CVE-2021-44228 describes an issue with Log4j2 <=2.14. However, ActiveMQ
5.8.0 doesn't use any version of Log4j2. No patch should be necessary.


Justin

On Tue, Dec 14, 2021 at 1:11 PM Martin Piattini <mpiatt...@pkglobal.com>
wrote:

> Hi
> In a client I am working they use SAP PO and ActiveMQ 5.8.0 for some years.
> Now we receive a note for the "log4j (CVE-2021-44228) vulnerability" and
> checking the SAP O and the version of ActiveMQ 5.8.0 has this vulnerability.
> For SAP PO SAP sent a fix today to solve the issue.
> For ActiveMQ we think probably new version of ActiveMQ will solve it?
> But also need to be compatible with SAP PO.
>
> So I ask the community here to some advice.
> If someone already encounter this issue and solved it and also some
> evidence of the issue fix by ActiveMq (some doc or note) to justified the
> upgrade.
>
> Thanks!
> Regards
> Martin
>
> ____________________________________________
>
> Martin Piattini Velthuis, PMP - SAP CPI/PO/PI Consultant
>
> PK – the Experience Engineering firm
>
> M + 54 9 11 5644-8108
>
> mpiatt...@pkglobal.com<mailto:xxxxx...@pkglobal.com>
>
>
>
>

Reply via email to