Re: Log4j 1.2

2022-01-26 Thread Men Lim
re is a fair amount of work for > this. > > > > > > > > From: Israel Ekpo > > > > Date: Monday, January 10, 2022 at 9:32 AM > > > > To: users@kafka.apache.org > > > > Subject: [EXTERNAL] Re: Log4j 1.2 > > > > There are two

Re: Log4j 1.2

2022-01-24 Thread Edward Capriolo
> wrote: > > > > > Thanks. Those KIPs show that there is a fair amount of work for this. > > > > > > From: Israel Ekpo > > > Date: Monday, January 10, 2022 at 9:32 AM > > > To: users@kafka.apache.org > > > Subject: [EXTERNAL] Re: Lo

Re: Log4j 1.2

2022-01-24 Thread Men Lim
ng a line of code in kafka. > > > On Monday, January 10, 2022, Tauzell, Dave > wrote: > > > Thanks. Those KIPs show that there is a fair amount of work for this. > > > > From: Israel Ekpo > > Date: Monday, January 10, 2022 at 9:32 AM > > To: users@k

Re: Log4j 1.2

2022-01-24 Thread Edward Capriolo
air amount of work for this. > > From: Israel Ekpo > Date: Monday, January 10, 2022 at 9:32 AM > To: users@kafka.apache.org > Subject: [EXTERNAL] Re: Log4j 1.2 > There are two KIPs already related to this effort > > KIP-653 > https://urldefense.com/v3/__https://cwiki.ap

Re: [EXTERNAL] Re: Log4j 1.2

2022-01-10 Thread Tauzell, Dave
Thanks. Those KIPs show that there is a fair amount of work for this. From: Israel Ekpo Date: Monday, January 10, 2022 at 9:32 AM To: users@kafka.apache.org Subject: [EXTERNAL] Re: Log4j 1.2 There are two KIPs already related to this effort KIP-653 https://urldefense.com/v3/__https

Re: Log4j 1.2

2022-01-10 Thread Israel Ekpo
Januar 2022 14:30 > An: users@kafka.apache.org > Betreff: Re: Log4j 1.2 > > Log4j 2.x isn't a drop-in replacement for 1.x. It isn't a difficult > change but somebody does need to go through all the source code and do the > work. > > > -Dave > > From: B

Re: Log4j 1.2

2022-01-10 Thread Tauzell, Dave
rsprüngliche Nachricht- Von: Murilo Tavares Gesendet: Freitag, 7. Januar 2022 20:23 An: users@kafka.apache.org Betreff: Re: Log4j 1.2 Also worth mentioning the Kafka community has released this official announcement: https://urldefense.com/v3/__https://kafka.apac

Re: Log4j 1.2

2022-01-07 Thread Murilo Tavares
Also worth mentioning the Kafka community has released this official announcement: https://kafka.apache.org/cve-list On Fri, 7 Jan 2022 at 09:28, Roger Kasinsky wrote: > Hi Franziska, > > When upgrading to Log4J 2.x.x, take extra care not to upgrade to a 2.x.x > version that has a more recent s

Re: Log4j 1.2

2022-01-07 Thread Roger Kasinsky
Hi Franziska, When upgrading to Log4J 2.x.x, take extra care not to upgrade to a 2.x.x version that has a more recent serious security flaw, much worse than the one you mentioned. You can read more about it here: https://access.redhat.com/security/cve/cve-2021-44228 Thanks! -R On Fri, Jan 7, 2