[jira] [Closed] (JAMES-3593) Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE

Benoit Tellier (Jira) Sun, 13 Jun 2021 19:51:05 -0700


     [ 
https://issues.apache.org/jira/browse/JAMES-3593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Benoit Tellier closed JAMES-3593.
---------------------------------
    Resolution: Fixed

We endedup recommending RabbitMQ 3.8.17 as 3.8.16 is affected by undisclosed 
CVE.

> Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE
> ----------------------------------------------------------
>
>                 Key: JAMES-3593
>                 URL: https://issues.apache.org/jira/browse/JAMES-3593
>             Project: James Server
>          Issue Type: New Feature
>          Components: rabbitmq
>    Affects Versions: 3.6.0
>            Reporter: Benoit Tellier
>            Priority: Major
>             Fix For: 3.7.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> According to https://www.rabbitmq.com/changelog.html RabbitMQ prior this 
> version is subject to several CVE:
>  - https://tanzu.vmware.com/security/cve-2020-5419
>  - https://tanzu.vmware.com/security/cve-2021-22117
>  - https://tanzu.vmware.com/security/cve-2021-22116
> We currently recommend running on `3.8.3`...
> We should:
>  - [ ] Test James against RabbitMQ 3.8.16 (update the image in 
> apache/james-project and getting a green build is enough)
>  - [ ] Recommand the upgrade in update instructions and changelog
>  - [ ] Check the documentation



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

[jira] [Closed] (JAMES-3593) Recommand RabbitMQ upgrade - prior 3.8.16 has multiple CVE

Reply via email to