uima-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerry Cwiklik (JIRA)" <...@uima.apache.org>
Subject [jira] [Created] (UIMA-4813) UIMA-AS: upgrade ActiveMQ to 5.13.1
Date Tue, 01 Mar 2016 20:11:18 GMT
Jerry Cwiklik created UIMA-4813:
-----------------------------------

             Summary: UIMA-AS: upgrade ActiveMQ to 5.13.1
                 Key: UIMA-4813
                 URL: https://issues.apache.org/jira/browse/UIMA-4813
             Project: UIMA
          Issue Type: Bug
          Components: Async Scaleout
            Reporter: Jerry Cwiklik
            Assignee: Jerry Cwiklik
             Fix For: 2.8.1AS


Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused
by the failure to restrict the classes that can be serialized in the broker. An attacker could
exploit this vulnerability using a specially crafted serialized Java Message Service (JMS)
ObjectMessage object to execute arbitrary code on the system.

Fix for this is in 5.13.release. Upgrade UIMA-AS to the latest version (5.13.1) 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message