Re: Active MQ 5.17.0 and CVE-2022-22965

Pavan, your question(s) don't appear related to the original subject of this email thread (i.e. CVE-2022-22965). Please don't hijack other people's threads. If you need to ask a question just start a new thread. Thanks! Justin On Fri, Jul 21, 2023 at 1:11 AM Pavan Gujjari wrote: > Hi Team, > >

Re: Active MQ 5.17.0 and CVE-2022-22965

Hi Team, I am writing to inquire about a few questions that are mentioned below. 1. Does ActiveMQ whitelist the IP address because it was blacklisted while utilizing the localhost that we set up per the documentation

Re: Active MQ 5.17.0 and CVE-2022-22965

Hi Yes 5.17.0 uses Spring 5.3.16 (and spring-beans). I invite you to upgrade to ActiveMQ 5.17.5 whichs uses Spring 5.3.27 (which fixes the CVE issue). Regards JB On Fri, Jul 21, 2023 at 6:13 AM Marian Stanciu wrote: > > Hi, > > We are using a docker container of ActiveMQ 5.17.0 and our vulnerab

Active MQ 5.17.0 and CVE-2022-22965

Hi, We are using a docker container of ActiveMQ 5.17.0 and our vulnerability scanner found the library spring-beans-5.3.16.jar which is vulnerable to CVE-2022-22965. Can you confirm/infirm if Active MQ is affected? More details about this vulnerability: A Spring MVC or Spring WebFlux applicati