Hi, By the way, I will update to Spring 6.1.5, 6.0.18, 5.3.33 as a new CVE has been published.
As ActiveMQ 6.1.0 vote is almost complete, I will release this one and prepare 6.1.1 including Spring 6.1.5 update. Regards JB On Thu, Mar 14, 2024 at 5:09 PM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > > Hi Stefan > > Here's the Jira: https://issues.apache.org/jira/browse/AMQ-9453 > > I will close ActiveMQ 6.1.0 vote and promote the release, then I will > submit 5.18.4 to vote. > > Regards > JB > > On Thu, Mar 14, 2024 at 4:29 PM Boeltl, Stefan > <stefan.boe...@fisglobal.com.invalid> wrote: > > > > Hi Jean-Baptiste, > > > > Looking at > > https://mvnrepository.com/artifact/org.springframework/spring-web/5.3.31 I > > can see that > > CVE-2024-22243<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22243> > > is still there and fixed only in 5.3.32: > > https://mvnrepository.com/artifact/org.springframework/spring-web/5.3.32 > > > > Additionally, I can't find any ticket for the upgrade for 5.18.x. > > > > Thanks! > > > > Kind regards > > Stefan > > The information contained in this message is proprietary and/or > > confidential. If you are not the intended recipient, please: (i) delete the > > message and all copies; (ii) do not disclose, distribute or use the message > > in any manner; and (iii) notify the sender immediately. In addition, please > > be aware that any message addressed to our domain is subject to archiving > > and review by persons other than the intended recipient. Thank you. Message > > Encrypted via TLS connection