Hi Deepak, So far, we don't have an ETA for log4j2. Please check this discussion: https://issues.apache.org/jira/browse/KAFKA-9366
Thank you. Luke On Fri, Jan 21, 2022 at 1:57 PM Deepak Jain <deepak.j...@cumulus-systems.com> wrote: > Hi Luke, > > We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the > Log4j vulnerability CVE-2021-44228, CVE-2021-45046, CVE-2021-4104 and > CVE-2021-45105, we are waiting for kafka to upgrade to Log4j 2.17. > > Our Customers are asking why Kafka is using obsolete log4j1.x version. > > Please let us know when Kafka is planned to upgrade the Log4j version? > > Thanks in advance. > > Regards, > Deepak > >