[
https://issues.apache.org/jira/browse/KAFKA-13534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457568#comment-17457568
]
Jason-Morries Adam edited comment on KAFKA-13534 at 12/12/21, 12:30 AM:
------------------------------------------------------------------------
[~showuon] In my opinion, Log4J v1 is vulnerable for other issues, so an
upgrade would be the only acceptable option:
[https://github.com/apache/logging-log4j2/pull/608?s=09#issuecomment-990494126]
was (Author: jasonmadam):
[~showuon] In my opinion, Log4J v1 is vulnerable for other issues, so an
upgrade would be great:
[https://github.com/apache/logging-log4j2/pull/608?s=09#issuecomment-990494126]
> Upgrade Log4j to 2.15.0 - CVE-2021-44228
> ----------------------------------------
>
> Key: KAFKA-13534
> URL: https://issues.apache.org/jira/browse/KAFKA-13534
> Project: Kafka
> Issue Type: Task
> Affects Versions: 2.7.0, 2.8.0, 3.0.0
> Reporter: Sai Kiran Vudutala
> Priority: Major
>
> Log4j has an RCE vulnerability, see
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]
> References.
> [https://github.com/advisories/GHSA-jfh8-c2jp-5v3q]
> [https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126]
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
