I have updated to 5.16.2 by downloading from the website and from maven central.
Thanks for your help.
Best Regards, Simon.
==
Sent from my iPhone
> On 28 Apr 2021, at 08:24, Jean-Baptiste Onofre wrote:
>
> This is website, and it will be updated later today.
>
> If you already want to downl
This is website, and it will be updated later today.
If you already want to download 5.16.2, you can go directly on dist:
https://dist.apache.org/repos/dist/release/activemq/5.16.2/
Regards
JB
> Le 28 avr. 2021 à 09:20, Simon Billingsley
> a écrit :
>
> Great news!
> https://activemq.apache.
Great news!
https://activemq.apache.org/components/classic/download/ still shows 5.16.1 but
as you said it will take a few hours to filter through to public sites and
mirrors.
Best regards,
Simon.
On 28 Apr 2021, at 08:13, Jean-Baptiste Onofre
mailto:j...@nanthrax.net>> wrote:
I just close
I just closed the vote this morning and promoted the artifacts on Maven Central
and dist.apache.org (they should be available in couple of hours).
I will tackle the announcement on website and mailing list asap.
Regards
JB
> Le 28 avr. 2021 à 09:10, Simon Billingsley
> a écrit :
>
> Thanks f
Thanks for the notification, I look forward to seeing the new release...
Best regards,
Simon.
On 28 Apr 2021, at 06:17, Jean-Baptiste Onofre
mailto:j...@nanthrax.net>> wrote:
Hi Simon,
We just got a third binding vote. I will close the vote this morning (my time)
(sorry I was off yesterday
Hi Simon,
We just got a third binding vote. I will close the vote this morning (my time)
(sorry I was off yesterday).
Regards
JB
> Le 27 avr. 2021 à 11:24, Simon Billingsley
> a écrit :
>
> Jon,
> That’s great news.
> It looks like the vote has been open for at least 4 days, so any ETA on wh
Tim,
Thanks for the info.
We are not expecting an immediate fix for the Log4J issue as there isn’t a
direct upgrade from Log4J 1.x to Log4J 2.x - but I was hoping that the changes
made for that issue had been merged back and incorporated into the release.
However, it is good to know that Active
Note that the comments on AMQ-7426 (Log4J 2) state the following:
ActiveMQ is not affected by CVE-2019-17571 directly as we don't use the
SocketServer.
The upgrade does not appear to be in 5.16.2, so expect that to remain in
your scan results, and you'll have to manually adjudicate the finding.
I doubt it'll be long, but I can't speak for the PMC members. There's a
legal aspect to reviewing releases, as well as checking that the actual
binaries are sound, so reviewing can involve a lot of work. The 72 hours is
a minimum time the vote has to be open for; its not unusual for votes to
take l
Jon,
That’s great news.
It looks like the vote has been open for at least 4 days, so any ETA on when
the vote will be closed?
I can see that an additional binding vote is still required...
Best regards,
Simon.
On 27 Apr 2021, at 09:42, Jonathan Gallimore
mailto:jonathan.gallim...@gmail.com>>
Hi,
ActiveMQ 5.16.2 is being voted on at the moment:
https://lists.apache.org/thread.html/r5b0094d52e4b43f60d3434ff20d3525290bf34bd85ff90af0b152aba%40%3Cdev.activemq.apache.org%3E,
once that vote is complete, the binaries will be released on the website.
You can pick up the binaries that are being
Hello,
Our company is using ActiveMQ v5.16.1
We have scanned the software with a security scanner and it has found
critical/high severity security issues in 3 packages used by ActiveMQ:
- log4j_log4j
- org.apache.shiro_shiro-core
- com.thoughtworks.xstream_xstream
Here is the list is CVEs found:
12 matches
Mail list logo
