Re: [VOTE] Apache ActiveMQ 6.1.0 release

Hi Matt, I tested it on MacOS with zsh. I didn't have any issues. Let me double check. Thanks for the report! Regards JB On Thu, Mar 7, 2024 at 10:47 PM Matt Pavlovich wrote: > > Heads up— while working on another fix, I may have stubbled on a regression > caused by the change below and may

Re: [VOTE] Apache ActiveMQ 6.1.0 release

Heads up— while working on another fix, I may have stubbled on a regression caused by the change below and may need to revert my +1 to a -1 Support space in filename: https://github.com/apache/activemq/pull/1162 INFO: Using default configuration Configurations are loaded in the following

Re: [VOTE] Apache ActiveMQ 6.1.0 release

+1 (binding) - Downloaded dist tar.gz archive and confirmed various configurations using JDK 21 - Tested web console demo examples - Tested web console functions - Reviewed JIRA and release notes Thanks, Matt Pavlovich > On Mar 5, 2024, at 11:38 AM, Jean-Baptiste Onofré wrote: > > Hi guys,

Re: [VOTE] Apache ActiveMQ 6.1.0 release

+1 Cheers, Jamie On Thu, Mar 7, 2024 at 4:43 AM Francois Papon wrote: > > +1 (non-binding) > > I made some tests on local projects. > > Thanks JB for the release! > > regards, > > François > > On 05/03/2024 18:38, Jean-Baptiste Onofré wrote: > > Hi guys, > > > > I submit Apache ActiveMQ

Re: CVE-2024-22243 Spring Framework Open Redirect Vulnerability - ActiveMQ 5.3.30

Thank you. Sorry about that. Is there a release date on 5.18.4? And furthermore - is ActiveMQ even vulnerable to this on versions below 5.18.4? On Thu, Mar 7, 2024 at 10:24 AM Jean-Baptiste Onofré wrote: > Hi Matt, > > I think you are missing the ActiveMQ version and Spring version. > >

Re: CVE-2024-22243 Spring Framework Open Redirect Vulnerability - ActiveMQ 5.3.30

Hi Matt, I think you are missing the ActiveMQ version and Spring version. 5.3.30 is the Spring version, used in ActiveMQ 5.18.x. ActiveMQ 5.18.4 will upgrade to Spring 5.3.31 fixing the CVE. Regards JB On Thu, Mar 7, 2024 at 2:25 PM Matthew Gay wrote: > > Good Morning, > > We are receiving

CVE-2024-22243 Spring Framework Open Redirect Vulnerability - ActiveMQ 5.3.30

Good Morning, We are receiving scan reports regarding ActiveMQ being vulnerable to the above CVE. We have seen a couple emails that allude to ActiveMQ not being vulnerable. However, we are looking for a more official response indicating if it is, or is not vulnerable. And to add - when an

Re: [VOTE] Apache ActiveMQ 6.1.0 release

+1 (non-binding) I made some tests on local projects. Thanks JB for the release! regards, François On 05/03/2024 18:38, Jean-Baptiste Onofré wrote: Hi guys, I submit Apache ActiveMQ "Classic" 6.1.0 release to your vote. This release includes: - New JMS2/3 operations support - Mapping