AMQ Clients 2.9.x Resolved Issues
Updated
The AMQ Clients 2.9.6 release is now available for download. AMQ Clients 2.9.6 is a patch release for AMQ Clients 2.9.0. Note, AMQ Clients patches are cumulative and include fixes from previous patch releases as noted below.
The following issues have been resolved in the AMQ Clients 2.9.6 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-3388 | Update Spring dependency to address CVE-2022-22965 |
The following issues have been resolved in the AMQ Clients 2.9.5 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-3148 | CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer [amq-cl-2] | |
| This content is not included.ENTMQCL-3150 | CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [amq-cl-2] | |
| This content is not included.ENTMQCL-3151 | CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [amq-cl-2] | |
| This content is not included.ENTMQCL-3152 | CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink [amq-cl-2] |
The following issues have been resolved in the AMQ Clients 2.9.4 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-3147 | Update optional Log4j component to 2.17.1 |
The following issues have been resolved in the AMQ Clients 2.9.3 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-2998 | CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data [amq-cl-2] | |
| This content is not included.ENTMQCL-2999 | CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way [amq-cl-2] | |
| This content is not included.ENTMQCL-3067 | CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling [amq-cl-2] | |
| This content is not included.ENTMQCL-3146 | Update optional Log4j component to 2.17.0 |
The following issues have been resolved in the AMQ Clients 2.9.2 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-2877 | Resolve python-qpid-proton and python3-qpid proton package conflict |
The following issues have been resolved in the AMQ Clients 2.9.1 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-2586 | CVE-2021-21290 netty: Information disclosure via the local system temporary directory [amq-cl-2] | |
| This content is not included.ENTMQCL-2596 | CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation [amq-cl-2] | |
| This content is not included.ENTMQCL-2666 | [c] Installed C and C++ examples build fails using CMake 2.8.12 | |
| This content is not included.ENTMQCL-2685 | CVE-2021-21409 netty: Request smuggling via content-length header [amq-cl-2] |
Product(s)
Category
Article Type