You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "arne anka (Jira)" <ji...@apache.org> on 2021/12/16 09:54:00 UTC
[jira] [Created] (ARTEMIS-3611) update to most recent log4j
arne anka created ARTEMIS-3611:
----------------------------------
Summary: update to most recent log4j
Key: ARTEMIS-3611
URL: https://issues.apache.org/jira/browse/ARTEMIS-3611
Project: ActiveMQ Artemis
Issue Type: Bug
Components: Web Console
Reporter: arne anka
While not vulnerable to the recently published issue, the web console still uses log4j 1.2.x – which is long out of support and sports a longish list of unfixed issues, and thus vulnerabilities.
Given that log4j 1.2.x is also an apache project, it is disturbing that its EOL more than 6 years ago seems not to have been noticed nor acted upon.
It should as soon as possible be updated to a secure version.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)