[ https://issues.apache.org/jira/browse/AMQ-8474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487535#comment-17487535 ]
Imran Ali commented on AMQ-8474: -------------------------------- [~jbonofre] - Any ETA on 5.16.4 release? > Log4j 1.x vulnerabilities query for CVE-2022-23307 > -------------------------------------------------- > > Key: AMQ-8474 > URL: https://issues.apache.org/jira/browse/AMQ-8474 > Project: ActiveMQ > Issue Type: Bug > Affects Versions: 5.16.3 > Reporter: Imran Ali > Assignee: Jean-Baptiste Onofré > Priority: Major > > Hi, > There is a new vulnerability discovered against log4j 1.x [CVE - > CVE-2022-23307 > (mitre.org)|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307]. Is > there any formal product statement if the latest version of ActiveMQ is > impacted by this vulnerability and if so what areas are impacted and how can > we mitigate this vulnerability. > > Regards, > Arc -- This message was sent by Atlassian Jira (v8.20.1#820001)