Log4j2 is only impacted, not log4j 1.x.
It's what I meant: ActiveMQ 5.16.x/5.15.x are not affected by log4shell
vulnerability.
Regards
JB
On 03/01/2022 17:30, Xeno Amess wrote:
Just show the log4j2 cve list to that customer, and persuade him no hurry to
migrate.
XenoAmess
________________________________
From: JB Onofré <j...@nanthrax.net>
Sent: Monday, January 3, 2022 11:31:30 PM
To: dev@activemq.apache.org <dev@activemq.apache.org>
Subject: Re: ActiveMQ 5.17 and log4j2
About 5.16 no way: it’s log4j 1.x
And log4j 1.x is not impacted by log4shell vulnerability so no need to update.
Regards
JB
Le 3 janv. 2022 à 16:00, Laurent Blanquet <lblanq...@b2btechno.net> a écrit :
Hi Guys,
It seems that the latest version available is still using log4j 1.2.17.
Unfortunately we have a customer who has a strong requisite to migrate to
log4j2 before 10 of January !
Is there a (simple) mean to force this version (or 5.16.3 ?) to use log4j 2.17
?
Regards,
Laurent
