This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/artemis-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 30f170eb Automatic Site Publish by Buildbot
30f170eb is described below
commit 30f170eb178e65e45958128014284c695cbb4729
Author: buildbot <[email protected]>
AuthorDate: Tue Mar 17 15:03:29 2026 +0000
Automatic Site Publish by Buildbot
---
output/security-advisories.data/CVE-2026-27446-announcement.txt | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/output/security-advisories.data/CVE-2026-27446-announcement.txt
b/output/security-advisories.data/CVE-2026-27446-announcement.txt
index 6cf4cfc9..cde10507 100644
--- a/output/security-advisories.data/CVE-2026-27446-announcement.txt
+++ b/output/security-advisories.data/CVE-2026-27446-announcement.txt
@@ -21,12 +21,14 @@ This issue affects:
Users are recommended to upgrade to Apache Artemis version 2.52.0, which fixes
the issue.
-The issue can be mitigated by either of the following:
+The issue can be mitigated by one of the following:
- Remove Core protocol support from any acceptor receiving connections from
untrusted sources. Incoming Core protocol connections are supported by default
via the "artemis" acceptor listening on port 61616. See the "protocols" URL
parameter configured for the acceptor. An acceptor URL without this parameter
supports all protocols by default, including Core.
- Use two-way SSL (i.e. certificate-based authentication) in order to force
every client to present the proper SSL certificate when establishing a
connection before any message protocol handshake is attempted. This will
prevent unauthenticated exploitation of this vulnerability.
+- Implement and deploy a Core interceptor to deny all Core downstream
federation connect packets. Such packets have a type of (int) -16 or (byte)
0xfffffff0. Documentation for interceptors is available at
https://artemis.apache.org/components/artemis/documentation/latest/intercepting-operations.html.
+
Credit:
Hardik Mehta <[email protected]> (finder)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
