Severity: Medium
Affected versions:
- Apache ActiveMQ before 5.16.6
- Apache ActiveMQ 5.17.0 before 5.17.4
- Apache ActiveMQ 5.18.0 unaffected
- Apache ActiveMQ 6.0.0 unaffected
Description:
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary
code execution.
In det
By the way, I just realized that I didn't push new official docker
images on DockerHub.
I'm doing it now.
Sorry about that,
Regards
JB
On Mon, Nov 27, 2023 at 9:39 PM Rachel, Frank
wrote:
>
> 2 questions - do client-side libraries (java) need updated, or will the
> 5.18.x version still work?
>
Hi Frank
To answer your questions:
1. even if it's always better to update client, 5.18.x client still
works with ActiveMQ 6.0.0 broker
2. yes, 5.18.4 is already planned including fixes. 5.18.x is still
active (we keep three active branches, which is currently 5.17.x,
5.18.x, 6.0.x, when 6.1.0 wi
