[ https://issues.apache.org/jira/browse/ARTEMIS-3348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17363665#comment-17363665 ]
ASF subversion and git services commented on ARTEMIS-3348: ---------------------------------------------------------- Commit 1430972c62bd55c0a7b15f9dc2c09349f5002506 in activemq-artemis's branch refs/heads/main from Robbie Gemmell [ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=1430972 ] ARTEMIS-3348, ARTEMIS-3347: update to hawtio 2.13.4 > update hawtio > ------------- > > Key: ARTEMIS-3348 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3348 > Project: ActiveMQ Artemis > Issue Type: Dependency upgrade > Components: Web Console > Affects Versions: 2.17.0 > Reporter: Robbie Gemmell > Priority: Major > Fix For: 2.18.0 > > > Update hawtio to 2.13.4. > > The existing 2.13.2 version used by the console uses an older version of > commons-io susceptible to a path traversal CVE > [https://nvd.nist.gov/vuln/detail/CVE-2021-29425|https://nvd.nist.gov/vuln/detail/CVE-2021-29425.], > which affects < 2.7.0. > > The only differences from 2.13.2 were dependency upgrades for commons-io and > jackson to get various CVE fixes such as the above: > https://github.com/hawtio/hawtio/compare/hawtio-2.13.2...hawtio-2.13.4 -- This message was sent by Atlassian Jira (v8.3.4#803005)