Hello Justin, The question is , when we download the Active Mq from below Maven link the jar name is " ActiveMQ all", however I could not found this from Active MQ website.
I might miss the release date for 5.17, it would be helpful, if you could confirm the release date for the same. Regards, Deepti Sharma PMP® & ITIL -----Original Message----- From: Justin Bertram <jbert...@apache.org> Sent: Tuesday, January 18, 2022 8:33 PM To: users@activemq.apache.org Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical) > Does Active MQ all (// https://mvnrepository.com/artifact/org.apache.activemq/activemq-all implementation 'org.apache.activemq:activemq-all:5.16.3') is same as Active MQ Classic? I don't understand the question. What exactly are you asking here? > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? This question has *already* been answered on this thread (and many other places on this mailing list). Justin On Tue, Jan 18, 2022 at 8:27 AM Deepti Sharma S <deepti.s.sha...@ericsson.com.invalid> wrote: > Hello All, > > 2 questions: > Does Active MQ all (// > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as > Active MQ Classic? > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? > > > Regards, > Deepti Sharma > PMP® & ITIL > > > -----Original Message----- > From: Justin Bertram <jbert...@apache.org> > Sent: Sunday, January 9, 2022 1:29 AM > To: users@activemq.apache.org > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 > (Critical) > > For what it's worth, it's already noted on the index page as well as > the "News" page as well as noted in multiple emails on both the users > and dev mailing lists. Even searches for "activemq CVE-2021-44228" on > DuckDuckGo, Google, or Bing provide the relevant information in the first few > results. > In my opinion if folks aren't finding the information it's because > they aren't looking. There's always going to be folks like that unfortunately. > > > Justin > > > On Sat, Jan 8, 2022 at 10:07 AM Jean-Baptiste Onofre <j...@nanthrax.net> > wrote: > > > Hi Tim, > > > > Good idea, I think it would be helpful to have it directly on index > > page and contact yeah. > > > > I can do the change if everyone agree. > > > > Thanks ! > > > > Regards > > JB > > > > > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit : > > > > > > JB, should we put that link somewhere prominent on > > > https://activemq.apache.org/contact for a few months? I believe > > > all the users who posted questions about the CVE were first-time > > > posters who > > likely > > > went to that page before posting questions, so we might be able to > > > save everyone the time and frustration by heading off the question > > > for > folks. > > > > > > Tim > > > > > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre > > > <j...@nanthrax.net> > > wrote: > > > > > >> Hi, > > >> > > >> Again, a new time: > > >> > > >> https://activemq.apache.org/news/cve-2021-44228 > > >> > > >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE > > >> because they are using log4j 1.x > > >> > > >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. > > >> > > >> Regards > > >> JB > > >> > > >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S > > >>> <deepti.s.sha...@ericsson.com > > .INVALID> > > >> a écrit : > > >>> > > >>> Hello Team, > > >>> > > >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 > > >>> (Critical), > > can > > >> you please confirm, when we have ActiveMQ all, version release > > >> which has this vulnerability fix and has Log4J version 2.17? > > >>> > > >>> > > >>> > > >>> Regards, > > >>> Deepti Sharma > > >>> PMP(r) & ITIL > > >>> > > >>> > > >> > > >> > > > > > >
