an informal "go ahead" is really enough.
Preventing the actual security vulnerability is easy enough to mitigate simply
by putting ActiveMQ behind a reverse proxy, which of course by laws of irony I
have to run on Jetty. It's not perfect, but it'll be secure until it's
committed =)
Thanks! I'll move forward in working on a patch.
S
> Update the version of Jetty used
> --------------------------------
>
> Key: AMQ-4940
> URL: https://issues.apache.org/jira/browse/AMQ-4940
> Project: ActiveMQ
> Issue Type: Improvement
> Environment: activemq-5.10-20131214.063224-32
> Reporter: Lionel Cons
>
> When trying the latest 5.10 snapshot, I was surprised to see a quite old
> version of Jetty:
> 2013-12-16 14:41:10,665 [WrapperSimpleAppMain] INFO Server -
> jetty-7.6.9.v20130131
> Why is ActiveMQ using Jetty 7 instead of Jetty 8 or 9?
> In any case, could ActiveMQ use a more recent version of Jetty like
> 7.6.14.v20131031 (if it must stick to Jetty 7)?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
