Hello Jean, When is the plan to release 5.17.x version?
Regards, Deepti Sharma PMP® & ITIL -----Original Message----- From: Jean-Baptiste Onofre <j...@nanthrax.net> Sent: Saturday, January 8, 2022 9:37 PM To: users@activemq.apache.org Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical) Hi Tim, Good idea, I think it would be helpful to have it directly on index page and contact yeah. I can do the change if everyone agree. Thanks ! Regards JB > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit : > > JB, should we put that link somewhere prominent on > https://activemq.apache.org/contact for a few months? I believe all > the users who posted questions about the CVE were first-time posters > who likely went to that page before posting questions, so we might be > able to save everyone the time and frustration by heading off the question > for folks. > > Tim > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre <j...@nanthrax.net> wrote: > >> Hi, >> >> Again, a new time: >> >> https://activemq.apache.org/news/cve-2021-44228 >> >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE because >> they are using log4j 1.x >> >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. >> >> Regards >> JB >> >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S >>> <deepti.s.sha...@ericsson.com.INVALID> >> a écrit : >>> >>> Hello Team, >>> >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), >>> can >> you please confirm, when we have ActiveMQ all, version release which >> has this vulnerability fix and has Log4J version 2.17? >>> >>> >>> >>> Regards, >>> Deepti Sharma >>> PMP(r) & ITIL >>> >>> >> >>
