You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Alexei Yarilovets (Jira)" <ji...@apache.org> on 2022/02/10 08:20:00 UTC

[jira] [Commented] (AMQ-8475) ActiveMQ uses log4j 1.2.17

    [ https://issues.apache.org/jira/browse/AMQ-8475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17490026#comment-17490026 ] 

Alexei Yarilovets commented on AMQ-8475:
----------------------------------------

Found one: https://issues.apache.org/jira/browse/LOG4J2-3388
[~robbie] Any assumptions when it will be fixed?

> ActiveMQ uses log4j 1.2.17
> --------------------------
>
>                 Key: AMQ-8475
>                 URL: https://issues.apache.org/jira/browse/AMQ-8475
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.16.3
>            Reporter: Alexei Yarilovets
>            Priority: Major
>              Labels: docker, logging, security-issue
>
> ActiveMQ server uses old log4j library with CVEs with critical severity
> Tested here:
> [https://search.maven.org/artifact/org.apache.activemq/activemq-all/5.16.3/jar]
> ActiveMQ uses log4j 1.2.17



--
This message was sent by Atlassian Jira
(v8.20.1#820001)