Fuse, AMQ, and Log4J vulnerability CVE-2021-44228 -- what is vulnerable, and what to do about it?

Solution Verified - Updated -

Issue

A serious security vulnerability that affects Log4J was discovered in December 2021. Vulnerable versions of Log4J are 2.0 to 2.14.1. Many Red Hat products are affected, including Fuse. Because AMQ 6.x shares much of its codebase with Fuse 6.x, anything that affects Fuse 6.x can potentially affect AMQ 6.x.

This article summarises which of the Fuse/AMQ product set is affected, on which platforms, and what to do about it. In all cases, however, an upgrade to a non-vulnerable release of any affected product is recommended.

Environment

  • Red Hat Fuse
    • 6.x
    • 7.x
  • Red Hat AMQ
    • 6.x
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content