[jira] [Resolved] (AMQ-8458) Vulnerable Camel-Core Version (2.25.4) Needs to be upgraded

Jira Fri, 14 Jan 2022 02:26:07 -0800


     [ 
https://issues.apache.org/jira/browse/AMQ-8458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré resolved AMQ-8458.
---------------------------------------
    Resolution: Won't Fix

For maybe the 10 times, activemq-camel has been removed from ActiveMQ 5.17.x.

> Vulnerable Camel-Core Version (2.25.4) Needs to be upgraded
> -----------------------------------------------------------
>
>                 Key: AMQ-8458
>                 URL: https://issues.apache.org/jira/browse/AMQ-8458
>             Project: ActiveMQ
>          Issue Type: Bug
>            Reporter: Aman Mishra
>            Priority: Major
>
> We are using activemq-all latest version i.e. 5.16.3. It internally uses 
> camel-core version 2.25.4, which shows vulnerable in our aqua scan. It has 
> been recommended to upgrade this camel-core to at least 3.14.0 version
> CVE-2020-11971
> remedy_platform/remedy/ars:latest (Harbor - Pune)
>  
> Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 
> 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (AMQ-8458) Vulnerable Camel-Core Version (2.25.4) Needs to be upgraded

Reply via email to