[
https://issues.apache.org/jira/browse/KARAF-7227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17385977#comment-17385977
]
Karthick commented on KARAF-7227:
---------------------------------
As per Apache Karaf 4.3.2 Mavensite, you are packing Geronimo 1.1.1 which is
much within the affected range (<2.2)
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-jms_1.1_spec</artifactId>
<version>1.1.1</version>
> Upgrade geronimo artifacts to mitigate CVE-2011-5034
> ----------------------------------------------------
>
> Key: KARAF-7227
> URL: https://issues.apache.org/jira/browse/KARAF-7227
> Project: Karaf
> Issue Type: Task
> Components: karaf
> Affects Versions: 4.3.2
> Reporter: Karthick
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
> Security scans on Apache Karaf 4.3.2 shows we are impacted with CVE-2011-5034
> on the packed Apache Geronimo version. Karaf must start upgrading Geronimo
> jms* jta* components to versions unaffected by this CVE
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
