Sent: 23 December 2021 09:15
> To: Israel Ekpo
> Cc: Users
> Subject: Re: Log4j 2.x preview for Kafka
>
> Hi Deepak,
>
> As Israel mentioned, the core Apache Kafka components do not have any
> dependencies on log4j2.
> The only CVE that core Apache Kafka got impacted is CV
December 2021 09:15
To: Israel Ekpo
Cc: Users
Subject: Re: Log4j 2.x preview for Kafka
Hi Deepak,
As Israel mentioned, the core Apache Kafka components do not have any
dependencies on log4j2.
The only CVE that core Apache Kafka got impacted is CVE-2021-4104.
You can check the official announcement
nd is
compatible with Java 8.
Regards,
Deepak
From: Israel Ekpo
Sent: Thursday, December 23, 2021 1:09:13 AM
To: Users
Cc: Luke Chen
Subject: Re: Log4j 2.x preview for Kafka
Currently, the core Apache Kafka components do not have any dependencies on
log4j2
Ther
Hi Deepak,
As Israel mentioned, the core Apache Kafka components do not have any
dependencies on log4j2.
The only CVE that core Apache Kafka got impacted is CVE-2021-4104.
You can check the official announcement for the mitigation methods here:
https://kafka.apache.org/cve-list
For the log4j 2.x
Currently, the core Apache Kafka components do not have any dependencies on
log4j2
There may be Kafka connectors that use log4j2 so you would need to check
with your connector vendors to see if this applies to those connectors.
If you do not use Kafka connect, then this may not apply to you.
He
