You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2021/12/14 21:04:00 UTC

[jira] [Commented] (AMQ-8433) Request for a formal response from Active MQ regarding Log4j vulnerability against CVE-2021-44228

    [ https://issues.apache.org/jira/browse/AMQ-8433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459484#comment-17459484 ] 

Justin Bertram commented on AMQ-8433:
-------------------------------------

See https://activemq.apache.org/news/cve-2021-44228.

> Request for a formal response from Active MQ regarding Log4j vulnerability against CVE-2021-44228
> -------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-8433
>                 URL: https://issues.apache.org/jira/browse/AMQ-8433
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 5.15.15
>            Reporter: Imran Ali
>            Priority: Major
>
> Hi Guys, 
> Active MQ is still using Log4j v1 and although its not directly impacted by the vulnerability CVE-2021-44228 we are getting follow up questions from the customers on what is the formal timeline for Active MQ to transitioned to the latest version of log4j.
> Can you please let us know what are the plans regarding this. 
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)