There were a few versions of ActiveMQ 5.x that packaged HawtIO with the
broker, but within a few versions it was removed and users would have to
add it manually. From memory, I think it was present in 5.9 and 5.10 and
removed thereafter.
Justin's response matches up with my belief that 5.11.1 was
Taking a look at the download for ActiveMQ 5.11 [1] I don't even see a
directory named webapps/hawtio.
Also, the information on the CVE [2] states:
Per Apache: "Having reviewed your report we have concluded that it does
not represent a valid vulnerability in Apache Commons File Upload. If an
ap
Hi, we have an Apache ActiveMQ 5.11.0 installation and our security team
notified us the vulnerability CVE-2016-131 on library
commons-fileupload-1.3.1.jar, present into webapps/hawtio/WEB-INF/lib.
How can we mitigate it?
Is it possible to take library commons-fileupload-1.3.3.jar and replace t
