Thanks. Chris is right. Looks like they are commercial releases only. Sorry for the confusion and fire drill. Appreciate the responses.
Matthew Gay Principal Support Engineer | Agile Operations Division Broadcom matthew....@broadcom.com Twitter <https://twitter.com/BroadcomSW> | LinkedIn <https://www.linkedin.com/company/broadcomsoftware> *To help expedite routing to the correct SME, please follow these **SUGGESTIONS <https://knowledge.broadcom.com/external/article?articleId=275717> when opening a DX NetOps case* On Tue, Nov 26, 2024 at 11:58 AM Christopher Shannon < christopher.l.shan...@gmail.com> wrote: > That version is probably a commercial release. This blog post talks about > version 5.3.42 as commercial > https://spring.io/blog/2024/11/15/spring-framework-cve-2024-38828-published > > So obviously we won't be upgrading to anything beyond 5.3.39 as that is the > last open source release. > > On Tue, Nov 26, 2024 at 11:50 AM Justin Bertram <jbert...@apache.org> > wrote: > > > > ...5.3.41 resolves those vulnerabilities. > > > > There is no release for Spring 5.3.41. It is not tagged in their repo [1] > > and it is not in Maven [2]. > > > > > What version of AMQ will be updating Spring to that version? > > > > That remains to be seen since Spring 5.3.41 isn't yet released. > > Furthermore, 5.3.40 is also not yet released. > > > > > Shouldn't AMQ include the latest Spring? > > > > Based on the evidence Spring 5.3.39 _is_ the latest release. > > > > What has given you the impression that Spring 5.3.41 is available? > > > > > > Justin > > > > [1] https://github.com/spring-projects/spring-framework/tags > > [2] https://repo1.maven.org/maven2/org/springframework/spring-core/ > > > > On Tue, Nov 26, 2024 at 10:20 AM Matthew Gay > > <matthew....@broadcom.com.invalid> wrote: > > > > > Sorry, I got my versions mixed up. > > > > > > Spring 5.3.39 is currently shipped with AMQ and is vulnerable. > > > 5.3.41 resolves those vulnerabilities. > > > > > > What version of AMQ will be updating Spring to that version? > > > I see on your link provided (thank you) that it is still 5.3.39 with a > > > release date of late December. > > > > > > Shouldn't AMQ include the latest Spring? > > > > > > > > > Matthew Gay > > > > > > Principal Support Engineer | Agile Operations Division > > > > > > Broadcom > > > > > > matthew....@broadcom.com > > > > > > Twitter <https://twitter.com/BroadcomSW> | LinkedIn > > > <https://www.linkedin.com/company/broadcomsoftware> > > > > > > > > > *To help expedite routing to the correct SME, please follow these > > **SUGGESTIONS > > > <https://knowledge.broadcom.com/external/article?articleId=275717> > when > > > opening a DX NetOps case* > > > > > > > > > On Tue, Nov 26, 2024 at 10:57 AM Jean-Baptiste Onofré <j...@nanthrax.net > > > > > wrote: > > > > > >> Hi Matt > > >> > > >> Not sure I understand: Spring 5.18.41 doesn't exist afaik ( > > >> https://repo1.maven.org/maven2/org/springframework/spring-core/). > > >> > > >> ActiveMQ 5.18.x is using Spring 5.3.39. > > >> > > >> You can find Spring versions used on the table here: > > >> https://activemq.apache.org/components/classic/download/ (in the > > >> schedule & > > >> status section). > > >> > > >> Regards > > >> JB > > >> > > >> On Tue, Nov 26, 2024 at 4:45 PM Matthew Gay > > >> <matthew....@broadcom.com.invalid> wrote: > > >> > > >> > Hi Team, > > >> > > > >> > Is there any timeline or versioning available for when AMQ will > update > > >> to > > >> > Spring 5.18.41? > > >> > > > >> > Thanks! > > >> > Matt > > >> > > > >> > > > >> > Matthew Gay > > >> > > > >> > Principal Support Engineer | Agile Operations Division > > >> > > > >> > Broadcom > > >> > > > >> > matthew....@broadcom.com > > >> > > > >> > Twitter <https://twitter.com/BroadcomSW> | LinkedIn > > >> > <https://www.linkedin.com/company/broadcomsoftware> > > >> > > > >> > > > >> > *To help expedite routing to the correct SME, please follow these > > >> **SUGGESTIONS > > >> > <https://knowledge.broadcom.com/external/article?articleId=275717> > > when > > >> > opening a DX NetOps case* > > >> > > > >> > This electronic communication and the information and any files > > >> > transmitted with it, or attached to it, are confidential and are > > >> intended > > >> > solely for the use of the individual or entity to whom it is > addressed > > >> and > > >> > may contain information that is confidential, legally privileged, > > >> protected > > >> > by privacy laws, or otherwise restricted from disclosure to anyone > > >> else. If > > >> > you are not the intended recipient or the person responsible for > > >> delivering > > >> > the e-mail to the intended recipient, you are hereby notified that > any > > >> use, > > >> > copying, distributing, dissemination, forwarding, printing, or > copying > > >> of > > >> > this e-mail is strictly prohibited. If you received this e-mail in > > >> error, > > >> > please return the e-mail to the sender, delete it from your > computer, > > >> and > > >> > destroy any printed copy of it. > > >> > > > > > > This electronic communication and the information and any files > > > transmitted with it, or attached to it, are confidential and are > intended > > > solely for the use of the individual or entity to whom it is addressed > > and > > > may contain information that is confidential, legally privileged, > > protected > > > by privacy laws, or otherwise restricted from disclosure to anyone > else. > > If > > > you are not the intended recipient or the person responsible for > > delivering > > > the e-mail to the intended recipient, you are hereby notified that any > > use, > > > copying, distributing, dissemination, forwarding, printing, or copying > of > > > this e-mail is strictly prohibited. If you received this e-mail in > error, > > > please return the e-mail to the sender, delete it from your computer, > and > > > destroy any printed copy of it. > > > -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
smime.p7s
Description: S/MIME Cryptographic Signature
