The Apache process requires sending notification emails to the relevant mailing lists first, then ASF security pushes the CVE to the central database.
Justin On Wed, Mar 4, 2026 at 2:43 PM Casey A. Owen via users < [email protected]> wrote: > One last question, just to make sure I understand y’all’s processes: > > Does Apache typically update the website at the same time email > notifications are issued, or is it updated on a less frequent basis? I’d > like to make sure we’re monitoring the most current source. > > > > *From:* Christopher Shannon <[email protected]> > *Sent:* Tuesday, March 3, 2026 6:50 PM > *To:* [email protected] > *Cc:* [email protected]; [email protected]; Casey A. Owen < > [email protected]> > *Subject:* **External Email** Re: Apache ActiveMQ: CVE-2025-66168 / > CVE-2025-27533 > > > > STOP! This isNOT an SPP email. Be very cautious of any links or > attachments unless you recognize this sender and are exp > <#m_-8909847321744678736_link>͏͏ > > [image: External email] > <https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=69a781c8da34e623e6465b1c&lang=en> > > *External email * > <https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=69a781c8da34e623e6465b1c&lang=en> > > [image: External email] > <https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=69a781c8da34e623e6465b1c&lang=en> > > > > *STOP!* This is *NOT* an SPP email. > *Be very cautious* of any links or attachments unless you recognize this > sender and are expecting this email. > *Please click the "Report Phish" button if you are unsure about this > email.* > > I just pushed the missing CVE notices to the website, all of the 2025 > notices are now there. > > > > Chris > > > > On Tue, Mar 3, 2026 at 4:55 PM Jean-Baptiste Onofré <[email protected]> > wrote: > > Hi, > > I am currently reviewing the security advisories. I have also received > several inquiries from the community regarding the possibility of a new > 5.18.x release that includes only the latest CVE fixes. > > I will begin preparing that release soon. > > Regards, > JB > > On Tue, Mar 3, 2026 at 3:13 PM Casey A. Owen via users < > [email protected]> wrote: > > > Hello, > > > > Could someone please clarify why the listed CVEs are not documented in > the > > Apache ActiveMQ Classic Security Advisories at > > https://activemq.apache.org/components/classic/security? > > > > Thank you for your prompt attention to this matter, > > > > > > Casey Owen | Sr Applications Analyst > > > > > >
