From c96e0d4616a2e82b5359549c8c4178291eb8b5b2 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 21 Dec 2021 19:32:02 -0500 Subject: [PATCH] Add Apache ActiveMQ Artemis Issue #273 --- SOFTWARE-LIST.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index feec338..85bce17 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -70,6 +70,7 @@ This list was initially populated using information from the following sources: | Apache | Kafka | All | Not Affected | No | [Kafka Apache List](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | 12/14/2021 | | Apache | Kafka | Unknown | Affected | No | [Log4j – Apache Log4j Security Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html)| Only vulnerable in certain configuration(s) | | | | Apache | Log4j | < 2.15.0 | Affected | Yes | [Log4j – Apache Log4j Security Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html) | | | | +| Apache | ActiveMQ Artemis | All | Not Affected | Yes | [ApacheMQ - Update on CVE-2021-4428](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | 12/21/2021 | | Apache | Solr | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | Yes | [Apache Solr Security](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Update to 8.11.1 or apply fixes as described in Solr security advisory | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | 12/16/2021 | | Apereo | CAS | 6.3.x & 6.4.x | Affected | Yes | [CAS Log4J Vulnerability Disclosure – Apereo Community Blog](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | | | Apereo | Opencast | < 9.10, < 10.6 | Affected | Yes | [Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | |