AMQ Clients 2.10.x Resolved Issues
Updated
The AMQ Clients 2.10.5 release is now available for download. AMQ Clients 2.10.5 is a patch release for AMQ Clients 2.10.0. Note, AMQ Clients patches are cumulative and include fixes from previous patch releases as noted below.
The following issues have been resolved in the AMQ Clients 2.10.5 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-3389 | Update Spring dependency to address CVE-2022-22965 |
The following issues have been resolved in the AMQ Clients 2.10.4 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-3148 | CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer [amq-cl-2] | |
| This content is not included.ENTMQCL-3150 | CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [amq-cl-2] | |
| This content is not included.ENTMQCL-3151 | CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [amq-cl-2] | |
| This content is not included.ENTMQCL-3152 | CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink [amq-cl-2] |
The following issues have been resolved in the AMQ Clients 2.10.3 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-3147 | Update optional Log4j component to 2.17.1 |
The following issues have been resolved in the AMQ Clients 2.10.2 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-2998 | CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data [amq-cl-2] | |
| This content is not included.ENTMQCL-2999 | CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way [amq-cl-2] | |
| This content is not included.ENTMQCL-3067 | CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling [amq-cl-2] | |
| This content is not included.ENTMQCL-3146 | Update optional Log4j component to 2.17.0 |
The following issues have been resolved in the AMQ Clients 2.10.1 release:
| ID | Component | Summary |
|---|---|---|
| This content is not included.ENTMQCL-2871 | Docs | [docs] Handling Link Failure Without Connection Failure in Proton C++ |
| This content is not included.ENTMQCL-2977 | jms-pool | [jms-pool] Memory leak when to use camel-jms consumer with CACHE_SESSSION and pooled connection(messaginghub/pooled-jms) |
| This content is not included.ENTMQCL-3020 | c | [c] Proton will sometimes fail to send empty frame if the idle timeout ratio between peers is greater than 2 |
Product(s)
Category
Components
Article Type