> Does Active MQ all (// https://mvnrepository.com/artifact/org.apache.activemq/activemq-all implementation 'org.apache.activemq:activemq-all:5.16.3') is same as Active MQ Classic?
I don't understand the question. What exactly are you asking here? > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? This question has *already* been answered on this thread (and many other places on this mailing list). Justin On Tue, Jan 18, 2022 at 8:27 AM Deepti Sharma S <deepti.s.sha...@ericsson.com.invalid> wrote: > Hello All, > > 2 questions: > Does Active MQ all (// > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as > Active MQ Classic? > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? > > > Regards, > Deepti Sharma > PMP® & ITIL > > > -----Original Message----- > From: Justin Bertram <jbert...@apache.org> > Sent: Sunday, January 9, 2022 1:29 AM > To: users@activemq.apache.org > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical) > > For what it's worth, it's already noted on the index page as well as the > "News" page as well as noted in multiple emails on both the users and dev > mailing lists. Even searches for "activemq CVE-2021-44228" on DuckDuckGo, > Google, or Bing provide the relevant information in the first few results. > In my opinion if folks aren't finding the information it's because they > aren't looking. There's always going to be folks like that unfortunately. > > > Justin > > > On Sat, Jan 8, 2022 at 10:07 AM Jean-Baptiste Onofre <j...@nanthrax.net> > wrote: > > > Hi Tim, > > > > Good idea, I think it would be helpful to have it directly on index > > page and contact yeah. > > > > I can do the change if everyone agree. > > > > Thanks ! > > > > Regards > > JB > > > > > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit : > > > > > > JB, should we put that link somewhere prominent on > > > https://activemq.apache.org/contact for a few months? I believe all > > > the users who posted questions about the CVE were first-time posters > > > who > > likely > > > went to that page before posting questions, so we might be able to > > > save everyone the time and frustration by heading off the question for > folks. > > > > > > Tim > > > > > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre <j...@nanthrax.net> > > wrote: > > > > > >> Hi, > > >> > > >> Again, a new time: > > >> > > >> https://activemq.apache.org/news/cve-2021-44228 > > >> > > >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE because > > >> they are using log4j 1.x > > >> > > >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. > > >> > > >> Regards > > >> JB > > >> > > >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S > > >>> <deepti.s.sha...@ericsson.com > > .INVALID> > > >> a écrit : > > >>> > > >>> Hello Team, > > >>> > > >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 > > >>> (Critical), > > can > > >> you please confirm, when we have ActiveMQ all, version release > > >> which has this vulnerability fix and has Log4J version 2.17? > > >>> > > >>> > > >>> > > >>> Regards, > > >>> Deepti Sharma > > >>> PMP(r) & ITIL > > >>> > > >>> > > >> > > >> > > > > > >
