Details of security problems fixed in released versions of individual Apache ActiveMQ components are detailed at:
We strongly encourage people to report security problems privately using the security mailing list of the ASF Security Team before disclosing them in a public forum. Please note, the ASF Security Team cannot accept regular bug reports or other queries. Mail sent to tthem which does not relate to security problems in Apache software will be ignored.
General questions such as those about using ActiveMQ components or whether an exiting published vulnerability applies to your application, etc, should be sent via one of our regular channels.