[jira] [Commented] (AMQ-8482) JMSAppender Remote Code Execution (CVE-2021-4104)

Robbie Gemmell (Jira) Fri, 11 Feb 2022 02:47:07 -0800


    [ 
https://issues.apache.org/jira/browse/AMQ-8482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17490847#comment-17490847
 ]


Robbie Gemmell commented on AMQ-8482:
-------------------------------------

{quote}... and a 5.16.4 release is currently-under-vote.
{quote}
When it is ready.

https://lists.apache.org/thread/3ksh41qoon27tvv533od6p9ztnq1hczk

>  JMSAppender Remote Code Execution (CVE-2021-4104)
> --------------------------------------------------
>
>                 Key: AMQ-8482
>                 URL: https://issues.apache.org/jira/browse/AMQ-8482
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: JMS client
>    Affects Versions: 5.16.3
>            Reporter: Beng Sokhom
>            Priority: Critical
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> Dear Support,
> Please help to check in the apache-activemq-5.16.3 is it still remains the 
> log4j issue on Apache Log4j-1.2.17 JMSAppender Remote Code Execution 
> (CVE-2021-4104).
> path: \apache-activemq-5.16.3\lib\optional\log4j-1.2.17.jar
> Do you have the solution to fixe this issue?
> Thank you.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (AMQ-8482) JMSAppender Remote Code Execution (CVE-2021-4104)

Reply via email to