Regarding CVE-2022-37026 is EMQX affected. RabbitMQ released an update 3.10.9 on 2022/10/13 to address this vulnerability, but I’m not able find any mention of a update for EMQX.

I should have tried harder to look. Found this release note Release EMQX v4.4.11 · emqx/emqx · GitHub
which notes this PR Upgrade/william/vsn 4.4 otp upgrade by qzhuyan · Pull Request #9265 · emqx/emqx · GitHub that corrects the issue.

1 Like