Hi Brian,
Thanks for your help. I am working to backport dc194fc977ab to address
CVE-2020-13933 and after that I will move on to the fixes for
CVE-2020-17510 and CVE-2020-17523.
As far as the maintainability of a 1.3.x package, upgrading to a newer
version is not an option for two reasons. Firs
Hi Roberto,
Which version of activemq are you using in the debian package?
regards,
François
fpa...@apache.org
Le 31/03/2021 à 21:21, Roberto C. Sánchez a écrit :
> Hi Brian,
>
> Thanks for your help. I am working to backport dc194fc977ab to address
> CVE-2020-13933 and after that I will move
Hi François,
Debian currently has activemq versions as follows:
unstable/testing: 5.16.1
stable: 5.15.8
old stable (LTS): 5.14.3
The most recent update (5.16.1) was uploaded near the beginning of
March.
An update of shiro in unstable would only need to be concerned with the
activemq in unstable
As I see in the activemq repo:
amq 5.14.3 => shiro 1.2.4
amq 5.15.8 => shiro 1.2.6
amq 5.16.1 => shiro 1.7.0
the latest 5.15.x is the 5.15.14 and it's using shiro 1.7.0
may be it could be an option to upgrade stable to 5.15.14
regards,
François
fpa...@apache.org
Le 31/03/2021 à 22:01, Rober
That is very helpful. I will bring it up with the team responsible for
the stable updates and those reponsible for the activemq and shiro
packages to see if we can improve the situation.
Regards,
-Roberto
On Wed, Mar 31, 2021 at 10:18:59PM +0200, Francois Papon wrote:
> As I see in the activemq
