[jira] [Closed] (AMQ-8475) ActiveMQ uses log4j 1.2.17

Robbie Gemmell (Jira) Mon, 07 Feb 2022 06:41:09 -0800


     [ 
https://issues.apache.org/jira/browse/AMQ-8475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robbie Gemmell closed AMQ-8475.
-------------------------------
    Resolution: Duplicate

There are numerous JIRAs opened on this, including the ones already in progress 
for changing to reload4j in 5.16.x and Log4J2 in 5.17.x.

> ActiveMQ uses log4j 1.2.17
> --------------------------
>
>                 Key: AMQ-8475
>                 URL: https://issues.apache.org/jira/browse/AMQ-8475
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.16.3
>            Reporter: Alexei Yarilovets
>            Priority: Major
>              Labels: docker, logging, security-issue
>
> ActiveMQ server uses old log4j library with CVEs with critical severity
> Tested here:
> [https://search.maven.org/artifact/org.apache.activemq/activemq-all/5.16.3/jar]
> ActiveMQ uses log4j 1.2.17



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (AMQ-8475) ActiveMQ uses log4j 1.2.17

Reply via email to