Is Apache Maven 1.1 patched?
Current stable (3.9.16): 100/100
1.1 has 1 open critical-or-high vulnerability. Run 3.8.1 or later to clear it. See what 3.8.1 fixes →
Summary iPlain-English security status for Apache Maven 1.1, built from its CVEs, active-exploitation data, end-of-life date and latest release.
Apache Maven 1.1 is part of the 1.1 release line. 1 known vulnerability affects it. The minimum safe version is 3.8.1 — upgrade to it or later to clear the open critical/high issues. The latest supported Apache Maven release is 3.9.16.
Known issues affecting 1.1
Exploited first, then by exploitation probability.
CVE-2021-26291 CRITICAL EPSS 9% → fixed in 3.8.1Other Apache Maven versions
Check another release line of Apache Maven.
Frequently asked
Is Apache Maven 1.1 patched?
Apache Maven 1.1 has 1 open critical-or-high vulnerability. The minimum safe version is 3.8.1 — upgrade to 3.8.1 or later to clear it.
What version should I upgrade Apache Maven 1.1 to?
Upgrade Apache Maven 1.1 to at least 3.8.1 to clear its 1 open critical-or-high vulnerability.
What is the latest version of Apache Maven?
The latest supported Apache Maven release is 3.9.16.
Is Apache Maven 1.1 still receiving security updates?
Yes — the 1.1 line is still supported and receiving security updates. The latest release is 3.9.16.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Apache's official advisory before you patch or upgrade — Apache Maven official site ↗