Especially if there is no non-backward-compatible change, then for users the only difference between a 5.18.x and a 5.19.x is the text of the version number.
If that's the case, there's no point in maintaining both 5.18.x and 5.19.x. If users are asking for 5.18.x over 5.19.x, then I would be curious why they care about the 18 vs 19. Perhaps they know something we don't? Art On Thu, Mar 5, 2026 at 8:17 AM Jean-Baptiste Onofré <[email protected]> wrote: > Preparing the release is cherry-picking the fixes (which I did). > I didn't say I will submit the release to vote. > > It's also the reason that we discuss on the mailing list. It's a community > decision. > If the community is ok with a release, we can consider it (EOL doesn't > really exist on ASF projects, as we can always submit a release on very old > branches if it's a community call). > > It seems we have a consensus to "push" for 5.19.x, I'm fine with that. > > Regards > JB > > On Thu, Mar 5, 2026 at 10:04 AM Robbie Gemmell <[email protected]> > wrote: > > > You did also say you were going to prepare a release soon. > > > > Users can certainly ask (though it would be nice if they did it on the > > list, so discussion could take place for any other users to see), > > though that doesnt mean it actually makes sense to do. A year past an > > announced and effective EOL seems clearly not to, especially when > > there is little if any barrier to upgrading to the year-old > > replacement stream. > > > > Robbie > > > > On Thu, 5 Mar 2026 at 14:09, Jean-Baptiste Onofré <[email protected]> > wrote: > > > > > > Hi > > > > > > I just shared that I got some requests from users. I'm trying to > convince > > > them to upgrade to 5.19.x (which is very close to 5.18.x and include > the > > > fixes already). > > > > > > Let me try to convince these users to upgrade to 5.19.x. > > > > > > Regards > > > JB > > > > > > On Thu, Mar 5, 2026 at 8:17 AM Robbie Gemmell < > [email protected]> > > > wrote: > > > > > > > Not really seeing how releasing 5.18.x makes sense a year after > saying > > > > it was no longer supported with the 5.18.7 release (after 5.19.0), > > > > removing it from the download page at that time, and having not > > > > released the stream since (e.g for any of the dependency CVE fixes in > > > > that time) whilst all the other streams have had multiple releases or > > > > even been superceded and dropped themselves? > > > > > > > > Seems especially odd given 5.18.x and 5.19.x have pretty similar > > > > supportability/requirements which is why it was dropped. I'm pretty > > > > sure I even recall seeing some initial discussion of late about when > > > > to drop 5.19.x. > > > > > > > > It will also still be marked as being affected by CVE-2025-66168 by > > > > scanners even if it contains the fix, since the version details just > > > > announced for that CVE included everything before 5.19.2. > > > > > > > > Is 5.18.x EOL or not? > > > > > > > > Robbie > > > > > > > > On Tue, 3 Mar 2026 at 21:55, Jean-Baptiste Onofré <[email protected]> > > wrote: > > > > > > > > > > Hi, > > > > > > > > > > I am currently reviewing the security advisories. I have also > > received > > > > > several inquiries from the community regarding the possibility of a > > new > > > > > 5.18.x release that includes only the latest CVE fixes. > > > > > > > > > > I will begin preparing that release soon. > > > > > > > > > > Regards, > > > > > JB > > > > > > > > > > On Tue, Mar 3, 2026 at 3:13 PM Casey A. Owen via users < > > > > > [email protected]> wrote: > > > > > > > > > > > Hello, > > > > > > > > > > > > Could someone please clarify why the listed CVEs are not > > documented in > > > > the > > > > > > Apache ActiveMQ Classic Security Advisories at > > > > > > https://activemq.apache.org/components/classic/security? > > > > > > > > > > > > Thank you for your prompt attention to this matter, > > > > > > > > > > > > > > > > > > Casey Owen | Sr Applications Analyst > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > For further information, visit: https://activemq.apache.org/contact > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > For further information, visit: https://activemq.apache.org/contact > > > > > > >
