Hi Luke, We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the Log4j vulnerability CVE-2021-44228, CVE-2021-45046, CVE-2021-4104 and CVE-2021-45105, we are waiting for kafka to upgrade to Log4j 2.17. However, we came across following link in which there is a preview for the same.
http://home.apache.org/~dongjin/post/apache-kafka-log4j2-support/ Please let us know if it's safe and stable to upgrade our prod env with the preview or do we wait for Kafka official release (Log4j 2.x support with Java 8) for the same. Thanks in advance. Regards, Deepak
