Deepti, Qouting Justin from a recent thread, "the current plan is to put a release up for vote at the end of January. All community members can vote on the release for 3 days, and if the vote passes then the release should be done in early February."
Tim On Tue, Jan 18, 2022, 8:39 AM Justin Bertram <jbert...@apache.org> wrote: > > when we download the Active Mq from below Maven link the jar name is " > ActiveMQ all", however I could not found this from Active MQ website. > > All Maven artifacts are built from the source code. You can find links to > all the ActiveMQ source code repositories on the website [1]. You need to > look in the actual repository to see the code for a specific Maven module > like "activemq-all" which can be found here [2]. > > > I might miss the release date for 5.17... > > If you miss anything on the users mailing list you can go back and review > the archive [3] which is linked from the website [4]. > > > Justin > > [1] https://activemq.apache.org/contributing > [2] https://github.com/apache/activemq/tree/main/activemq-all > [3] https://lists.apache.org/list.html?users@activemq.apache.org > [4] https://activemq.apache.org/contact > > On Tue, Jan 18, 2022 at 9:06 AM Deepti Sharma S > <deepti.s.sha...@ericsson.com.invalid> wrote: > > > Hello Justin, > > > > The question is , when we download the Active Mq from below Maven link > the > > jar name is " ActiveMQ all", however I could not found this from Active > MQ > > website. > > > > I might miss the release date for 5.17, it would be helpful, if you could > > confirm the release date for the same. > > > > > > Regards, > > Deepti Sharma > > PMP® & ITIL > > > > > > -----Original Message----- > > From: Justin Bertram <jbert...@apache.org> > > Sent: Tuesday, January 18, 2022 8:33 PM > > To: users@activemq.apache.org > > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical) > > > > > Does Active MQ all (// > > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all > > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as > > Active MQ Classic? > > > > I don't understand the question. What exactly are you asking here? > > > > > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? > > > > This question has *already* been answered on this thread (and many other > > places on this mailing list). > > > > > > Justin > > > > On Tue, Jan 18, 2022 at 8:27 AM Deepti Sharma S < > > deepti.s.sha...@ericsson.com.invalid> wrote: > > > > > Hello All, > > > > > > 2 questions: > > > Does Active MQ all (// > > > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all > > > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as > > > Active MQ Classic? > > > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? > > > > > > > > > Regards, > > > Deepti Sharma > > > PMP® & ITIL > > > > > > > > > -----Original Message----- > > > From: Justin Bertram <jbert...@apache.org> > > > Sent: Sunday, January 9, 2022 1:29 AM > > > To: users@activemq.apache.org > > > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 > > > (Critical) > > > > > > For what it's worth, it's already noted on the index page as well as > > > the "News" page as well as noted in multiple emails on both the users > > > and dev mailing lists. Even searches for "activemq CVE-2021-44228" on > > > DuckDuckGo, Google, or Bing provide the relevant information in the > > first few results. > > > In my opinion if folks aren't finding the information it's because > > > they aren't looking. There's always going to be folks like that > > unfortunately. > > > > > > > > > Justin > > > > > > > > > On Sat, Jan 8, 2022 at 10:07 AM Jean-Baptiste Onofre <j...@nanthrax.net> > > > wrote: > > > > > > > Hi Tim, > > > > > > > > Good idea, I think it would be helpful to have it directly on index > > > > page and contact yeah. > > > > > > > > I can do the change if everyone agree. > > > > > > > > Thanks ! > > > > > > > > Regards > > > > JB > > > > > > > > > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit > : > > > > > > > > > > JB, should we put that link somewhere prominent on > > > > > https://activemq.apache.org/contact for a few months? I believe > > > > > all the users who posted questions about the CVE were first-time > > > > > posters who > > > > likely > > > > > went to that page before posting questions, so we might be able to > > > > > save everyone the time and frustration by heading off the question > > > > > for > > > folks. > > > > > > > > > > Tim > > > > > > > > > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre > > > > > <j...@nanthrax.net> > > > > wrote: > > > > > > > > > >> Hi, > > > > >> > > > > >> Again, a new time: > > > > >> > > > > >> https://activemq.apache.org/news/cve-2021-44228 > > > > >> > > > > >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE > > > > >> because they are using log4j 1.x > > > > >> > > > > >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. > > > > >> > > > > >> Regards > > > > >> JB > > > > >> > > > > >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S > > > > >>> <deepti.s.sha...@ericsson.com > > > > .INVALID> > > > > >> a écrit : > > > > >>> > > > > >>> Hello Team, > > > > >>> > > > > >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 > > > > >>> (Critical), > > > > can > > > > >> you please confirm, when we have ActiveMQ all, version release > > > > >> which has this vulnerability fix and has Log4J version 2.17? > > > > >>> > > > > >>> > > > > >>> > > > > >>> Regards, > > > > >>> Deepti Sharma > > > > >>> PMP(r) & ITIL > > > > >>> > > > > >>> > > > > >> > > > > >> > > > > > > > > > > > > > > > > > > >