I agree, there isn’t a JDK requirement change or anything to go to 5.19.x.
> On Mar 5, 2026, at 8:08 AM, Jean-Baptiste Onofré <[email protected]> wrote: > > Hi > > I just shared that I got some requests from users. I'm trying to convince > them to upgrade to 5.19.x (which is very close to 5.18.x and include the > fixes already). > > Let me try to convince these users to upgrade to 5.19.x. > > Regards > JB > > On Thu, Mar 5, 2026 at 8:17 AM Robbie Gemmell <[email protected]> > wrote: > >> Not really seeing how releasing 5.18.x makes sense a year after saying >> it was no longer supported with the 5.18.7 release (after 5.19.0), >> removing it from the download page at that time, and having not >> released the stream since (e.g for any of the dependency CVE fixes in >> that time) whilst all the other streams have had multiple releases or >> even been superceded and dropped themselves? >> >> Seems especially odd given 5.18.x and 5.19.x have pretty similar >> supportability/requirements which is why it was dropped. I'm pretty >> sure I even recall seeing some initial discussion of late about when >> to drop 5.19.x. >> >> It will also still be marked as being affected by CVE-2025-66168 by >> scanners even if it contains the fix, since the version details just >> announced for that CVE included everything before 5.19.2. >> >> Is 5.18.x EOL or not? >> >> Robbie >> >> On Tue, 3 Mar 2026 at 21:55, Jean-Baptiste Onofré <[email protected]> wrote: >>> >>> Hi, >>> >>> I am currently reviewing the security advisories. I have also received >>> several inquiries from the community regarding the possibility of a new >>> 5.18.x release that includes only the latest CVE fixes. >>> >>> I will begin preparing that release soon. >>> >>> Regards, >>> JB >>> >>> On Tue, Mar 3, 2026 at 3:13 PM Casey A. Owen via users < >>> [email protected]> wrote: >>> >>>> Hello, >>>> >>>> Could someone please clarify why the listed CVEs are not documented in >> the >>>> Apache ActiveMQ Classic Security Advisories at >>>> https://activemq.apache.org/components/classic/security? >>>> >>>> Thank you for your prompt attention to this matter, >>>> >>>> >>>> Casey Owen | Sr Applications Analyst >>>> >>>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> For further information, visit: https://activemq.apache.org/contact >> >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
