Re: CVE presence in artemis-2.37.0

A published CVE related to an artifact can also affect projects that depend on it. Disclosing the affected dependent projects in a public forum before they have a chance to provide a fixed version can cause security issues to their users. No harm in requesting a response by using the appropriate co

Re: CVE presence in artemis-2.37.0

On Fri, Oct 25, 2024 at 6:21 AM Domenico Francesco Bruscino < bruscin...@gmail.com> wrote: > I strongly encourage you to report potential security vulnerabilities to > secur...@apache.org mailing lists first, before disclosing them in a > public > forum. Please see the page of the ASF Security Tea

RE: CVE presence in artemis-2.37.0

e feeds (could be REDHAT, NVD, MAVEN,...) Unfortunately, there is not much details except the module impacted, the CVSSV3 score and things like that. Best regards Christophe. -Original Message- From: Justin Bertram Sent: Friday, October 25, 2024 3:14 PM To: users@activemq.apache.or

Re: CVE presence in artemis-2.37.0

I strongly encourage you to report potential security vulnerabilities to secur...@apache.org mailing lists first, before disclosing them in a public forum. Please see the page of the ASF Security Team[1] for further information and contact information. [1] https://www.apache.org/security/ On Fri,

Re: CVE presence in artemis-2.37.0

These first three are related to Apache Geronimo. I don't know why these would be reported for ActiveMQ Artemis. We don't ship any jars from Geronimo so these are not valid: * CVE-2008-5518 * CVE-2009-0038

CVE presence in artemis-2.37.0

Hi Our vulnerability scanning tool is reporting following CVEs for artemis 2.37.0 * CVE-2008-5518 * CVE-2009-0038 * CVE-2009-0039 *