CVE-2018-17187
CVE-2018-17187 affects the Apache Qpid Proton-J TLS wrapper. Versions 0.3–0.29.0 lacked hostname verification support, leaving clients that rely on the wrapper with only trusted-certificate verification and exposing them to MITM attacks. The mitigation is to upgrade Proton-J to 0.30.0+ and enable...