[
https://issues.apache.org/jira/browse/AMQ-8474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré resolved AMQ-8474.
---------------------------------------
Assignee: Jean-Baptiste Onofré
Resolution: Won't Fix
ActiveMQ 5.16.4 will use reload4j instead of log4j 1.x.
reload4j will include the latest CVE fixes.
> Log4j 1.x vulnerabilities query for CVE-2022-23307
> --------------------------------------------------
>
> Key: AMQ-8474
> URL: https://issues.apache.org/jira/browse/AMQ-8474
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.16.3
> Reporter: Imran Ali
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
> Hi,
> There is a new vulnerability discovered against log4j 1.x [CVE -
> CVE-2022-23307
> (mitre.org)|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307]. Is
> there any formal product statement if the latest version of ActiveMQ is
> impacted by this vulnerability and if so what areas are impacted and how can
> we mitigate this vulnerability.
>
> Regards,
> Arc
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
