chibenwa opened a new pull request, #3079:
URL: https://github.com/apache/james-project/pull/3079
…several CVEs
- CVE-2026-54475: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache
ActiveMQ: Temporary destination ownership takeover
- CVE-2026-53917: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ
Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire
property unmarshalling
- CVE-2026-53916: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ
Stomp: Unbounded header buffer in STOMP NIO codec
- CVE-2026-52760: Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS
via Unescaped values in ActiveMQ Web Console
- CVE-2026-50750: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ
All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270
- CVE-2026-50734: Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ
All: Pre-authentication OpenWire memory-allocation DoS during wire format
negotiation
- CVE-2026-49877: Apache ActiveMQ: Authenticated web users retain admin
access by default in the Web Console
- CVE-2026-49432: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ
Stomp: STOMP negative content-length enables denial of service
- CVE-2026-49434: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ
All: LdapNetworkConnector instantiates denied transports and a
remote-properties broker
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]