Hi James- A new set of releases is underway. Look for notices from Jean-Baptiste Onofre. ASFAIK- ActiveMQ is not vulnerable to this issue b/c we do not use EnableMethodSecurity or spring-security module at all.
ref: https://github.com/search?q=repo%3Aapache%2Factivemq EnableMethodSecurity&type=code <https://github.com/search?q=repo%3Aapache%2Factivemq%20EnableMethodSecurity&type=code> ref: https://github.com/search?q=repo%3Aapache%2Factivemq+spring-security&type=code Thanks, Matt Pavlovich > On Oct 6, 2025, at 1:54 PM, James Velasco <[email protected]> > wrote: > > To whom it may concern, Is there an update on the ETA for ActiveMQ 6.1.8 ? > I believe it was initially scheduled for 25-September. > > Hopefully this would address https://nvd.nist.gov/vuln/detail/CVE-2025-41249. > > Thanks, > > James > — > > James Velasco > Chief Computer Scientist > > Office: +1 (713) 975-7434 > [email protected] <mailto:[email protected]> > INT | Empowering Visualization >
