Thank you. Sorry about that. Is there a release date on 5.18.4? And furthermore - is ActiveMQ even vulnerable to this on versions below 5.18.4?
On Thu, Mar 7, 2024 at 10:24 AM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > Hi Matt, > > I think you are missing the ActiveMQ version and Spring version. > > 5.3.30 is the Spring version, used in ActiveMQ 5.18.x. ActiveMQ 5.18.4 > will upgrade to Spring 5.3.31 fixing the CVE. > > Regards > JB > > On Thu, Mar 7, 2024 at 2:25 PM Matthew Gay > <matthew....@broadcom.com.invalid> wrote: > > > > Good Morning, > > > > We are receiving scan reports regarding ActiveMQ being vulnerable to the > above CVE. > > We have seen a couple emails that allude to ActiveMQ not being > vulnerable. > > > > However, we are looking for a more official response indicating if it > is, or is not vulnerable. > > And to add - when an updated version of ActiveMQ will be available on > the 5.3.x line for this vulnerability. > > > > Thank you! > > Matt > > > > This electronic communication and the information and any files > transmitted with it, or attached to it, are confidential and are intended > solely for the use of the individual or entity to whom it is addressed and > may contain information that is confidential, legally privileged, protected > by privacy laws, or otherwise restricted from disclosure to anyone else. If > you are not the intended recipient or the person responsible for delivering > the e-mail to the intended recipient, you are hereby notified that any use, > copying, distributing, dissemination, forwarding, printing, or copying of > this e-mail is strictly prohibited. If you received this e-mail in error, > please return the e-mail to the sender, delete it from your computer, and > destroy any printed copy of it. > -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
smime.p7s
Description: S/MIME Cryptographic Signature
