Hi,

Again, a new time:

https://activemq.apache.org/news/cve-2021-44228

AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE because they are 
using log4j 1.x

ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1.

Regards
JB

> Le 8 janv. 2022 à 11:35, Deepti Sharma S 
> <deepti.s.sha...@ericsson.com.INVALID> a écrit :
> 
> Hello Team,
> 
> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), can you 
> please confirm, when we have ActiveMQ all, version release which has this 
> vulnerability fix and has Log4J version 2.17?
> 
> 
> 
> Regards,
> Deepti Sharma
> PMP(r) & ITIL
> 
> 

Reply via email to