I had test failures because of
https://github.com/apache/activemq-artemis/pull/3853#issuecomment-993567992
I'm pushing the release for the Wed...
please lets not push anything big on main between today and tomorrow..
(small fixes are ok.. but if you have anything big please hold on
pushing on mai
On 12/14/21 3:05 PM, Justin Bertram wrote:
Yes, I think the same. As already noted, ActiveMQ 5.8.0 doesn't use any
version of the vulnerable library (i.e. Log4j2 <=2.14.1).
It's also worth noting that ActiveMQ 5.x uses slf4j as the primary
logging facade so if you don't like the default log4j
For what it's worth, an update [1] has been posted on the ActiveMQ website.
Justin
[1] https://activemq.apache.org/news/cve-2021-44228.
On Tue, Dec 14, 2021 at 2:05 PM Justin Bertram wrote:
> Yes, I think the same. As already noted, ActiveMQ 5.8.0 doesn't use any
> version of the vulnerable l
Yes, I think the same. As already noted, ActiveMQ 5.8.0 doesn't use any
version of the vulnerable library (i.e. Log4j2 <=2.14.1).
Justin
On Tue, Dec 14, 2021 at 1:46 PM Martin Piattini
wrote:
> Hi
> Looking more details the vulnerability is in:
>
> Library versions Log4j 2.x (below than 2.15.0
Hi
Looking more details the vulnerability is in:
Library versions Log4j 2.x (below than 2.15.0) are affected
Library versions Log4j 1.x are not affected
The issue has been resolved in log4j version 2.15.0 or higher
And ActiveMQ 5 suppouse use: Log4j 1.2.x then is not affected
Do you think th
CVE-2021-44228 describes an issue with Log4j2 <=2.14. However, ActiveMQ
5.8.0 doesn't use any version of Log4j2. No patch should be necessary.
Justin
On Tue, Dec 14, 2021 at 1:11 PM Martin Piattini
wrote:
> Hi
> In a client I am working they use SAP PO and ActiveMQ 5.8.0 for some years.
> Now
Hi
In a client I am working they use SAP PO and ActiveMQ 5.8.0 for some years.
Now we receive a note for the "log4j (CVE-2021-44228) vulnerability" and
checking the SAP O and the version of ActiveMQ 5.8.0 has this vulnerability.
For SAP PO SAP sent a fix today to solve the issue.
For ActiveMQ we t
I would like ARTEMIS-3596 in, I know you have reservations because I was
building off of origin/master which has itest issues, but it passes itests now
that it is rebased off origin/main.
Ryan Yeats
On 12/14/21, 7:02 AM, "Clebert Suconic" wrote:
a bit late than what I promised but I'm cu
a bit late than what I promised but I'm cutting it today...
On Mon, Nov 29, 2021 at 10:18 AM Clebert Suconic
wrote:
>
> I'm thinking about cutting an ActiveMQ Artemis 2.20.0 tomorrow.
>
> Let me know If anyone has anything that would like to be included ...
> I will merge some PRs today..but plea
