Hi, I am new to the group. Hoping to get some information on two vulnerabilities that were returned when running a Trivy scan on ActiveMQ 5.19.0. I realize these would be resolved if we just upgraded to ActiveMQ 6.1.6, but another piece of software on our system is not compatible with Java 17. It looks like the newest supported version of ActiveMQ on the java 11 is ActiveMQ 5.19.0. However, our security scan had two findings that are areas of concern. Is 5.19.0 actually impacted by these findings? If not, please give explanation as to why not.
Additionally, are there plans to upgrade these components to the "fixed version" as indicated in the screenshot below? : components of ActiveMQ 5.19.0: spring-web 5.3.39.0 Critical: CVE-2016-1000027 —https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 camel-core2.25.4.0 High: CVE-2020-11971 — https://nvd.nist.gov/vuln/detail/CVE-2020-11971 [cid:84b4d51c-9691-4912-a3f7-f81ba898c5b2] Respectfully, Del Simmons Consultant [https://imageproxy.zdassets.com/f278a90c30fb481db71e629e726d493f9f3498ab?url=http%3A%2F%2Fzigabytepublic.s3.us-east-2.amazonaws.com%2FZigabyteEmail130x26.png]<https://urldefense.com/v3/__http://www.zigabyte.com/__;!!MsNKLpFGsw!d8VVFIzsLhgC9SM4EQq1jA77hUnZWVBLU9gTApv8Rd_choaYLWxwXaxCKinfYePD$> | Character | Competence | Community email: delbert.simm...@zigabyte.com cell: 803.269.9182
