Matan Keret created AMQ-6893: -------------------------------- Summary: Security vulnerabilities in AMQ (black-duck) Key: AMQ-6893 URL: https://issues.apache.org/jira/browse/AMQ-6893 Project: ActiveMQ Issue Type: Bug Components: activemq-camel, activemq-leveldb-store, activemq-pool, AMQP Affects Versions: 5.15.2, 5.15.1 Reporter: Matan Keret
In our organization's black-duck scan some critical security alerts came up, regarding several components used within the latest versions of AMQ. Here is the list: |Apache Camel2.0-M1| |Apache Camel2.19.0| |Apache Camel2.19.1| |Apache Commons Net3.6| |Apache Tomcat8.0.24| |Apache Tomcat8.0.33| |Apache Tomcat8.0.22| |Apache Tomcat1.2.3| |Apache Velocity1.7| |jackson-databind2.6.7| |Jetspeed-2 Enterprise Portal2.1.4| |log4j1.2.17| The majority of the issues are resolved within the latest versions of these dependencies. Is it planned to resolve these vulnerabilities in some upcoming version? -- This message was sent by Atlassian JIRA (v7.6.3#76005)