Where I work we use both Tableau and Microstrategy which in turn use Kafka. Due to recent log4j vulnerabilities security is coming down on any product using the End-Of-Life log4j 1.x. Log4j 1.x was end-of-lifed in 2015. Kafka uses log4j 1.x.
Security is no longer accepting a vendor statement that a given vulnerability doesn't affect them. They frown on any software that has immediate plans to get rid of an enf-of-life product. I am familiar with an attempt to get Kafka off of log4j 1.x ( https://issues.apache.org/jira/browse/KAFKA-9366). My question: Does Kafka support the log4j 2.x bridge where you can use log4j 2 jars to mimic log4j 1.x and so in the best case scenario not have to make any code changes to kafka? Here is some info on it: "You may be able to convert an application to Log4j 2 *without any code changes* by replacing the Log4j 1.x jar file with Log4j 2’s log4j-1.2-api.jar." https://logging.apache.org/log4j/2.x/manual/migration.html <https://logging.apache.org/log4j/2.x/manual/migration.html>
