Hi there,
As part of the debian (E)LTS initiative, I'm working on trying to fix
CVE-2022-41678 on the activemq packages in Debian. In particular, I'm interested
in Debian Jessie and activemq 5.6.0.
The patch [0] to correct the jolokia config doesn't apply to the source code we
have in Debian for activemq 5.6.0, and I suspect this is because that version
may not include the jolokia integration.
I wanted to confirm this theory, but I'm not familiar enough with the activemq
codebase, or the history of older releases.
Please, let me know how you think we should deal with CVE-2022-41678 in activemq
5.6.0.
thanks, regards.
[0]
https://github.com/apache/activemq/commit/bf65929fdc607d5bb953a507c2f0c7256ae8e5b6
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@activemq.apache.org
For additional commands, e-mail: dev-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact
