Hi Looking more details the vulnerability is in: Library versions Log4j 2.x (below than 2.15.0) are affected Library versions Log4j 1.x are not affected The issue has been resolved in log4j version 2.15.0 or higher
And ActiveMQ 5 suppouse use: Log4j 1.2.x then is not affected.... Do you think the same? Thanks Regards Martin ____________________________________________ Martin Piattini Velthuis, PMP - SAP CPI/PO/PI Consultant PK – the Experience Engineering firm M + 54 9 11 5644-8108 mpiatt...@pkglobal.com<mailto:xxxxx...@pkglobal.com> ________________________________ De: Martin Piattini Enviado: martes, 14 de diciembre de 2021 16:03 Para: dev@activemq.apache.org <dev@activemq.apache.org> Asunto: log4j (CVE-2021-44228) vulnerability and ActiveMQ 5.8.0 Hi In a client I am working they use SAP PO and ActiveMQ 5.8.0 for some years. Now we receive a note for the "log4j (CVE-2021-44228) vulnerability" and checking the SAP O and the version of ActiveMQ 5.8.0 has this vulnerability. For SAP PO SAP sent a fix today to solve the issue. For ActiveMQ we think probably new version of ActiveMQ will solve it? But also need to be compatible with SAP PO. So I ask the community here to some advice. If someone already encounter this issue and solved it and also some evidence of the issue fix by ActiveMq (some doc or note) to justified the upgrade. Thanks! Regards Martin ____________________________________________ Martin Piattini Velthuis, PMP - SAP CPI/PO/PI Consultant PK – the Experience Engineering firm M + 54 9 11 5644-8108 mpiatt...@pkglobal.com<mailto:xxxxx...@pkglobal.com>
