Details of security problems fixed in released versions of individual Apache ActiveMQ components are detailed at:
Reporting new security problems with Apache ActiveMQ components
We strongly encourage people to report security problems privately, using the security mailing list of the ASF Security Team, before disclosing them in a public forum.
Please see the ASF Security Team pages for contact information and further detail on the process.
The ASF Security Team cannot accept regular bug reports or other queries, mail sent to tthem which does not relate to security problems in Apache software will be ignored.
General questions such as those about using ActiveMQ components, or whether an exiting published vulnerability applies to your application, etc, should be addressed to our regular channels, e.g the users mailing list. Please see the contact page for details of how to subscribe.