Hello, our security analyze system tools found out that Artemis MQ (in version 2.19.1) contains one CRITICAL security issue. Another tool from a customer reported this too. Our customers won't take components into operation when it contains CRITICAL issues (high, medium, low is OK).
It's because of the jgroups-3.6.13.Final.jar library, see the CVE here: https://nvd.nist.gov/vuln/detail/CVE-2016-2141 This library is from 2017 and updating to 4.0.x at least should fix this issue. (but there is already 5.2.x) Can you provide a fix for it? Would this be possible? PS: Maybe it would be good in the future to run one of those security analyze tools on a regular basis to provide security fixes faster to the users. Kind regards, Benjamin Gentner
