Hello Team, I'm using ActiveMQ broker on multiple projects, and we just made the update from 5.18.2 to 5.18.3 to correct CVE-202346604.
In my maven dependencies, I just declare activemq-broker and let him handle his dependencies. However, he seems to download his ActiveMQ dependencies (activemq-client and activemq-openwire-legacy) in 5.18.2. Is it normal ? Shouldn't it go for 5.18.3 ? Obviously, I can work around it by declaring myself which version of each dependency I want, but I'm surprised maven doesn't take care of it by himself. Regards, GaƩtan Perrin AVIS : Ce courrier et ses pieces jointes sont destines a leur seul destinataire et peuvent contenir des informations confidentielles appartenant a bioMerieux. Si vous n'etes pas destinataire, vous etes informe que toute lecture, divulgation, ou reproduction de ce message et des pieces jointes est strictement interdite. Si vous avez recu ce message par erreur merci d'en prevenir l'expediteur et de le detruire, ainsi que ses pieces jointes. NOTICE: This message and attachments are intended only for the use of their addressee and may contain confidential information belonging to bioMerieux. If you are not the intended recipient, you are hereby notified that any reading, dissemination, distribution, or copying of this message, or any attachment, is strictly prohibited. If you have received this message in error, please notify the original sender immediately and delete this message, along with any attachments.