That makes sense. As noted by Spring [1]: 5.3.x was the final feature branch of the 5th generation, with long-term support provided on JDK 8, JDK 11, JDK 17, JDK 21 and the Java EE 8 level. Open source support ended on August 31st, 2024; commercial support options remain available.
Justin [1] https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions On Tue, Nov 26, 2024 at 11:04 AM Christopher Shannon < christopher.l.shan...@gmail.com> wrote: > That version is probably a commercial release. This blog post talks about > version 5.3.42 as commercial > https://spring.io/blog/2024/11/15/spring-framework-cve-2024-38828-published > > So obviously we won't be upgrading to anything beyond 5.3.39 as that is the > last open source release. > > On Tue, Nov 26, 2024 at 11:50 AM Justin Bertram <jbert...@apache.org> > wrote: > > > > ...5.3.41 resolves those vulnerabilities. > > > > There is no release for Spring 5.3.41. It is not tagged in their repo [1] > > and it is not in Maven [2]. > > > > > What version of AMQ will be updating Spring to that version? > > > > That remains to be seen since Spring 5.3.41 isn't yet released. > > Furthermore, 5.3.40 is also not yet released. > > > > > Shouldn't AMQ include the latest Spring? > > > > Based on the evidence Spring 5.3.39 _is_ the latest release. > > > > What has given you the impression that Spring 5.3.41 is available? > > > > > > Justin > > > > [1] https://github.com/spring-projects/spring-framework/tags > > [2] https://repo1.maven.org/maven2/org/springframework/spring-core/ > > > > On Tue, Nov 26, 2024 at 10:20 AM Matthew Gay > > <matthew....@broadcom.com.invalid> wrote: > > > > > Sorry, I got my versions mixed up. > > > > > > Spring 5.3.39 is currently shipped with AMQ and is vulnerable. > > > 5.3.41 resolves those vulnerabilities. > > > > > > What version of AMQ will be updating Spring to that version? > > > I see on your link provided (thank you) that it is still 5.3.39 with a > > > release date of late December. > > > > > > Shouldn't AMQ include the latest Spring? > > > > > > > > > Matthew Gay > > > > > > Principal Support Engineer | Agile Operations Division > > > > > > Broadcom > > > > > > matthew....@broadcom.com > > > > > > Twitter <https://twitter.com/BroadcomSW> | LinkedIn > > > <https://www.linkedin.com/company/broadcomsoftware> > > > > > > > > > *To help expedite routing to the correct SME, please follow these > > **SUGGESTIONS > > > <https://knowledge.broadcom.com/external/article?articleId=275717> > when > > > opening a DX NetOps case* > > > > > > > > > On Tue, Nov 26, 2024 at 10:57 AM Jean-Baptiste Onofré <j...@nanthrax.net > > > > > wrote: > > > > > >> Hi Matt > > >> > > >> Not sure I understand: Spring 5.18.41 doesn't exist afaik ( > > >> https://repo1.maven.org/maven2/org/springframework/spring-core/). > > >> > > >> ActiveMQ 5.18.x is using Spring 5.3.39. > > >> > > >> You can find Spring versions used on the table here: > > >> https://activemq.apache.org/components/classic/download/ (in the > > >> schedule & > > >> status section). > > >> > > >> Regards > > >> JB > > >> > > >> On Tue, Nov 26, 2024 at 4:45 PM Matthew Gay > > >> <matthew....@broadcom.com.invalid> wrote: > > >> > > >> > Hi Team, > > >> > > > >> > Is there any timeline or versioning available for when AMQ will > update > > >> to > > >> > Spring 5.18.41? > > >> > > > >> > Thanks! > > >> > Matt > > >> > > > >> > > > >> > Matthew Gay > > >> > > > >> > Principal Support Engineer | Agile Operations Division > > >> > > > >> > Broadcom > > >> > > > >> > matthew....@broadcom.com > > >> > > > >> > Twitter <https://twitter.com/BroadcomSW> | LinkedIn > > >> > <https://www.linkedin.com/company/broadcomsoftware> > > >> > > > >> > > > >> > *To help expedite routing to the correct SME, please follow these > > >> **SUGGESTIONS > > >> > <https://knowledge.broadcom.com/external/article?articleId=275717> > > when > > >> > opening a DX NetOps case* > > >> > > > >> > This electronic communication and the information and any files > > >> > transmitted with it, or attached to it, are confidential and are > > >> intended > > >> > solely for the use of the individual or entity to whom it is > addressed > > >> and > > >> > may contain information that is confidential, legally privileged, > > >> protected > > >> > by privacy laws, or otherwise restricted from disclosure to anyone > > >> else. If > > >> > you are not the intended recipient or the person responsible for > > >> delivering > > >> > the e-mail to the intended recipient, you are hereby notified that > any > > >> use, > > >> > copying, distributing, dissemination, forwarding, printing, or > copying > > >> of > > >> > this e-mail is strictly prohibited. If you received this e-mail in > > >> error, > > >> > please return the e-mail to the sender, delete it from your > computer, > > >> and > > >> > destroy any printed copy of it. > > >> > > > > > > This electronic communication and the information and any files > > > transmitted with it, or attached to it, are confidential and are > intended > > > solely for the use of the individual or entity to whom it is addressed > > and > > > may contain information that is confidential, legally privileged, > > protected > > > by privacy laws, or otherwise restricted from disclosure to anyone > else. > > If > > > you are not the intended recipient or the person responsible for > > delivering > > > the e-mail to the intended recipient, you are hereby notified that any > > use, > > > copying, distributing, dissemination, forwarding, printing, or copying > of > > > this e-mail is strictly prohibited. If you received this e-mail in > error, > > > please return the e-mail to the sender, delete it from your computer, > and > > > destroy any printed copy of it. > > >
