• CVE‑2024‑6763
• CVE‑2025‑68161

To address these issues, ActiveMQ has been updated to version 6.2.0.

In addition to the official package, the following component updates might be required:

• log4j updated to 2.25.3 at a minimum
• Spring JARs replaced with HeroDevs versions

Although the Apache Tomcat version is not being updated in Q1, the tomcat‑juli update is included to address customer concerns.

Potential Impact: See the CVE records for additional information.