[ https://issues.apache.org/jira/browse/AMQ-8475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexei Yarilovets updated AMQ-8475: ----------------------------------- Description: ActiveMQ server uses old log4j library with CVEs with critical severity Tested here: [https://search.maven.org/artifact/org.apache.activemq/activemq-all/5.16.3/jar] ActiveMQ uses log4j 1.2.17 was: ActiveMQ server uses old log4j library with CVEs with critical severity Tested here: [https://search.maven.org/artifact/org.apache.activemq/activemq-all/5.16.3/jar] > ActiveMQ uses log4j 1.2.17 > -------------------------- > > Key: AMQ-8475 > URL: https://issues.apache.org/jira/browse/AMQ-8475 > Project: ActiveMQ > Issue Type: Bug > Affects Versions: 5.16.3 > Reporter: Alexei Yarilovets > Priority: Major > Labels: docker, logging, security-issue > > ActiveMQ server uses old log4j library with CVEs with critical severity > Tested here: > [https://search.maven.org/artifact/org.apache.activemq/activemq-all/5.16.3/jar] > ActiveMQ uses log4j 1.2.17 -- This message was sent by Atlassian Jira (v8.20.1#820001)