You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "arne anka (Jira)" <ji...@apache.org> on 2021/12/16 09:54:00 UTC

[jira] [Created] (ARTEMIS-3611) update to most recent log4j

arne anka created ARTEMIS-3611:
----------------------------------

             Summary: update to most recent log4j
                 Key: ARTEMIS-3611
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3611
             Project: ActiveMQ Artemis
          Issue Type: Bug
          Components: Web Console
            Reporter: arne anka


While not vulnerable to the recently published issue, the web console still uses log4j 1.2.x – which is long out of support and sports a longish list of unfixed issues, and thus vulnerabilities.

Given that log4j 1.2.x is also an apache project, it is disturbing that its EOL more than 6 years ago seems not to have been noticed nor acted upon.

It should as soon as possible be updated to a secure version.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)