• CVE‑2020‑11971
• CVE‑2024‑38816
• CVE‑2024‑38819
• CVE‑2024‑38820
• CVE‑2024‑38828
• CVE‑2025‑41242
• CVE‑2025‑41249
• CVE‑2025‑68161
• CVE‑2026‑23901
• CVE‑2026‑23903

In addition, several third‑party components included with ActiveMQ require updates to address known vulnerabilities and maintain compatibility with the latest security standards. These include the following:

• log4j updated to at least 2.25.3
• Spring jars replaced with HeroDevs 5.3.49
• Camel updated to 3.22.4 or later
• Apache Shiro updated to 2.1.0 or later

Although the Apache Tomcat version is not being updated as part of Q1 maintenance, the tomcat‑juli update is included in this distribution to address customer concerns.

Potential Impact: See the CVE records for additional information.