[jira] [Created] (ARTEMIS-3348) update hawtio

Robbie Gemmell (Jira) Tue, 15 Jun 2021 03:56:03 -0700

Robbie Gemmell created ARTEMIS-3348:
---------------------------------------


             Summary: update hawtio
                 Key: ARTEMIS-3348
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3348
             Project: ActiveMQ Artemis
          Issue Type: Dependency upgrade
          Components: Web Console
    Affects Versions: 2.17.0
            Reporter: Robbie Gemmell
             Fix For: 2.18.0


Update hawtio to 2.13.4.

 

The existing 2.13.2 version used by the console uses an older version of 
commons-io susceptible to a path traversal CVE 
[https://nvd.nist.gov/vuln/detail/CVE-2021-29425|https://nvd.nist.gov/vuln/detail/CVE-2021-29425.],
 which affects < 2.7.0.

 

The only differences from 2.13.2 were dependency upgrades for commons-io and 
jackson to get various CVE fixes such as the above:
https://github.com/hawtio/hawtio/compare/hawtio-2.13.2...hawtio-2.13.4



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (ARTEMIS-3348) update hawtio

Reply via email to