ActiveMQ Artemis 2.31.1 was released October 25 (i.e. right before the CVE was announced) and it contains libraries from ActiveMQ "Classic" 5.17.6 which are not vulnerable to CVE-2023-46604.
Justin On Wed, Nov 1, 2023 at 1:56 PM Steigerwald, Aaron <asteigerw...@brandesassociates.com.invalid> wrote: > Hello, > > Does anyone have an estimate for how soon Apache Artemis will be delivered > with Apache ActiveMQ artifacts that address the critical CVE-2023-46604 > "Apache ActiveMQ is vulnerable to Remote Code Execution" fix? > > Fix details can be found here: > > https://github.com/advisories/GHSA-crg9-44h2-xw35 > > Thank you, > Aaron >