Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?

2021-12-13 Thread Jean-Baptiste Onofré
think that posting the versions and the status (infected/not infected) will be great help From: Chittaranjan Panda Sent: Monday, 13 December 2021 16:32 To: users@activemq.apache.org Subject: Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities? [https://s3.amazonaws

RE: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?

2021-12-13 Thread Eugene Vigoutov
5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities? [https://s3.amazonaws.com/staticmediafiles/media/sights/iron-icon-color.png] IRONSCALES couldn't recognize this email as this is the first time you received an email from this sender chittaran...@hotmail.com<mailto:chittaran...

Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?

2021-12-13 Thread Domenico Francesco Bruscino
Justin has already clarified that ActiveMQ Artemis doesn't use/ship any version of Log4J, its binary package doesn't include tests and their dependencies, so it isn't affected by those log4j vulnerabilities. On Mon, 13 Dec 2021 at 15:52, Chittaranjan Panda wrote: > Hi, > > Is Apache Artemis 2.18

Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?

2021-12-13 Thread Chittaranjan Panda
Hi, Is Apache Artemis 2.18.0 is affected by log4j vulnerability ? I found in dependencies it uses jboss-logging ( https://mvnrepository.com/artifact/org.jboss.logging/jboss-logging/3.4.2.Final ) which contains log4j-api 2.11.2 and log4j 1.2.16 and in test dependencies uses log4j-core 2.11.2.

Aw: Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?

2021-12-13 Thread Benny K
Thanks a lot! :-)     Gesendet: Montag, 13. Dezember 2021 um 14:49 Uhr Von: "Jean-Baptiste Onofré" An: users@activemq.apache.org Betreff: Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities? Hi, I already answered the question about ActiveMQ (not Artemis). S

Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?

2021-12-13 Thread Justin Bertram
ActiveMQ Artemis doesn't use/ship any version of Log4J so CVE-2021-44228 doesn't impact it. Justin On Mon, Dec 13, 2021 at 7:40 AM Benny K wrote: > Hi all, > > we have two different Active MQ versions in production-use: > > - Active MQ 5.8.0 > - Active MQ Artemis 2.17.0 > > is it right that th

Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?

2021-12-13 Thread Jean-Baptiste Onofré
Hi, I already answered the question about ActiveMQ (not Artemis). So, ActiveMQ is using log4j 1.x, so it's not affected by CVE-2021-44228. Regards JB On 13/12/2021 14:39, Benny K wrote: Hi all, we have two different Active MQ versions in production-use: - Active MQ 5.8.0 - Active MQ Artemis

ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?

2021-12-13 Thread Benny K
Hi all, we have two different Active MQ versions in production-use: - Active MQ 5.8.0 - Active MQ Artemis 2.17.0 is it right that they both are using log4j-1.2.17 and they are NOT affected by the log4j vulnerability / "log4shell"? Any help would be really great. :-) Thanks and Best Regards Be