Hi,
Agree: we just talked about that with Justin.
I will prepare a PR for website to clearly state ActiveMQ in regards of
log4j2 vulnerability.
Regards
JB
On 13/12/2021 16:13, Eugene Vigoutov wrote:
We are using 5.16 version
Seems like it is using log4j 1.2.17 which Is not vulnerable
I think that posting the versions and the status (infected/not infected) will
be great help
From: Chittaranjan Panda <chittaran...@hotmail.com>
Sent: Monday, 13 December 2021 16:32
To: users@activemq.apache.org
Subject: Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?
[https://s3.amazonaws.com/staticmediafiles/media/sights/iron-icon-color.png]
IRONSCALES couldn't recognize this email as this is the first time you received an
email from this sender chittaran...@hotmail.com<mailto:chittaran...@hotmail.com>
Hi,
Is Apache Artemis 2.18.0 is affected by log4j vulnerability ?
I found in dependencies it uses jboss-logging (
https://mvnrepository.com/artifact/org.jboss.logging/jboss-logging/3.4.2.Final
)
which contains log4j-api 2.11.2 and log4j 1.2.16 and in test dependencies
uses log4j-core 2.11.2.
Any help and clarification on this topic.
Thank you in advance
On Mon, Dec 13, 2021 at 7:46 PM Justin Bertram wrote:
ActiveMQ Artemis doesn't use/ship any version of Log4J so CVE-2021-44228
doesn't impact it.
Justin
On Mon, Dec 13, 2021 at 7:40 AM Benny K wrote:
Hi all,
we have two different Active MQ versions in production-use:
- Active MQ 5.8.0
- Active MQ Artemis 2.17.0
is it right that they both are using log4j-1.2.17 and they are NOT
affected by the log4j vulnerability / "log4shell"?
Any help would be really great. :-)
Thanks and Best Regards
Benjamin
