You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Imran Ali (Jira)" <ji...@apache.org> on 2022/02/05 18:27:00 UTC

[jira] [Commented] (AMQ-8474) Log4j 1.x vulnerabilities query for CVE-2022-23307

    [ https://issues.apache.org/jira/browse/AMQ-8474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487535#comment-17487535 ] 

Imran Ali commented on AMQ-8474:
--------------------------------

[~jbonofre]  - Any ETA on 5.16.4 release?

> Log4j 1.x vulnerabilities query for CVE-2022-23307
> --------------------------------------------------
>
>                 Key: AMQ-8474
>                 URL: https://issues.apache.org/jira/browse/AMQ-8474
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.16.3
>            Reporter: Imran Ali
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> Hi,
> There is a new vulnerability discovered against log4j 1.x [CVE - CVE-2022-23307 (mitre.org)|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307]. Is there any formal product statement if the latest version of ActiveMQ is impacted by this vulnerability and if so what areas are impacted and how can we mitigate this vulnerability. 
>  
> Regards,
> Arc



--
This message was sent by Atlassian Jira
(v8.20.1#820001)