Martin,
Thanks for sharing your solution (unclean though it is) to help whoever
might hit this later, and the fact that you're running within Karaf. I
don't have any experience working with Karaf so I can't suggest anything
cleaner (though you'd be more likely to get suggestions from the Karaf
com
There were a few versions of ActiveMQ 5.x that packaged HawtIO with the
broker, but within a few versions it was removed and users would have to
add it manually. From memory, I think it was present in 5.9 and 5.10 and
removed thereafter.
Justin's response matches up with my belief that 5.11.1 was
Taking a look at the download for ActiveMQ 5.11 [1] I don't even see a
directory named webapps/hawtio.
Also, the information on the CVE [2] states:
Per Apache: "Having reviewed your report we have concluded that it does
not represent a valid vulnerability in Apache Commons File Upload. If an
ap
Hi, we have an Apache ActiveMQ 5.11.0 installation and our security team
notified us the vulnerability CVE-2016-131 on library
commons-fileupload-1.3.1.jar, present into webapps/hawtio/WEB-INF/lib.
How can we mitigate it?
Is it possible to take library commons-fileupload-1.3.3.jar and replace t
