For what it's worth, it's already noted on the index page as well as the "News" page as well as noted in multiple emails on both the users and dev mailing lists. Even searches for "activemq CVE-2021-44228" on DuckDuckGo, Google, or Bing provide the relevant information in the first few results. In my opinion if folks aren't finding the information it's because they aren't looking. There's always going to be folks like that unfortunately.
Justin On Sat, Jan 8, 2022 at 10:07 AM Jean-Baptiste Onofre <j...@nanthrax.net> wrote: > Hi Tim, > > Good idea, I think it would be helpful to have it directly on index page > and contact yeah. > > I can do the change if everyone agree. > > Thanks ! > > Regards > JB > > > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit : > > > > JB, should we put that link somewhere prominent on > > https://activemq.apache.org/contact for a few months? I believe all the > > users who posted questions about the CVE were first-time posters who > likely > > went to that page before posting questions, so we might be able to save > > everyone the time and frustration by heading off the question for folks. > > > > Tim > > > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre <j...@nanthrax.net> > wrote: > > > >> Hi, > >> > >> Again, a new time: > >> > >> https://activemq.apache.org/news/cve-2021-44228 > >> > >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE because they > >> are using log4j 1.x > >> > >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. > >> > >> Regards > >> JB > >> > >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S <deepti.s.sha...@ericsson.com > .INVALID> > >> a écrit : > >>> > >>> Hello Team, > >>> > >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), > can > >> you please confirm, when we have ActiveMQ all, version release which has > >> this vulnerability fix and has Log4J version 2.17? > >>> > >>> > >>> > >>> Regards, > >>> Deepti Sharma > >>> PMP(r) & ITIL > >>> > >>> > >> > >> > >
