Hi I just shared that I got some requests from users. I'm trying to convince them to upgrade to 5.19.x (which is very close to 5.18.x and include the fixes already).
Let me try to convince these users to upgrade to 5.19.x. Regards JB On Thu, Mar 5, 2026 at 8:17 AM Robbie Gemmell <[email protected]> wrote: > Not really seeing how releasing 5.18.x makes sense a year after saying > it was no longer supported with the 5.18.7 release (after 5.19.0), > removing it from the download page at that time, and having not > released the stream since (e.g for any of the dependency CVE fixes in > that time) whilst all the other streams have had multiple releases or > even been superceded and dropped themselves? > > Seems especially odd given 5.18.x and 5.19.x have pretty similar > supportability/requirements which is why it was dropped. I'm pretty > sure I even recall seeing some initial discussion of late about when > to drop 5.19.x. > > It will also still be marked as being affected by CVE-2025-66168 by > scanners even if it contains the fix, since the version details just > announced for that CVE included everything before 5.19.2. > > Is 5.18.x EOL or not? > > Robbie > > On Tue, 3 Mar 2026 at 21:55, Jean-Baptiste Onofré <[email protected]> wrote: > > > > Hi, > > > > I am currently reviewing the security advisories. I have also received > > several inquiries from the community regarding the possibility of a new > > 5.18.x release that includes only the latest CVE fixes. > > > > I will begin preparing that release soon. > > > > Regards, > > JB > > > > On Tue, Mar 3, 2026 at 3:13 PM Casey A. Owen via users < > > [email protected]> wrote: > > > > > Hello, > > > > > > Could someone please clarify why the listed CVEs are not documented in > the > > > Apache ActiveMQ Classic Security Advisories at > > > https://activemq.apache.org/components/classic/security? > > > > > > Thank you for your prompt attention to this matter, > > > > > > > > > Casey Owen | Sr Applications Analyst > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > For further information, visit: https://activemq.apache.org/contact > > >
