[
https://issues.apache.org/jira/browse/KARAF-7227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17386043#comment-17386043
]
Karthick edited comment on KARAF-7227 at 7/23/21, 7:25 AM:
-----------------------------------------------------------
Hi Jean, I am not sure why you say it is not shipped. Because I can see these
bundles are Active after we deploy Karaf 4.3.2
Snippet from running karaf instance:
30 | Active | 30 | 1.1.1 | geronimo-jta_1.1_spec
263 | Active | 80 | 1.1.1 | geronimo-jms_1.1_spec
was (Author: karthickm512):
Hi Jean, I am not sure why you say it is not shipped. Because I can see these
bundles are Active after we deploy Karaf 4.3.2
Snipped:
30 | Active | 30 | 1.1.1 | geronimo-jta_1.1_spec
263 | Active | 80 | 1.1.1 | geronimo-jms_1.1_spec
> Upgrade geronimo artifacts to mitigate CVE-2011-5034
> ----------------------------------------------------
>
> Key: KARAF-7227
> URL: https://issues.apache.org/jira/browse/KARAF-7227
> Project: Karaf
> Issue Type: Task
> Components: karaf
> Affects Versions: 4.3.2
> Reporter: Karthick
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
> Security scans on Apache Karaf 4.3.2 shows we are impacted with CVE-2011-5034
> on the packed Apache Geronimo version. Karaf must start upgrading Geronimo
> jms* jta* components to versions unaffected by this CVE
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
