You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Imran Ali (Jira)" <ji...@apache.org> on 2022/02/04 16:19:00 UTC

[jira] [Created] (AMQ-8474) Log4J 1.x vulnerabilities query for CVE-2022-23307

Imran Ali created AMQ-8474:
------------------------------

             Summary: Log4J 1.x vulnerabilities query for CVE-2022-23307
                 Key: AMQ-8474
                 URL: https://issues.apache.org/jira/browse/AMQ-8474
             Project: ActiveMQ
          Issue Type: Bug
    Affects Versions: 5.16.3
            Reporter: Imran Ali


Hi,

There is a new vulnerability discovered against log4j 1.x [CVE - CVE-2022-23307 (mitre.org)|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307]. Is there any formal product statement if the latest version of ActiveMQ is impacted by this vulnerability and if so what areas are impacted and how can we mitigate this vulnerability. 

 

Regards,

Arc



--
This message was sent by Atlassian Jira
(v8.20.1#820001)