Re: AcitveMQ 6.0.1 and Spring Framework CVE-2024-22243

Hi James- FYI— updated ActiveMQ releases for 6.1.x, 6.0.x, 5.18.x & 5.17.x are underway. This CVE does not appear to apply to ActiveMQ, since ActiveMQ does not use the vulnerable class 'UriComponentsBuilder '. Additionally, this issue can be readily avoided by disabling the web console which

AcitveMQ 6.0.1 and Spring Framework CVE-2024-22243

Apparently ActiveMQ 6.0.1 uses spring-web v6.0.14 which is impacted by CVE-2024-22243. See https://spring.io/security/cve-2024-22243. — James Velasco Chief Computer Scientist Office: +1 (713) 975-7434 james.vela...@int.com INT | Empowering Visualization