> I would like to follow-up on the release date of ActiveMQ 5.17.x version. I have seen the below thread, however could not found the exact date/week for the same.
As noted previously, there is no exact release date. There is only a projection about when the release will go up for a vote. Previously it was projected that the release would go up for a vote in early February. However, right before that time came a few issues were discovered with some of the commits. Those issues need to be resolved before the release can be put to a vote. I don't know what the current projection is. I assume it's as-soon-as-possible. Justin On Mon, Feb 7, 2022 at 6:21 AM Deepti Sharma S <deepti.s.sha...@ericsson.com.invalid> wrote: > Hello Justin, > > I would like to follow-up on the release date of ActiveMQ 5.17.x version. > I have seen the below thread, however could not found the exact date/week > for the same. > > Could you please help here? > > Also can we build the ActiveMQ and upgrade the Log4J2.x on our own, can > you please help to understand the procedure for the same. > > > Regards, > Deepti Sharma > PMP® & ITIL > > > -----Original Message----- > From: Justin Bertram <jbert...@apache.org> > Sent: Tuesday, January 18, 2022 9:09 PM > To: users@activemq.apache.org > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 (Critical) > > > when we download the Active Mq from below Maven link the jar name is " > ActiveMQ all", however I could not found this from Active MQ website. > > All Maven artifacts are built from the source code. You can find links to > all the ActiveMQ source code repositories on the website [1]. You need to > look in the actual repository to see the code for a specific Maven module > like "activemq-all" which can be found here [2]. > > > I might miss the release date for 5.17... > > If you miss anything on the users mailing list you can go back and review > the archive [3] which is linked from the website [4]. > > > Justin > > [1] https://activemq.apache.org/contributing > [2] https://github.com/apache/activemq/tree/main/activemq-all > [3] https://lists.apache.org/list.html?users@activemq.apache.org > [4] https://activemq.apache.org/contact > > On Tue, Jan 18, 2022 at 9:06 AM Deepti Sharma S < > deepti.s.sha...@ericsson.com.invalid> wrote: > > > Hello Justin, > > > > The question is , when we download the Active Mq from below Maven link > > the jar name is " ActiveMQ all", however I could not found this from > > Active MQ website. > > > > I might miss the release date for 5.17, it would be helpful, if you > > could confirm the release date for the same. > > > > > > Regards, > > Deepti Sharma > > PMP® & ITIL > > > > > > -----Original Message----- > > From: Justin Bertram <jbert...@apache.org> > > Sent: Tuesday, January 18, 2022 8:33 PM > > To: users@activemq.apache.org > > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 > > (Critical) > > > > > Does Active MQ all (// > > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all > > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as > > Active MQ Classic? > > > > I don't understand the question. What exactly are you asking here? > > > > > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? > > > > This question has *already* been answered on this thread (and many > > other places on this mailing list). > > > > > > Justin > > > > On Tue, Jan 18, 2022 at 8:27 AM Deepti Sharma S < > > deepti.s.sha...@ericsson.com.invalid> wrote: > > > > > Hello All, > > > > > > 2 questions: > > > Does Active MQ all (// > > > https://mvnrepository.com/artifact/org.apache.activemq/activemq-all > > > implementation 'org.apache.activemq:activemq-all:5.16.3') is same as > > > Active MQ Classic? > > > When we are expecting the Active MQ 5.17.x version with Log4J 2.17.x? > > > > > > > > > Regards, > > > Deepti Sharma > > > PMP® & ITIL > > > > > > > > > -----Original Message----- > > > From: Justin Bertram <jbert...@apache.org> > > > Sent: Sunday, January 9, 2022 1:29 AM > > > To: users@activemq.apache.org > > > Subject: Re: Active MQ All Fix for CVE-2021-44228, CVSS 10.0 > > > (Critical) > > > > > > For what it's worth, it's already noted on the index page as well as > > > the "News" page as well as noted in multiple emails on both the > > > users and dev mailing lists. Even searches for "activemq > > > CVE-2021-44228" on DuckDuckGo, Google, or Bing provide the relevant > > > information in the > > first few results. > > > In my opinion if folks aren't finding the information it's because > > > they aren't looking. There's always going to be folks like that > > unfortunately. > > > > > > > > > Justin > > > > > > > > > On Sat, Jan 8, 2022 at 10:07 AM Jean-Baptiste Onofre > > > <j...@nanthrax.net> > > > wrote: > > > > > > > Hi Tim, > > > > > > > > Good idea, I think it would be helpful to have it directly on > > > > index page and contact yeah. > > > > > > > > I can do the change if everyone agree. > > > > > > > > Thanks ! > > > > > > > > Regards > > > > JB > > > > > > > > > Le 8 janv. 2022 à 16:44, Tim Bain <tb...@alumni.duke.edu> a écrit > : > > > > > > > > > > JB, should we put that link somewhere prominent on > > > > > https://activemq.apache.org/contact for a few months? I believe > > > > > all the users who posted questions about the CVE were first-time > > > > > posters who > > > > likely > > > > > went to that page before posting questions, so we might be able > > > > > to save everyone the time and frustration by heading off the > > > > > question for > > > folks. > > > > > > > > > > Tim > > > > > > > > > > On Sat, Jan 8, 2022, 6:01 AM Jean-Baptiste Onofre > > > > > <j...@nanthrax.net> > > > > wrote: > > > > > > > > > >> Hi, > > > > >> > > > > >> Again, a new time: > > > > >> > > > > >> https://activemq.apache.org/news/cve-2021-44228 > > > > >> > > > > >> AGAIN, ActiveMQ 5.15/5.16 are NOT affected by log4j 2.x CVE > > > > >> because they are using log4j 1.x > > > > >> > > > > >> ActiveMQ 5.17.x (not yet released) will use at least log4j 2.17.1. > > > > >> > > > > >> Regards > > > > >> JB > > > > >> > > > > >>> Le 8 janv. 2022 à 11:35, Deepti Sharma S > > > > >>> <deepti.s.sha...@ericsson.com > > > > .INVALID> > > > > >> a écrit : > > > > >>> > > > > >>> Hello Team, > > > > >>> > > > > >>> As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 > > > > >>> (Critical), > > > > can > > > > >> you please confirm, when we have ActiveMQ all, version release > > > > >> which has this vulnerability fix and has Log4J version 2.17? > > > > >>> > > > > >>> > > > > >>> > > > > >>> Regards, > > > > >>> Deepti Sharma > > > > >>> PMP(r) & ITIL > > > > >>> > > > > >>> > > > > >> > > > > >> > > > > > > > > > > > > > > > > > > > >
