For what it's worth, an update [1] has been posted on the ActiveMQ website.
Justin [1] https://activemq.apache.org/news/cve-2021-44228. On Tue, Dec 14, 2021 at 2:05 PM Justin Bertram <[email protected]> wrote: > Yes, I think the same. As already noted, ActiveMQ 5.8.0 doesn't use any > version of the vulnerable library (i.e. Log4j2 <=2.14.1). > > > Justin > > On Tue, Dec 14, 2021 at 1:46 PM Martin Piattini <[email protected]> > wrote: > >> Hi >> Looking more details the vulnerability is in: >> >> Library versions Log4j 2.x (below than 2.15.0) are affected >> Library versions Log4j 1.x are not affected >> The issue has been resolved in log4j version 2.15.0 or higher >> >> And ActiveMQ 5 suppouse use: Log4j 1.2.x then is not affected.... >> >> Do you think the same? >> >> Thanks >> Regards >> Martin >> >> >> >> >> ____________________________________________ >> >> Martin Piattini Velthuis, PMP - SAP CPI/PO/PI Consultant >> >> PK – the Experience Engineering firm >> >> M + 54 9 11 5644-8108 >> >> [email protected]<mailto:[email protected]> >> >> >> >> ________________________________ >> De: Martin Piattini >> Enviado: martes, 14 de diciembre de 2021 16:03 >> Para: [email protected] <[email protected]> >> Asunto: log4j (CVE-2021-44228) vulnerability and ActiveMQ 5.8.0 >> >> Hi >> In a client I am working they use SAP PO and ActiveMQ 5.8.0 for some >> years. >> Now we receive a note for the "log4j (CVE-2021-44228) vulnerability" and >> checking the SAP O and the version of ActiveMQ 5.8.0 has this vulnerability. >> For SAP PO SAP sent a fix today to solve the issue. >> For ActiveMQ we think probably new version of ActiveMQ will solve it? >> But also need to be compatible with SAP PO. >> >> So I ask the community here to some advice. >> If someone already encounter this issue and solved it and also some >> evidence of the issue fix by ActiveMq (some doc or note) to justified the >> upgrade. >> >> Thanks! >> Regards >> Martin >> >> ____________________________________________ >> >> Martin Piattini Velthuis, PMP - SAP CPI/PO/PI Consultant >> >> PK – the Experience Engineering firm >> >> M + 54 9 11 5644-8108 >> >> [email protected]<mailto:[email protected]> >> >> >> >>
