ConnectALL requires taking backup during the upgrade and backup can stay on the server as long as it is deleted manually.

Customer in 3.7 version reported CVE-2023-46604 as security tool scanned backup location.

3.7.x

Please make sure the vulnerability reported is for ConnectALL base location not backup. If it is for backup location, delete the backups and run the scan again.

If it is true vulnerability, verify the ActiveMQ jar versions under ../ConnectALL/Broker/apache-artemis-##/lib and contact Support Team for assistance.