I'm using Karaf 4.2.3 over JDK 1.8. I had ran a Black Duck Scan, and it is pointing to Apache ActiveMQ -5.15.9 with some vulnerabilities, one of them is critical. I'd like to know if it is possible to get this updated to the recommended version which is 5.17.1. Please if you have some advice it'd be highly appreciated. I'd like to point out that in the current project, I'm not really using ActiveMQ.
Asked
Active
Viewed 114 times
0
Justin Bertram
- 29,372
- 4
- 21
- 43
Erik Torres
- 3
- 2
1 Answers
0
ActiveMQ 5.17.1 requires Java 11 so you won't be able to use that. You should upgrade to ActiveMQ 5.16.5 instead. It's the latest version which supports Java 8. That said, if you're not using ActiveMQ in your project then the simplest (and most secure) thing you can do is just remove it.
Justin Bertram
- 29,372
- 4
- 21
- 43
-
Hi Justin, thanks for your kind and accurate answer. I'm totally new to Apache Karaf, so to remove this dependency, how can it be performed? I have an idea that it ought to be performed through the features.xml file, perhaps I'm wrong but I'm not sure how to remove it, could you if possible, share with me the way to do it?, thanks – Erik Torres Jul 11 '22 at 04:24
-
I'm not experienced with Karaf so I can't tell you how to remove it. I recommend you ask a new question about this. – Justin Bertram Jul 12 '22 at 18:10
-
Thanks a lot for taking the time to answer Justin, I'll try to formulate another question. – Erik Torres Jul 13 '22 at 05:36