13, 2021 4:50 AM
> To: users@activemq.apache.org
> Subject: [EXTERNAL] Re: ActiveMQ 5.16 and log4j vulnerabilities
>
> Hi,
>
> I was about to send a message to the mailing list to give an update.
>
> 1. ActiveMQ is now using log4j 1.2.x, so, it's not impacted by the CV
gt;
> Thanks
>
> Regards,
> Rahman
>
> -Original Message-
> From: Justin Bertram
> Sent: Wednesday, December 15, 2021 3:58 PM
> To: users@activemq.apache.org
> Subject: [EXTERNAL] Re: ActiveMQ 5.16 and log4j vulnerabilities
>
> > Could we please get an o
: ActiveMQ 5.16 and log4j vulnerabilities
> Could we please get an official statement about ActiveMQ's security
> wrt
log4j?
To be clear, this [1] is the official statement you requested.
Justin
[1]
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Factivemq.apache.org%2
> Could we please get an official statement about ActiveMQ’s security wrt
log4j?
To be clear, this [1] is the official statement you requested.
Justin
[1] https://activemq.apache.org/news/cve-2021-44228
On Mon, Dec 13, 2021 at 3:00 AM Lionel Cons wrote:
> Recently, a new critical vulnerabili
an-Baptiste Onofré
> Sent: Monday, December 13, 2021 4:50 AM
> To: users@activemq.apache.org
> Subject: [EXTERNAL] Re: ActiveMQ 5.16 and log4j vulnerabilities
>
> Hi,
>
> I was about to send a message to the mailing list to give an update.
>
> 1. ActiveMQ is now using log
users@activemq.apache.org
Subject: [EXTERNAL] Re: ActiveMQ 5.16 and log4j vulnerabilities
Hi,
I was about to send a message to the mailing list to give an update.
1. ActiveMQ is now using log4j 1.2.x, so, it's not impacted by the CVE
2021-44228. The other mentioned CVE only affects users using JMS appender,
Thank you very much! :-)
Gesendet: Montag, 13. Dezember 2021 um 15:16 Uhr
Von: "Domenico Francesco Bruscino"
An: users@activemq.apache.org
Betreff: Re: Re: ActiveMQ 5.16 and log4j vulnerabilities
Hi Benjamin,
ActiveMQ Artemis 2.17.0 depends on log4j 1.2 and it doesn't
use
ffected of those CVE´s / Log4Shell?
> - How can we patch?
>
> Thanks and Best Regards
> Benjamin
>
>
>
>
>
> Gesendet: Montag, 13. Dezember 2021 um 11:04 Uhr
> Von: "Jean-Baptiste Onofré"
> An: users@activemq.apache.org
> Betreff: Re: ActiveMQ 5.16 and log4
: ActiveMQ 5.16 and log4j vulnerabilities
My understanding is that CVE-2019-17571 only impact socket/JMS appender.
"Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when
My understanding is that CVE-2019-17571 only impact socket/JMS appender.
"Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening t
Hi,
log4j 1.2 series are vulnerable to CVE-2019-17571 which has a CVSS score of
9.8. This needs to be addressed too.
--
Vilius
-Original Message-
From: Jean-Baptiste Onofré
Sent: Monday, December 13, 2021 11:50 AM
To: users@activemq.apache.org
Subject: Re: ActiveMQ 5.16 and
Hi,
I was about to send a message to the mailing list to give an update.
1. ActiveMQ is now using log4j 1.2.x, so, it's not impacted by the CVE
2021-44228. The other mentioned CVE only affects users using JMS
appender, which is pretty rare.
2. ActiveMQ 5.17.x (main) will use log4j2, I have a P
12 matches
Mail list logo