Hi Tim, Good idea, I think it would be helpful to have it directly on index page and contact yeah.
I can do the change if everyone agree. Thanks ! Regards JB > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit : > > JB, should we put that link somewhere prominent on > https://activemq.apache.org/contact for a few months? I believe all the > users who posted questions about the CVE were first-time posters who likely > went to that page before posting questions, so we might be able to save > everyone the time and frustration by heading off the question for folks. > > Tim > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre <j...@nanthrax.net> wrote: > >> Hi, >> >> Again, a new time: >> >> https://activemq.apache.org/news/cve-2021-44228 >> >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE because they >> are using log4j 1.x >> >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. >> >> Regards >> JB >> >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S >>> <deepti.s.sha...@ericsson.com.INVALID> >> a écrit : >>> >>> Hello Team, >>> >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), can >> you please confirm, when we have ActiveMQ all, version release which has >> this vulnerability fix and has Log4J version 2.17? >>> >>> >>> >>> Regards, >>> Deepti Sharma >>> PMP(r) & ITIL >>> >>> >> >>