Ok sounds good, you are right that it was probably just a caching issue with the browser.
You can also check the github repo to double check if it was added or not as the website is generated from that: https://github.com/apache/activemq-website/blob/main/src/components/classic/security.md Chris On Mon, Jun 1, 2026 at 3:02 PM Casey A. Owen <[email protected]> wrote: > > I refreshed multiple times earlier and did not see them, but all are present > now. Maybe a caching issue. Thanks! > > Casey Owen | Sr Applications Analyst > Southwest Power Pool > > -----Original Message----- > From: Christopher Shannon <[email protected]> > Sent: Monday, June 1, 2026 1:36 PM > To: Casey A. Owen <[email protected]> > Cc: [email protected] > Subject: Re: **External Email** CVE-2026-49270: Apache ActiveMQ Broker, > Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via > Crafted BrokerInfo (OpenWire) > > STOP! This is NOT an SPP email. > Be very cautious of any links or attachments unless you recognize this sender > and are expecting this email. > Please click the "Report Phish" button if you are unsure about this email. > > Are the reports not showing up for you? I added everything yesterday and as > far as I can tell it was updated fine. > > > On Mon, Jun 1, 2026 at 11:10 AM Casey A. Owen <[email protected]> wrote: > > > > Christopher, can you please ensure this latest round of CVEs is added to > > the Apache ActiveMQ security advisories > > (https://activemq.apache.org/components/classic/security)? > > > > Thanks, > > > > > > Casey Owen | Sr Applications Analyst > > Southwest Power Pool > > > > -----Original Message----- > > From: Christopher L. Shannon <[email protected]> > > Sent: Sunday, May 31, 2026 11:18 AM > > To: [email protected]; [email protected] > > Subject: **External Email** CVE-2026-49270: Apache ActiveMQ Broker, > > Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure > > via Crafted BrokerInfo (OpenWire) > > > > STOP! This is NOT an SPP email. > > Be very cautious of any links or attachments unless you recognize this > > sender and are expecting this email. > > Please click the "Report Phish" button if you are unsure about this email. > > > > Severity: moderate > > > > Affected versions: > > > > - Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 5.14.0 > > before 5.19.7 > > - Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 6.0.0 > > before 6.2.6 > > - Apache ActiveMQ (org.apache.activemq:activemq-all) 5.14.0 before > > 5.19.7 > > - Apache ActiveMQ (org.apache.activemq:activemq-all) 6.0.0 before > > 6.2.6 > > - Apache ActiveMQ All (org.apache.activemq:apache-activemq) 5.14.0 > > before 5.19.7 > > - Apache ActiveMQ All (org.apache.activemq:apache-activemq) 6.0.0 > > before 6.2.6 > > > > Description: > > > > Exposure of Sensitive Information Through Metadata vulnerability in Apache > > ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. > > > > Brokers that are configured with a network connector with syncDurableSubs > > set to true, are vulnerable to an unauthenticated attacker who can receive > > a list of all durable topic subscriptions in the broker, including client > > identifiers, subscription names, topic destinations, and JMS selector > > expressions, by sending a BrokerInfo command. The broker incorrectly > > responds without first ensuring the connection is authenticated. > > This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before > > 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6; Apache > > ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6. > > > > Users are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes > > the issue. > > > > Credit: > > > > Basel Khaled (finder) > > > > References: > > > > https://activemq.apache.org/ > > https://www.cve.org/CVERecord?id=CVE-2026-49270 > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] For > > further information, visit: https://activemq.apache.org/contact > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
