You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Domenico Francesco Bruscino (Jira)" <ji...@apache.org> on 2022/05/18 09:30:00 UTC

[jira] [Closed] (ARTEMIS-3839) Upgrade jboss-logging 3.4.3.Final dependency due to false-positive vulnerability reports

     [ https://issues.apache.org/jira/browse/ARTEMIS-3839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Domenico Francesco Bruscino closed ARTEMIS-3839.
------------------------------------------------
    Resolution: Duplicate

> Upgrade jboss-logging 3.4.3.Final dependency due to false-positive vulnerability reports 
> -----------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-3839
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3839
>             Project: ActiveMQ Artemis
>          Issue Type: Dependency upgrade
>          Components: Broker
>    Affects Versions: 2.22.0
>            Reporter: Dominik Lenoch
>            Priority: Minor
>   Original Estimate: 10m
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Upgrade org.jboss.logging:jboss-logging due to dependency on old version of log4j with known vulnerabilities. These vulnerabilities do not apply to jboss-logging, log4j is only used there for facades, but the scan reports false positive vulnerabilities due to this. 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)