Re: Apache log4j 1.x vulnerability mitigations on Kafka

Excellent Luke I will take a look shortly On Fri, Jan 28, 2022 at 11:12 PM Luke Chen wrote: > Hi Israel and all, > > The PR to add CVE-2022-23302 > and CVE-2022-23305 > is here: > https://g

Re: Apache log4j 1.x vulnerability mitigations on Kafka

Hi Israel and all, The PR to add CVE-2022-23302 and CVE-2022-23305 is here: https://github.com/apache/kafka-site/pull/396 Welcome to review. Thank you. Luke On Sat, Jan 29, 2022 at 11:22 AM I

Re: Apache log4j 1.x vulnerability mitigations on Kafka

Thanks Luke for the prompt response +1 on the PR for the CVE page update You can cc me on the PR when it’s ready and I will take a look at it Thanks On Fri, Jan 28, 2022 at 9:44 PM Luke Chen wrote: > Hi Karupasamy, > > Thanks for your asking. Answering your question below: > > > 1. Are the CV

Re: Apache log4j 1.x vulnerability mitigations on Kafka

Hi Karupasamy, Thanks for your asking. Answering your question below: > 1. Are the CVEs *CVE-2022-23302, CVE-2022-23305* applicable to the Apache Kafka? Unfortunately, yes, these 2 CVEs: *CVE-2022-23302, CVE-2022-23305* are also applicable to the Apache Kafka, because that applied to log4j 1.x v

RE: Apache log4j 1.x vulnerability mitigations on Kafka

Hi Team, Kindly awaiting your response, as this issue needs to be mitigated before our product release to the market in the coming days. Thanks & Regards Karupasamy From: Karupasamy S Sent: Thursday, January 27, 2022 4:12 PM To: users@kafka.apache.org Cc: Mariappan Thangavel Su