I'd like to find out some more details about the specific vulnerability
motivations behind the whitelist fix for the java deserialization issue. I'd
like to disambiguate between the addition of the feature for the whitelist
and the specific java deserialization exploit vectors using the gadget
chai
I would like to request an official statement from the activemq developers on
what is the support policy for active mq versions, especially with respect
to providing security fixes and also backwards compatibility.
1. How many major versions of ActiveMQ are supported? (E.G. Currently
5.11.x, 5.12
