Just replace the related jar files in the distribution.
> Am 05.05.2026 um 12:27 schrieb COURTAULT Francois
> <[email protected]>:
>
> THALES GROUP LIMITED DISTRIBUTION to email recipients
>
> Hello,
>
> Congrats for this new release 😊
>
> Regarding ActiveMQ, I agree that ActiveMQ 6.2.5 has been released 15 days
> after 6.2.4 so quite difficult to integrate in TomEE 10.1.5.
> Do you think there is high risk if I update ActiveMQ to 6.2.5 instead of
> 6.2.4 (7 jars to update) ?
>
> Why not integrating neethi 3.2.2 instead of neethi 3.2.1 which fixes 1
> critical CVE: CVE-2026-42403 ? Is it because it hasn't been tag as Latest ?
> Same question: high risk if I update neethi 3.2.1 by neethi 3.2.2 ?
>
> Best Regards.
>
> -----Original Message-----
> From: Markus Jung <[email protected]>
> Sent: mardi 5 mai 2026 10:30
> To: [email protected]; [email protected]; [email protected]
> Subject: [ANNOUNCE] Apache TomEE 10.1.5
>
> The Apache TomEE team is pleased to announce the general availability of
> TomEE 10.1.5
>
> Apache TomEE delivers enterprise application containers and services based
> on, but not limited to the Enterprise JavaBeans Specification and
> Java/Jakarta Enterprise Edition Specifications.
>
> This release ships fixes related to the implementation of the
> @OpenIdAuthenticationMechanismDefinition, fixes an issue with resource
> construction, has a small improvement in logging, and features the usual
> dependency upgrades.
>
> Full release notes: https://tomee.apache.org/10.1.5/release-notes.html
>
> Downloads are available at: https://tomee.apache.org/download.html
>
> - The Apache TomEE Team
>
>
