RE: Kafka Log4j2.x upgrade plan

2022-02-13 Thread Tom Cooper
uture release (2.8.x) which supports Java 8. > > Regards, > Deepak > > From: Luke Chen > Sent: 11 February 2022 18:15 > To: Deepak Jain > Cc: users@kafka.apache.org; Alap Patwardhan > Subject: Re: Kafka Log4j2.x upgrade plan > > Hi Deepak, > > The PR to upgra

RE: Kafka Log4j2.x upgrade plan

2022-02-11 Thread Deepak Jain
From: Luke Chen Sent: 11 February 2022 18:15 To: Deepak Jain Cc: users@kafka.apache.org; Alap Patwardhan Subject: Re: Kafka Log4j2.x upgrade plan Hi Deepak, The PR to upgrade to log4j 2 is already under review. And so far it looks good. So I think it's possible to be merged into v3.2.0

Re: Kafka Log4j2.x upgrade plan

2022-02-11 Thread Luke Chen
ase. Our Customer is eagerly waiting and following with > us regarding the same. > > > > Regards, > > Deepak > > > > *From:* Luke Chen > *Sent:* 21 January 2022 12:35 > *To:* Deepak Jain > *Cc:* users@kafka.apache.org; Alap Patwardhan > *Subject:* Re: Kafka Log

RE: Kafka Log4j2.x upgrade plan

2022-02-11 Thread Deepak Jain
: 21 January 2022 12:35 To: Deepak Jain Cc: users@kafka.apache.org; Alap Patwardhan Subject: Re: Kafka Log4j2.x upgrade plan Hi Deepak, So far, we don't have an ETA for log4j2. Please check this discussion: https://issues.apache.org/jira/browse/KAFKA-9366 Thank you. Luke On Fri, Jan 21, 20

Re: Kafka Log4j2.x upgrade plan

2022-01-23 Thread Edward Capriolo
All as someone who has been patching all december. There are two aspects to log4j, the log4j API and the log4j jar version. It is possible to use log4j 2.17.1 {core,api} without modifying Kafka.. Kafka itself is internally using the log4j api, but the api is implemented by the patched log4j jars.

Re: Kafka Log4j2.x upgrade plan

2022-01-20 Thread Luke Chen
Hi Deepak, So far, we don't have an ETA for log4j2. Please check this discussion: https://issues.apache.org/jira/browse/KAFKA-9366 Thank you. Luke On Fri, Jan 21, 2022 at 1:57 PM Deepak Jain wrote: > Hi Luke, > > We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the > Log4j

Kafka Log4j2.x upgrade plan

2022-01-20 Thread Deepak Jain
Hi Luke, We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the Log4j vulnerability CVE-2021-44228, CVE-2021-45046, CVE-2021-4104 and CVE-2021-45105, we are waiting for kafka to upgrade to Log4j 2.17. Our Customers are asking why Kafka is using obsolete log4j1.x version. Ple