Re: [PR] FINERACT-2580: Bump Spring Boot 3.5.13 and patch security CVEs [fineract]

via GitHub Thu, 23 Apr 2026 09:14:04 -0700


Aman-Mittal commented on code in PR #5794:
URL: https://github.com/apache/fineract/pull/5794#discussion_r3132194706



##########
buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle:
##########
@@ -188,7 +188,7 @@ dependencyManagement {
 
         dependency 
'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.23.1'
 
-        dependency ('org.apache.activemq:activemq-client:6.1.6') {
+        dependency ('org.apache.activemq:activemq-client:6.2.4') {

Review Comment:
   @adamsaghy please see 
https://advisories.gitlab.com/maven/org.apache.activemq/activemq-broker/CVE-2026-39304
   
   it clearly states memory related changes due to CVE



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] FINERACT-2580: Bump Spring Boot 3.5.13 and patch security CVEs [fineract]

Reply via email to