You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Alexei Yarilovets (Jira)" <ji...@apache.org> on 2022/02/10 08:20:00 UTC
[jira] [Commented] (AMQ-8475) ActiveMQ uses log4j 1.2.17
[ https://issues.apache.org/jira/browse/AMQ-8475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17490026#comment-17490026 ]
Alexei Yarilovets commented on AMQ-8475:
----------------------------------------
Found one: https://issues.apache.org/jira/browse/LOG4J2-3388
[~robbie] Any assumptions when it will be fixed?
> ActiveMQ uses log4j 1.2.17
> --------------------------
>
> Key: AMQ-8475
> URL: https://issues.apache.org/jira/browse/AMQ-8475
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.16.3
> Reporter: Alexei Yarilovets
> Priority: Major
> Labels: docker, logging, security-issue
>
> ActiveMQ server uses old log4j library with CVEs with critical severity
> Tested here:
> [https://search.maven.org/artifact/org.apache.activemq/activemq-all/5.16.3/jar]
> ActiveMQ uses log4j 1.2.17
--
This message was sent by Atlassian Jira
(v8.20.1#820001)