Apache ActiveMQ CVE-2023-46604

IBM / ibmi-oss-issues

Important resources for anyone interested in open source on IBM i

Creative Commons Zero v1.0 Universal

13 stars 0 forks source link

Apache ActiveMQ CVE-2023-46604 #48

Open shup88 opened 8 months ago

shup88 commented 8 months ago

CVE-2023-46604 lists a vulnerability with remote code execution for Active MQ.

The highest version available appears to be 5.15.12. This is an affected version. Is there any plan from IBM to remediate this and port a higher version without the RCE vulnerability?

markdirish commented 8 months ago

Hi @shup88,

I am building the latest version of Active MQ right now. I will let you know if it looks like we will be able to get an updated RPM out quickly to resolve the CVE.

shup88 commented 7 months ago

Hi @markdirish. Any update on this?

Thank you!

shup88 commented 6 months ago

Hi @markdirish. Any update on this?

Thank you!