@JB— The Spring release documentation is indicating that “older unsupported” releases impacted— ie Spring 4.x used by ActiveMQ 5.16.x.
If we do not get a Spring 4.x fix, we may need a corresponding announcement deprecating 5.16.x. Thoughts? Matt Pavlovich > On Mar 31, 2022, at 7:47 AM, Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > > Hi guys, > > I would like to prepare ActiveMQ 5.17.1 release this week, probably to > submit it to vote during the weekend or next week. > > One of the main reasons is to update to Spring 5.3.18 which includes > CVE fixes > (https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement). > I also have other fixes/updates to add. > > Regards > JB
