Hi Deepak,

So far, we don't have an ETA for log4j2.
Please check this discussion:
https://issues.apache.org/jira/browse/KAFKA-9366

Thank you.
Luke

On Fri, Jan 21, 2022 at 1:57 PM Deepak Jain <deepak.j...@cumulus-systems.com>
wrote:

> Hi Luke,
>
> We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the
> Log4j vulnerability CVE-2021-44228, CVE-2021-45046, CVE-2021-4104 and
> CVE-2021-45105, we are waiting for kafka to upgrade to Log4j 2.17.
>
> Our Customers are asking why Kafka is using obsolete log4j1.x version.
>
> Please let us know when Kafka is planned to upgrade the Log4j version?
>
> Thanks in advance.
>
> Regards,
> Deepak
>
>

Reply via email to