Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

Woops, my mailbox was out of sync and I didn't see all the responses. Sorry for the noise! On 2022-01-08, 9:24 PM, "Tetreault, Lucas" wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know

Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

Hi Deepti, There is some information on the website that should answer all your questions: https://activemq.apache.org/news/cve-2021-44228. - Lucas On 2022-01-08, 2:38 AM, "Deepti Sharma S" wrote: CAUTION: This email originated from outside of the organization. Do not click links or

Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

For what it's worth, it's already noted on the index page as well as the "News" page as well as noted in multiple emails on both the users and dev mailing lists. Even searches for "activemq CVE-2021-44228" on DuckDuckGo, Google, or Bing provide the relevant information in the first few results. In

Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

February as already said on the mailing list. > Le 8 janv. 2022 à 18:42, Deepti Sharma S > a écrit : > > Hello Jean, > > When is the plan to release 5.17.x version? > > > Regards, > Deepti Sharma > PMP® & ITIL > > > -Original Message- > From: Jean-Baptiste Onofre > Sent: Satur

RE: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

Hello Jean, When is the plan to release 5.17.x version? Regards, Deepti Sharma PMP® & ITIL -Original Message- From: Jean-Baptiste Onofre Sent: Saturday, January 8, 2022 9:37 PM To: users@activemq.apache.org Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical) Hi

Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

Hi Tim, Good idea, I think it would be helpful to have it directly on index page and contact yeah. I can do the change if everyone agree. Thanks ! Regards JB > Le 8 janv. 2022 à 16:44, Tim Bain a écrit : > > JB, should we put that link somewhere prominent on > https://activemq.apache.org/co

Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

JB, should we put that link somewhere prominent on https://activemq.apache.org/contact for a few months? I believe all the users who posted questions about the CVE were first-time posters who likely went to that page before posting questions, so we might be able to save everyone the time and frustr

Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

Hi, Again, a new time: https://activemq.apache.org/news/cve-2021-44228 AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE because they are using log4j 1.x ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. Regards JB > Le 8 janv. 2022 à 11:35, Deepti Sharma S > a é

Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)

Hello Team, As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), can you please confirm, when we have ActiveMQ all, version release which has this vulnerability fix and has Log4J version 2.17? Regards, Deepti Sharma PMP(r) & ITIL