https://issues.apache.org/jira/browse/ARTEMIS-2413
On Wed, 2 Mar 2022 at 12:20, Benjamin Gentner <benjamin.gent...@fntsoftware.com.invalid> wrote: > > Hello, > > our security analyze system tools found out that Artemis MQ (in version > 2.19.1) contains one CRITICAL security issue. Another tool from a customer > reported this too. Our customers won't take components into operation when it > contains CRITICAL issues (high, medium, low is OK). > > It's because of the jgroups-3.6.13.Final.jar library, see the CVE here: > https://nvd.nist.gov/vuln/detail/CVE-2016-2141 This library is from 2017 and > updating to 4.0.x at least should fix this issue. (but there is already 5.2.x) > > Can you provide a fix for it? Would this be possible? > > PS: Maybe it would be good in the future to run one of those security analyze > tools on a regular basis to provide security fixes faster to the users. > > Kind regards, > Benjamin Gentner
