think that posting the versions and the status (infected/not infected) will
be great help
From: Chittaranjan Panda
Sent: Monday, 13 December 2021 16:32
To: users@activemq.apache.org
Subject: Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?
[https://s3.amazonaws
5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?
[https://s3.amazonaws.com/staticmediafiles/media/sights/iron-icon-color.png]
IRONSCALES couldn't recognize this email as this is the first time you received
an email from this sender
chittaran...@hotmail.com<mailto:chittaran...
Justin has already clarified that ActiveMQ Artemis doesn't use/ship any
version of Log4J, its binary package doesn't include tests and their
dependencies, so it isn't affected by those log4j vulnerabilities.
On Mon, 13 Dec 2021 at 15:52, Chittaranjan Panda
wrote:
> Hi,
>
> Is Apache Artemis 2.18
Hi,
Is Apache Artemis 2.18.0 is affected by log4j vulnerability ?
I found in dependencies it uses jboss-logging (
https://mvnrepository.com/artifact/org.jboss.logging/jboss-logging/3.4.2.Final
)
which contains log4j-api 2.11.2 and log4j 1.2.16 and in test dependencies
uses log4j-core 2.11.2.
Thanks a lot! :-)
Gesendet: Montag, 13. Dezember 2021 um 14:49 Uhr
Von: "Jean-Baptiste Onofré"
An: users@activemq.apache.org
Betreff: Re: ActiveMQ 5.8.0 & Active MQ Artemis 2.17.0: log4j vulnerabilities?
Hi,
I already answered the question about ActiveMQ (not Artemis).
S
ActiveMQ Artemis doesn't use/ship any version of Log4J so CVE-2021-44228
doesn't impact it.
Justin
On Mon, Dec 13, 2021 at 7:40 AM Benny K wrote:
> Hi all,
>
> we have two different Active MQ versions in production-use:
>
> - Active MQ 5.8.0
> - Active MQ Artemis 2.17.0
>
> is it right that th
Hi,
I already answered the question about ActiveMQ (not Artemis).
So, ActiveMQ is using log4j 1.x, so it's not affected by CVE-2021-44228.
Regards
JB
On 13/12/2021 14:39, Benny K wrote:
Hi all,
we have two different Active MQ versions in production-use:
- Active MQ 5.8.0
- Active MQ Artemis
Hi all,
we have two different Active MQ versions in production-use:
- Active MQ 5.8.0
- Active MQ Artemis 2.17.0
is it right that they both are using log4j-1.2.17 and they are NOT affected by
the log4j vulnerability / "log4shell"?
Any help would be really great. :-)
Thanks and Best Regards
Be