jetlyg commented on pull request #7898: URL: https://github.com/apache/kafka/pull/7898#issuecomment-991704123
> > Will this PR solve [CVE-2021-44228](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q)? > > @soumiksamanta > > https://github.com/apache/kafka/blob/bd3038383265f7bb850c09fe0a74a48c5c2e6f99/gradle/dependencies.gradle#L78 > > should be upgraded to 2.15.0. log4j <= 2.14.0 all have this issue. > Initially I thought log4j 1.x is not impacted but as per [apache/logging-log4j2#608 (comment)](https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126) it is. but kafka does not use JMS appender. Will it still be impacted? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
