Hi, Am Mittwoch, dem 01.11.2023 um 14:29 -0500 schrieb Justin Bertram: > ActiveMQ Artemis 2.31.1 was released October 25 (i.e. right before > the CVE > was announced) and it contains libraries from ActiveMQ "Classic" > 5.17.6 > which are not vulnerable to CVE-2023-46604. Does this imply that Artemis is potentially also affected by this vulnerability? The CVE and all other sources indicate that only ActiveMQ is affected.
Thanks, Thorsten > > On Wed, Nov 1, 2023 at 1:56 PM Steigerwald, Aaron > <asteigerw...@brandesassociates.com.invalid> wrote: > > > Hello, > > > > Does anyone have an estimate for how soon Apache Artemis will be > > delivered > > with Apache ActiveMQ artifacts that address the critical CVE-2023- > > 46604 > > "Apache ActiveMQ is vulnerable to Remote Code Execution" fix? > > > > Fix details can be found here: > > > > https://github.com/advisories/GHSA-crg9-44h2-xw35 > > > > Thank you, > > Aaron > > -- Dr.-Ing. Thorsten Meinl KNIME AG Talacker 50 8001 Zurich, Switzerland
