The mitigation section simply says to upgrade to 5.13.0, which implies that 5.13.0 fixes all categories of this problem, including webconsole. Is that accurate?
Tim On Dec 8, 2015 10:09 AM, "Dejan Bosanac" <de...@nighttale.net> wrote: > Hi, > > this has just been announced with its own CVE-2015-5254. More info can be > found at > > http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt > > Regards > -- > Dejan Bosanac > about.me/dejanb > > On Tue, Dec 8, 2015 at 4:41 PM, iali <i...@arcsolutions.com> wrote: > > > Thanks Tim, > > > > I did had a look at that site and it has got a comprehensive explanation > > against this vulnerability. Also I have been having a discussion under > > AMQ-6013 <https://issues.apache.org/jira/browse/AMQ-6013> and it seems > > that we can use CVE-2015-4852 based on comment in > > > > > > > https://issues.apache.org/jira/browse/AMQ-6013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15046732#comment-15046732 > > > > > > > > -- > > View this message in context: > > > http://activemq.2283324.n4.nabble.com/Java-December-vulnerability-tp4704610p4704781.html > > Sent from the ActiveMQ - User mailing list archive at Nabble.com. > > >
