Hi Sandip,
I just merged the PR https://github.com/apache/kafka/pull/11743 that
replaces log4j with reload4j. Reload4j will be part of Apache Kafka
3.2.0 and 3.1.1.
Best,
Bruno
On 30.03.22 04:26, Luke Chen wrote:
Hi Sandip,
We plan to replace log4j with reload4j in v3.2.0 and v3.1.1. (KAFKA-13660
<https://issues.apache.org/jira/browse/KAFKA-13660>)
And plan to upgrade to log4j2 in v4.0.0.
You can check this discussion thread for more details:
https://lists.apache.org/thread/qo1y3249xldt4cpg6r8zkcq5m1q32bf1
Thank you.
Luke
On Tue, Mar 29, 2022 at 10:18 PM Sandip Bhunia
<sandip.bhu...@tcs.com.invalid> wrote:
Dear Team,
We are getting vulnerability due to Log4j- v1.2.17 jar being used in
Kafka_2.11-2.4.0.
We tried to upgrade the same to Kafka_2.13-3.1.0 to remediate
vulnerability due to Log4j- v1.2.17 (obsolete version- Log4j 1.x has
reached End of Life in 2015 and is no longer supported.) but found this
version of Kafka do not use Log4j v2.X
As per your website there is no such information available. Please let us
know when this will get upgraded. Please us know how to get this
vulnerability remediated as we need to upgrade Log4j to v2.x
*Thanks & Regards,*
*Sandip Bhunia*
*Cell: 9932245061 **Em@il* <Em@il> *: **sandip.bhu...@tcs.com*
<sandip.bhu...@tcs.com>
*Advance Notice of Holidays: *
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
