AMQ Clients Resolved Issues
Updated
The AMQ Clients quarterly 2023.Q4 release is now available for download.
Note, AMQ Clients releases are cumulative and include fixes from previous quarterly releases as noted below.
The following issues have been resolved in the AMQ Clients 2023.Q4 release:
Red Hat build of Qpid JMS
| ID | Summary |
|---|---|
| This content is not included.ENTMQCL-3875 | CVE-2023-40167 jetty-http: jetty: Improper validation of HTTP/1 content-length [amq-cl-2] [amq-cl-2] |
| This content is not included.ENTMQCL-3776 | CVE-2023-40167 jetty-http: jetty: Improper validation of HTTP/1 content-length [amq-cl-2] [amq-cl-2] |
Red Hat build of Rhea
| ID | Summary |
|---|---|
| This content is not included.ENTMQCL-7402 | [js] Several failures from rhea examples on Windows |
Red Hat build of AMQP Spring Boot
| ID | Summary |
|---|---|
| This content is not included.ENTMQCL-3897 | CVE-2023-34050 org.amqphub.spring-amqp-10-jms-spring-boot-parent: springframework-amqp: Deserialization Vulnerability [amq-cl-2] |
| This content is not included.ENTMQCL-3692 | CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) [amq-cl-2] |
| This content is not included.ENTMQCL-3608 | CVE-2022-41854 dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow [amq-cl-2] |
| This content is not included.ENTMQCL-3600 | CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution [amq-cl-2] |
| This content is not included.ENTMQCL-3503 | CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode [amq-cl-2] |
| This content is not included.ENTMQCL-3499 | CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections [amq-cl-2] |
Product(s)
Category
Components
Article Type