Skip to main content

Thanks for reaching out about our Apache ActiveMQ Support

A member of our support team — the same engineers who contribute to and maintain the code — will reach out within 1 business day to learn more about your environment and how we can help.

If you have a few free minutes.

Check out our latest blog posts on ActiveMQ

February 6, 2025 in Security, ActiveMQ, CVEs, Tomcat, TomEE

The Hidden Risk of Running End-of-Life Apache Tomcat, TomEE, and ActiveMQ

Understanding End-of-Life (EOL) Products If you’re a developer or manager, you’ve likely faced the challenge of maintaining legacy systems.  You know the delicate balance between keeping your software running, finding the resources for costly upgrades, and managing the expense of growing your team to support emerging issues. When a product like Apache Tomcat, TomEE, or ActiveMQ reaches its End-of-Life (EOL), it stops receiving critical updates and patches from the Open Source Community. This leaves your systems vulnerable to security breaches and compliance issues—a nightmare for developers maintaining these systems and managers responsible for avoiding business risks. Key Risks of Running…
Read More
November 7, 2023 in ActiveMQ, CVEs, Security

Act Now: Protecting Your ActiveMQ Broker from CVE-2023-46604

Dive into CVE-2023-46604 You may be aware that a new critical vulnerability has been discovered in ActiveMQ. This was publicly disclosed on Friday 27th October. The details of the CVE are as follows (https://activemq.apache.org/security-advisories.data/CVE-2023-46604) Apache ActiveMQ is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. ActiveMQ, by default, exposes a connector using the OpenWire protocol, and this is commonly used by clients to connect to…
Read More
October 12, 2023 in Java EE, ActiveMQ, Apache TomEE, Jakarta EE, MicroProfile, Open Source, Tomcat, TomEE

Moving from javax to jakarta namespace

This blog aims at giving some pointers in order to address the challenge related to the switch from `javax` to `jakarta` namespace. This is one of the biggest changes in Java of the latest 20 years. No doubt. The entire ecosystem is impacted. Not only Java EE or Jakarta EE Application servers, but also libraries of any kind (Jackson, CXF, Hibernate, Spring to name a few). For instance, it took Apache TomEE about a year to convert all the source code and dependencies to the new `jakarta` namespace. This blog is written from the user perspective, because the shift from…
Read More