CVE-2021-44228 describes an issue with Log4j2 <=2.14. However, ActiveMQ 5.8.0 doesn't use any version of Log4j2. No patch should be necessary.
Justin On Tue, Dec 14, 2021 at 1:11 PM Martin Piattini <mpiatt...@pkglobal.com> wrote: > Hi > In a client I am working they use SAP PO and ActiveMQ 5.8.0 for some years. > Now we receive a note for the "log4j (CVE-2021-44228) vulnerability" and > checking the SAP O and the version of ActiveMQ 5.8.0 has this vulnerability. > For SAP PO SAP sent a fix today to solve the issue. > For ActiveMQ we think probably new version of ActiveMQ will solve it? > But also need to be compatible with SAP PO. > > So I ask the community here to some advice. > If someone already encounter this issue and solved it and also some > evidence of the issue fix by ActiveMq (some doc or note) to justified the > upgrade. > > Thanks! > Regards > Martin > > ____________________________________________ > > Martin Piattini Velthuis, PMP - SAP CPI/PO/PI Consultant > > PK – the Experience Engineering firm > > M + 54 9 11 5644-8108 > > mpiatt...@pkglobal.com<mailto:xxxxx...@pkglobal.com> > > > >