[ https://issues.apache.org/jira/browse/AMQ-8474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17491675#comment-17491675 ]
Jean-Baptiste Onofré commented on AMQ-8474: ------------------------------------------- 5.16.4 is currently on vote. It will be available in couple of days max. > Log4j 1.x vulnerabilities query for CVE-2022-23307 > -------------------------------------------------- > > Key: AMQ-8474 > URL: https://issues.apache.org/jira/browse/AMQ-8474 > Project: ActiveMQ > Issue Type: Bug > Affects Versions: 5.16.3 > Reporter: Imran Ali > Assignee: Jean-Baptiste Onofré > Priority: Major > > Hi, > There is a new vulnerability discovered against log4j 1.x [CVE - > CVE-2022-23307 > (mitre.org)|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307]. Is > there any formal product statement if the latest version of ActiveMQ is > impacted by this vulnerability and if so what areas are impacted and how can > we mitigate this vulnerability. > > Regards, > Arc -- This message was sent by Atlassian Jira (v8.20.1#820001)