To be clear, Spring 5.3.39 was released in August of 2024, not December as previously asserted.
Justin On Tue, Nov 26, 2024 at 11:07 AM Justin Bertram <jbert...@apache.org> wrote: > That makes sense. As noted by Spring [1]: > > 5.3.x was the final feature branch of the 5th generation, with long-term > support provided on JDK 8, JDK 11, JDK 17, JDK 21 and the Java EE 8 level. > Open source support ended on August 31st, 2024; commercial support options > remain available. > > > Justin > > [1] > https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions > > On Tue, Nov 26, 2024 at 11:04 AM Christopher Shannon < > christopher.l.shan...@gmail.com> wrote: > >> That version is probably a commercial release. This blog post talks about >> version 5.3.42 as commercial >> >> https://spring.io/blog/2024/11/15/spring-framework-cve-2024-38828-published >> >> So obviously we won't be upgrading to anything beyond 5.3.39 as that is >> the >> last open source release. >> >> On Tue, Nov 26, 2024 at 11:50 AM Justin Bertram <jbert...@apache.org> >> wrote: >> >> > > ...5.3.41 resolves those vulnerabilities. >> > >> > There is no release for Spring 5.3.41. It is not tagged in their repo >> [1] >> > and it is not in Maven [2]. >> > >> > > What version of AMQ will be updating Spring to that version? >> > >> > That remains to be seen since Spring 5.3.41 isn't yet released. >> > Furthermore, 5.3.40 is also not yet released. >> > >> > > Shouldn't AMQ include the latest Spring? >> > >> > Based on the evidence Spring 5.3.39 _is_ the latest release. >> > >> > What has given you the impression that Spring 5.3.41 is available? >> > >> > >> > Justin >> > >> > [1] https://github.com/spring-projects/spring-framework/tags >> > [2] https://repo1.maven.org/maven2/org/springframework/spring-core/ >> > >> > On Tue, Nov 26, 2024 at 10:20 AM Matthew Gay >> > <matthew....@broadcom.com.invalid> wrote: >> > >> > > Sorry, I got my versions mixed up. >> > > >> > > Spring 5.3.39 is currently shipped with AMQ and is vulnerable. >> > > 5.3.41 resolves those vulnerabilities. >> > > >> > > What version of AMQ will be updating Spring to that version? >> > > I see on your link provided (thank you) that it is still 5.3.39 with a >> > > release date of late December. >> > > >> > > Shouldn't AMQ include the latest Spring? >> > > >> > > >> > > Matthew Gay >> > > >> > > Principal Support Engineer | Agile Operations Division >> > > >> > > Broadcom >> > > >> > > matthew....@broadcom.com >> > > >> > > Twitter <https://twitter.com/BroadcomSW> | LinkedIn >> > > <https://www.linkedin.com/company/broadcomsoftware> >> > > >> > > >> > > *To help expedite routing to the correct SME, please follow these >> > **SUGGESTIONS >> > > <https://knowledge.broadcom.com/external/article?articleId=275717> >> when >> > > opening a DX NetOps case* >> > > >> > > >> > > On Tue, Nov 26, 2024 at 10:57 AM Jean-Baptiste Onofré < >> j...@nanthrax.net> >> > > wrote: >> > > >> > >> Hi Matt >> > >> >> > >> Not sure I understand: Spring 5.18.41 doesn't exist afaik ( >> > >> https://repo1.maven.org/maven2/org/springframework/spring-core/). >> > >> >> > >> ActiveMQ 5.18.x is using Spring 5.3.39. >> > >> >> > >> You can find Spring versions used on the table here: >> > >> https://activemq.apache.org/components/classic/download/ (in the >> > >> schedule & >> > >> status section). >> > >> >> > >> Regards >> > >> JB >> > >> >> > >> On Tue, Nov 26, 2024 at 4:45 PM Matthew Gay >> > >> <matthew....@broadcom.com.invalid> wrote: >> > >> >> > >> > Hi Team, >> > >> > >> > >> > Is there any timeline or versioning available for when AMQ will >> update >> > >> to >> > >> > Spring 5.18.41? >> > >> > >> > >> > Thanks! >> > >> > Matt >> > >> > >> > >> > >> > >> > Matthew Gay >> > >> > >> > >> > Principal Support Engineer | Agile Operations Division >> > >> > >> > >> > Broadcom >> > >> > >> > >> > matthew....@broadcom.com >> > >> > >> > >> > Twitter <https://twitter.com/BroadcomSW> | LinkedIn >> > >> > <https://www.linkedin.com/company/broadcomsoftware> >> > >> > >> > >> > >> > >> > *To help expedite routing to the correct SME, please follow these >> > >> **SUGGESTIONS >> > >> > <https://knowledge.broadcom.com/external/article?articleId=275717> >> > when >> > >> > opening a DX NetOps case* >> > >> > >> > >> > This electronic communication and the information and any files >> > >> > transmitted with it, or attached to it, are confidential and are >> > >> intended >> > >> > solely for the use of the individual or entity to whom it is >> addressed >> > >> and >> > >> > may contain information that is confidential, legally privileged, >> > >> protected >> > >> > by privacy laws, or otherwise restricted from disclosure to anyone >> > >> else. If >> > >> > you are not the intended recipient or the person responsible for >> > >> delivering >> > >> > the e-mail to the intended recipient, you are hereby notified that >> any >> > >> use, >> > >> > copying, distributing, dissemination, forwarding, printing, or >> copying >> > >> of >> > >> > this e-mail is strictly prohibited. If you received this e-mail in >> > >> error, >> > >> > please return the e-mail to the sender, delete it from your >> computer, >> > >> and >> > >> > destroy any printed copy of it. >> > >> >> > > >> > > This electronic communication and the information and any files >> > > transmitted with it, or attached to it, are confidential and are >> intended >> > > solely for the use of the individual or entity to whom it is addressed >> > and >> > > may contain information that is confidential, legally privileged, >> > protected >> > > by privacy laws, or otherwise restricted from disclosure to anyone >> else. >> > If >> > > you are not the intended recipient or the person responsible for >> > delivering >> > > the e-mail to the intended recipient, you are hereby notified that any >> > use, >> > > copying, distributing, dissemination, forwarding, printing, or >> copying of >> > > this e-mail is strictly prohibited. If you received this e-mail in >> error, >> > > please return the e-mail to the sender, delete it from your computer, >> and >> > > destroy any printed copy of it. >> > >> >
