ActiveMQ Artemis supports the OpenWire protocol via dependencies from
ActiveMQ "Classic." Until ActiveMQ Artemis 2.31.1 those dependencies
contain the vulnerable code which means ActiveMQ Artemis ships the
vulnerable code. However, the only known exploit of this vulnerability
requires Spring depend
Hi,
Am Mittwoch, dem 01.11.2023 um 14:29 -0500 schrieb Justin Bertram:
> ActiveMQ Artemis 2.31.1 was released October 25 (i.e. right before
> the CVE
> was announced) and it contains libraries from ActiveMQ "Classic"
> 5.17.6
> which are not vulnerable to CVE-2023-46604.
Does this imply that Artem
ActiveMQ Artemis 2.31.1 was released October 25 (i.e. right before the CVE
was announced) and it contains libraries from ActiveMQ "Classic" 5.17.6
which are not vulnerable to CVE-2023-46604.
Justin
On Wed, Nov 1, 2023 at 1:56 PM Steigerwald, Aaron
wrote:
> Hello,
>
> Does anyone have an estima
On 11/1/23 14:55, Steigerwald, Aaron wrote:
Hello,
Does anyone have an estimate for how soon Apache Artemis will be delivered with Apache
ActiveMQ artifacts that address the critical CVE-2023-46604 "Apache ActiveMQ is
vulnerable to Remote Code Execution" fix?
Fix details can be found here:
h
