jruby.jar as shipped with JBoss ESB exposes CVE-2012-5370. We are shipping JRuby 18.104.22.168. The upstream Ruby language has replaced the vulnerable Murmur hash function / algorithm implementation with the SipHash-2-4 implementation:
An upstream fix is not yet available for JRuby. Once an upstream fix is available, we should incorporate it into a future release via a component upgrade.