You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2022/10/30 15:26:00 UTC

[jira] [Commented] (AMQ-9140) Log4j Upgrade in activemq

    [ https://issues.apache.org/jira/browse/AMQ-9140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17626242#comment-17626242 ] 

Jean-Baptiste Onofré commented on AMQ-9140:
-------------------------------------------

ActiveMQ 5.17.x already use log4j 2.x, you should upgrade to this version.

With ActiveMQ 5.7.x, you have to stay with log4j 1.x (changing the artifacts to log4j 2.x won't work because the code has to be updated).

If you are concerned by CVEs, on ActiveMQ 5.16.x we upgraded to reload4j, a fork of log4j 1.x fixing CVEs.

> Log4j Upgrade in activemq
> -------------------------
>
>                 Key: AMQ-9140
>                 URL: https://issues.apache.org/jira/browse/AMQ-9140
>             Project: ActiveMQ
>          Issue Type: Bug
>         Environment:  
>  
>            Reporter: sowjanya
>            Priority: Blocker
>
> We are using activemq 5.7.0 in our application where we have log4j1.x inbuilt.
> We are planning to upgrade log4j1.x to log4j 2.17.2 in activemq. 
> We are planning to replace with below jars 
>  
> {code:java}
> log4j-1.2-api-2.17.2.jar
> log4j-core-2.17.2.jar
> log4j-api-2.17.2.jar {code}
> Can we procced upgrading with above jars or do we have any issues that might occur in future if we do so because of dependencies?
> Please let us know  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)