[jira] [Commented] (AMQ-8474) Log4j 1.x vulnerabilities query for CVE-2022-23307

Imran Ali (Jira) Sat, 05 Feb 2022 10:27:04 -0800


    [ 
https://issues.apache.org/jira/browse/AMQ-8474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487535#comment-17487535
 ]


Imran Ali commented on AMQ-8474:
--------------------------------

[~jbonofre]  - Any ETA on 5.16.4 release?

> Log4j 1.x vulnerabilities query for CVE-2022-23307
> --------------------------------------------------
>
>                 Key: AMQ-8474
>                 URL: https://issues.apache.org/jira/browse/AMQ-8474
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.16.3
>            Reporter: Imran Ali
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> Hi,
> There is a new vulnerability discovered against log4j 1.x [CVE - 
> CVE-2022-23307 
> (mitre.org)|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307]. Is 
> there any formal product statement if the latest version of ActiveMQ is 
> impacted by this vulnerability and if so what areas are impacted and how can 
> we mitigate this vulnerability. 
>  
> Regards,
> Arc



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (AMQ-8474) Log4j 1.x vulnerabilities query for CVE-2022-23307

Reply via email to