The various Apache NMS projects from ActiveMQ are based on .NET (using C#). Log4j is a *Java* library. Therefore, no NMS project will even be using Log4j.
Also, in general it is important to be specific when discussing security issues. You simply say "Log4j vulnerability" and "log4j exploit", but there are numerous CVEs for Log4j. You should be specific about which one you're concerned about. I assume here that you're concerned about CVE-2021-44228 in which case you can find further details on the ActiveMQ website [1]. Justin [1] https://activemq.apache.org/news/cve-2021-44228 On Thu, Dec 16, 2021 at 12:16 PM Chad Broadus <chad.broa...@finvi.com> wrote: > Is either Apache.NMS 1.8 or Apache.NMS.ActiveMQ 1.8 vulnerable to the > log4j exploit? > Attention: This message and all attachments are private and may contain > information that is confidential and privileged. If you received this > message in error, please notify the sender by reply email and delete the > message immediately. > >
