Date: Tue, 8 Dec 2015 17:57:28 +0100 From: Dejan Bosanac <dejan@...httale.net> To: "dev@...ivemq.apache.org" <dev@...ivemq.apache.org>, "users@...ivemq.apache.org" <users@...ivemq.apache.org>, Apache Security Response Team <security@...che.org>, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ A security vulnerabilities is reported against Apache ActiveMQ 5.12.1 and older versions Please check the following document and see if you’re affected http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt Apache ActiveMQ 5.13.0 with appropriate fixes is released and available for upgrade. Please take a look at http://activemq.apache.org/objectmessage.html and https://issues.apache.org/jira/browse/AMQ-6013 for more details. Regards -- Dejan Bosanac about.me/dejanb
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ