Hi Doug, You can update Camel dependencies independently from ActiveMQ.
Further more, ActiveMQ 5.16.3 already supports Camel 3.x (including activemq-camel). However, I still recommend to use the camel-jms component (maintained at Camel). Regards JB > Le 30 août 2021 à 22:36, Jackson, Douglas <[email protected]> a > écrit : > > Hi! > I am using activemq 5.16.3 and camel 2.25.4. There appears to be some > security issues with them based on a tool called Dependency-check. > It also flags a security issue with the velocity engine 2.0 (which > camel-velocity 2.25.4 lists as a dependency). > Are these valid? > Is it possible to use a more recent version of the velocity-engine with the > camel-velocity 2.5.4? > Are there any plans to address these in the 5.15.x and 2.25.x releases? > > CVE-2019-17571<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17571> > CVE-2020-11971<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11971> > CVE-2020-13936<https://nvd.nist.gov/vuln/detail/CVE-2020-13936> > > Thanks in advance for any guidance, > > -Doug >
