Is Apache Maven 3.5.4 patched?
Current stable (3.9.16): 100/100
3.5.4 has 1 open critical-or-high vulnerability. Run 3.8.1 or later to clear it. See what 3.8.1 fixes →
Summary iPlain-English security status for Apache Maven 3.5.4, built from its CVEs, active-exploitation data, end-of-life date and latest release.
Apache Maven 3.5.4 is part of the 3.5 release line. 1 known vulnerability affects it. The minimum safe version is 3.8.1 — upgrade to it or later to clear the open critical/high issues. The 3.5 line reached end-of-life on 2018-10-24, so it no longer receives security patches. The latest supported Apache Maven release is 3.9.16.
Known issues affecting 3.5.4
Exploited first, then by exploitation probability.
CVE-2021-26291 CRITICAL EPSS 9% → fixed in 3.8.1Other Apache Maven versions
Check another release line of Apache Maven.
Frequently asked
Is Apache Maven 3.5.4 patched?
Apache Maven 3.5.4 is end-of-life and no longer receives security patches. Move to 3.9.16.
What version should I upgrade Apache Maven 3.5.4 to?
Upgrade Apache Maven 3.5.4 to at least 3.8.1 to clear its 1 open critical-or-high vulnerability.
When does Apache Maven 3.5 reach end-of-life?
Apache Maven 3.5 reached end-of-life on 2018-10-24 and no longer receives security patches.
What is the latest version of Apache Maven?
The latest supported Apache Maven release is 3.9.16.
Is Apache Maven 3.5.4 still receiving security updates?
No — Apache Maven 3.5.4 is on the 3.5 line, which reached end-of-life on 2018-10-24 and no longer receives security updates. Upgrade to 3.9.16 or later to stay supported.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Apache's official advisory before you patch or upgrade — Apache Maven official site ↗