Deepti,

Qouting Justin from a recent thread, "the current plan is to put a release
up for vote at the end of January. All community members can vote on the
release for 3 days, and if the vote passes then the release should be done
in early February."

Tim

On Tue, Jan 18, 2022, 8:39 AM Justin Bertram <jbert...@apache.org> wrote:

> > when we download the Active Mq from below Maven link the jar name is "
> ActiveMQ all", however I could not found this from Active MQ website.
>
> All Maven artifacts are built from the source code. You can find links to
> all the ActiveMQ source code repositories on the website [1]. You need to
> look in the actual repository to see the code for a specific Maven module
> like "activemq-all" which can be found here [2].
>
> > I might miss the release date for 5.17...
>
> If you miss anything on the users mailing list you can go back and review
> the archive [3] which is linked from the website [4].
>
>
> Justin
>
> [1] https://activemq.apache.org/contributing
> [2] https://github.com/apache/activemq/tree/main/activemq-all
> [3] https://lists.apache.org/list.html?users@activemq.apache.org
> [4] https://activemq.apache.org/contact
>
> On Tue, Jan 18, 2022 at 9:06 AM Deepti Sharma S
> <deepti.s.sha...@ericsson.com.invalid> wrote:
>
> > Hello Justin,
> >
> > The question is , when we download the Active Mq from below Maven link
> the
> > jar name is " ActiveMQ all", however I could not found this from Active
> MQ
> > website.
> >
> > I might miss the release date for 5.17, it would be helpful, if you could
> > confirm the release date for the same.
> >
> >
> > Regards,
> > Deepti Sharma
> > PMP® & ITIL
> >
> >
> > -----Original Message-----
> > From: Justin Bertram <jbert...@apache.org>
> > Sent: Tuesday, January 18, 2022 8:33 PM
> > To: users@activemq.apache.org
> > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical)
> >
> > > Does Active MQ all (//
> > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all
> > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as
> > Active MQ Classic?
> >
> > I don't understand the question. What exactly are you asking here?
> >
> > > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x?
> >
> > This question has *already* been answered on this thread (and many other
> > places on this mailing list).
> >
> >
> > Justin
> >
> > On Tue, Jan 18, 2022 at 8:27 AM Deepti Sharma S <
> > deepti.s.sha...@ericsson.com.invalid> wrote:
> >
> > > Hello All,
> > >
> > > 2 questions:
> > > Does Active MQ all (//
> > > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all
> > > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as
> > > Active MQ Classic?
> > > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x?
> > >
> > >
> > > Regards,
> > > Deepti Sharma
> > > PMP® & ITIL
> > >
> > >
> > > -----Original Message-----
> > > From: Justin Bertram <jbert...@apache.org>
> > > Sent: Sunday, January 9, 2022 1:29 AM
> > > To: users@activemq.apache.org
> > > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0
> > > (Critical)
> > >
> > > For what it's worth, it's already noted on the index page as well as
> > > the "News" page as well as noted in multiple emails on both the users
> > > and dev mailing lists. Even searches for "activemq CVE-2021-44228" on
> > > DuckDuckGo, Google, or Bing provide the relevant information in the
> > first few results.
> > > In my opinion if folks aren't finding the information it's because
> > > they aren't looking. There's always going to be folks like that
> > unfortunately.
> > >
> > >
> > > Justin
> > >
> > >
> > > On Sat, Jan 8, 2022 at 10:07 AM Jean-Baptiste Onofre <j...@nanthrax.net>
> > > wrote:
> > >
> > > > Hi Tim,
> > > >
> > > > Good idea, I think it would be helpful to have it directly on index
> > > > page and contact yeah.
> > > >
> > > > I can do the change if everyone agree.
> > > >
> > > > Thanks !
> > > >
> > > > Regards
> > > > JB
> > > >
> > > > > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit
> :
> > > > >
> > > > > JB, should we put that link somewhere prominent on
> > > > > https://activemq.apache.org/contact for a few months? I believe
> > > > > all the users who posted questions about the CVE were first-time
> > > > > posters who
> > > > likely
> > > > > went to that page before posting questions, so we might be able to
> > > > > save everyone the time and frustration by heading off the question
> > > > > for
> > > folks.
> > > > >
> > > > > Tim
> > > > >
> > > > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre
> > > > > <j...@nanthrax.net>
> > > > wrote:
> > > > >
> > > > >> Hi,
> > > > >>
> > > > >> Again, a new time:
> > > > >>
> > > > >> https://activemq.apache.org/news/cve-2021-44228
> > > > >>
> > > > >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE
> > > > >> because they are using log4j 1.x
> > > > >>
> > > > >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1.
> > > > >>
> > > > >> Regards
> > > > >> JB
> > > > >>
> > > > >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S
> > > > >>> <deepti.s.sha...@ericsson.com
> > > > .INVALID>
> > > > >> a écrit :
> > > > >>>
> > > > >>> Hello Team,
> > > > >>>
> > > > >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0
> > > > >>> (Critical),
> > > > can
> > > > >> you please confirm, when we have ActiveMQ all, version release
> > > > >> which has this vulnerability fix and has Log4J version 2.17?
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>> Regards,
> > > > >>> Deepti Sharma
> > > > >>> PMP(r) & ITIL
> > > > >>>
> > > > >>>
> > > > >>
> > > > >>
> > > >
> > > >
> > >
> > >
> >
> >
>

Reply via email to