Dear Team,

We are getting vulnerability due to Log4j- v1.2.17 jar being used in 
Kafka_2.11-2.4.0.
We tried to upgrade the same to Kafka_2.13-3.1.0 to remediate vulnerability due 
to Log4j- v1.2.17 (obsolete version- Log4j 1.x has reached End of Life in 2015 
and is no longer supported.) but found this version of Kafka do not use Log4j 
v2.X


As per your website there is no such information available. Please let us know 
when this will get upgraded. Please us know how to get this vulnerability 
remediated as we need to upgrade Log4j to v2.x




Thanks & Regards,
Sandip Bhunia
Cell: 9932245061
Em@il<mailto:Em@il> : sandip.bhu...@tcs.com<mailto:sandip.bhu...@tcs.com>

Advance Notice of Holidays:




=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


Reply via email to