Fuse, AMQ, and Log4J vulnerability CVE-2021-44228 -- what is vulnerable, and what to do about it?
Issue
A serious security vulnerability that affects Log4J was discovered in December 2021. Vulnerable versions of Log4J are 2.0 to 2.14.1. Many Red Hat products are affected, including Fuse. Because AMQ 6.x shares much of its codebase with Fuse 6.x, anything that affects Fuse 6.x can potentially affect AMQ 6.x.
This article summarises which of the Fuse/AMQ product set is affected, on which platforms, and what to do about it. In all cases, however, an upgrade to a non-vulnerable release of any affected product is recommended.
Environment
- Red Hat Fuse
- 6.x
- 7.x
- Red Hat AMQ
- 6.x
- 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.