Hello Deepti The core Kafka components are not affected by this vulnerability. Core Kafka components use log4j1 and not log4j2
If you use Kafka connectors, please check with your vendor to make sure that the connectors are not using log4j2 Check out the official announcement from the project https://kafka.apache.org/cve-list I hope this helps Israel Ekpo Lead Instructor, IzzyAcademy.com https://www.youtube.com/c/izzyacademy https://izzyacademy.com/ On Sat, Jan 8, 2022 at 6:31 PM Deepti Sharma S <deepti.s.sha...@ericsson.com.invalid> wrote: > Hello Team, > > As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), can > you please confirm, when we have Kafka version release which has this > vulnerability fix and has Log4J version 2.17? > > > Regards, > Deepti Sharma > PMP(r) & ITIL > > >
