AMQ Clients 2.10.x Resolved Issues
Updated -
The AMQ Clients 2.10.5 release is now available for download. AMQ Clients 2.10.5 is a patch release for AMQ Clients 2.10.0. Note, AMQ Clients patches are cumulative and include fixes from previous patch releases as noted below.
The following issues have been resolved in the AMQ Clients 2.10.5 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQCL-3389 | Update Spring dependency to address CVE-2022-22965 |
The following issues have been resolved in the AMQ Clients 2.10.4 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQCL-3148 | CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer [amq-cl-2] | |
| ENTMQCL-3150 | CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [amq-cl-2] | |
| ENTMQCL-3151 | CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [amq-cl-2] | |
| ENTMQCL-3152 | CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink [amq-cl-2] |
The following issues have been resolved in the AMQ Clients 2.10.3 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQCL-3147 | Update optional Log4j component to 2.17.1 |
The following issues have been resolved in the AMQ Clients 2.10.2 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQCL-2998 | CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data [amq-cl-2] | |
| ENTMQCL-2999 | CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way [amq-cl-2] | |
| ENTMQCL-3067 | CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling [amq-cl-2] | |
| ENTMQCL-3146 | Update optional Log4j component to 2.17.0 |
The following issues have been resolved in the AMQ Clients 2.10.1 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQCL-2871 | Docs | [docs] Handling Link Failure Without Connection Failure in Proton C++ |
| ENTMQCL-2977 | jms-pool | [jms-pool] Memory leak when to use camel-jms consumer with CACHE_SESSSION and pooled connection(messaginghub/pooled-jms) |
| ENTMQCL-3020 | c | [c] Proton will sometimes fail to send empty frame if the idle timeout ratio between peers is greater than 2 |
Comments