You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2021/12/16 18:02:00 UTC

[jira] [Resolved] (ARTEMIS-3611) update to most recent log4j

     [ https://issues.apache.org/jira/browse/ARTEMIS-3611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Justin Bertram resolved ARTEMIS-3611.
-------------------------------------
    Resolution: Information Provided

> update to most recent log4j
> ---------------------------
>
>                 Key: ARTEMIS-3611
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3611
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Web Console
>            Reporter: arne anka
>            Priority: Major
>
> While not vulnerable to the recently published issue, the web console still uses log4j 1.2.x – which is long out of support and sports a longish list of unfixed issues, and thus vulnerabilities.
> Given that log4j 1.2.x is also an apache project, it is disturbing that its EOL more than 6 years ago seems not to have been noticed nor acted upon.
> It should as soon as possible be updated to a secure version.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)