Hello Team,

I'm using ActiveMQ broker on multiple projects, and we just made the update 
from 5.18.2 to 5.18.3 to correct CVE-202346604.

In my maven dependencies, I just declare activemq-broker and let him handle his 
dependencies.

However, he seems to download his ActiveMQ dependencies (activemq-client and 
activemq-openwire-legacy) in 5.18.2.

Is it normal ? Shouldn't it go for 5.18.3 ?

Obviously, I can work around it by declaring myself which version of each 
dependency I want, but I'm surprised maven doesn't take care of it by himself.

Regards,

GaƩtan Perrin


AVIS : Ce courrier et ses pieces jointes sont destines a leur seul destinataire 
et peuvent contenir des informations confidentielles appartenant a bioMerieux. 
Si vous n'etes pas destinataire, vous etes informe que toute lecture, 
divulgation, ou reproduction de ce message et des pieces jointes est 
strictement interdite. Si vous avez recu ce message par erreur merci d'en 
prevenir l'expediteur et de le detruire, ainsi que ses pieces jointes. NOTICE: 
This message and attachments are intended only for the use of their addressee 
and may contain confidential information belonging to bioMerieux. If you are 
not the intended recipient, you are hereby notified that any reading, 
dissemination, distribution, or copying of this message, or any attachment, is 
strictly prohibited. If you have received this message in error, please notify 
the original sender immediately and delete this message, along with any 
attachments.

Reply via email to