Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
5.15.1, 5.15.2
-
None
-
Important
Description
In our organization's black-duck scan some critical security alerts came up, regarding several components used within the latest versions of AMQ. Here is the list:
| Apache Camel2.0-M1 |
| Apache Camel2.19.0 |
| Apache Camel2.19.1 |
| Apache Commons Net3.6 |
| Apache Tomcat8.0.24 |
| Apache Tomcat8.0.33 |
| Apache Tomcat8.0.22 |
| Apache Tomcat1.2.3 |
| Apache Velocity1.7 |
| jackson-databind2.6.7 |
| Jetspeed-2 Enterprise Portal2.1.4 |
| log4j1.2.17 |
The majority of the issues are resolved within the latest versions of these dependencies.
Is it planned to resolve these vulnerabilities in some upcoming version?