Change Guardian 6.3.0.2 includes a critical vulnerability fix. Most of the improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us to ensure that our product meets all your needs.
The documentation for this product is available on the OpenText website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Change Guardian Documentation page. To download this product and patches, see the OpenText Downloads website.
The following section outlines the fix for a critical severity security issue found in Change Guardian bundled Apache ActiveMQ library (CVE-2023-46604), specifically the OpenWire Module. (Defect 1069005)
A security issue was found in Apache ActiveMQ, specifically the OpenWire Module. Apache ActiveMQ library is bundled in with Change Guardian. The issue may allow a remote malicious user to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol and exploit the broker or client. This release addresses the critical security vulnerability in the Apache ActiveMQ library (CVE-2023-46604). The Apache ActiveMQ library has been upgraded to version 5.16.7 which fixed the issue.
Fix: Upgrade Change Guardian server to version 6.3.0.2 which is bundled with Apache ActiveMQ library version 5.16.7.
For more information about hardware requirements, supported operating systems, and browsers, see the System Requirements for Change Guardian 6.3.
The steps for the installation of 6.3.0.2 are same as that of 6.3. For more information about the installation procedure, see Change Guardian Installation and Administration Guide.
You can upgrade to Change Guardian 6.3.0.2 from Change Guardian 6.3 or later. For information about the upgrade procedure, see Upgrading Change Guardian in the Change Guardian Installation and Administration Guide.
For information about OpenText legal notices, see https://www.opentext.com/about/legal/
Copyright © 2024 OpenText or one of its affiliates.