0

I'm using Karaf 4.2.3 over JDK 1.8. I had ran a Black Duck Scan, and it is pointing to Apache ActiveMQ -5.15.9 with some vulnerabilities, one of them is critical. I'd like to know if it is possible to get this updated to the recommended version which is 5.17.1. Please if you have some advice it'd be highly appreciated. I'd like to point out that in the current project, I'm not really using ActiveMQ.

Justin Bertram
36.4k6 gold badges27 silver badges50 bronze badges
asked Jul 11, 2022 at 2:55

1 Answer 1

0

ActiveMQ 5.17.1 requires Java 11 so you won't be able to use that. You should upgrade to ActiveMQ 5.16.5 instead. It's the latest version which supports Java 8. That said, if you're not using ActiveMQ in your project then the simplest (and most secure) thing you can do is just remove it.

answered Jul 11, 2022 at 3:31
Sign up to request clarification or add additional context in comments.

3 Comments

Hi Justin, thanks for your kind and accurate answer. I'm totally new to Apache Karaf, so to remove this dependency, how can it be performed? I have an idea that it ought to be performed through the features.xml file, perhaps I'm wrong but I'm not sure how to remove it, could you if possible, share with me the way to do it?, thanks
I'm not experienced with Karaf so I can't tell you how to remove it. I recommend you ask a new question about this.
Thanks a lot for taking the time to answer Justin, I'll try to formulate another question.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.