I am working on exactly that. But there are quite a few dependencies that need to be updated besides Log4j. That update was pretty easy.
I am currently trying to update the Avro dependency as it also has security issues. Unfortunately, Avro’s upgrade is not completely binary compatible, which is causing an error in the kite-sdk, which appears to be an another Cloudera abandoned project. In short, Apache Flume really needs more people to become active in the project. Ralph > On Jan 12, 2022, at 6:30 AM, Justin Holmes <jus...@nascency.co.uk> wrote: > > Can we have a release that includes the fixed log4j vulnerabilities soon? > > -- > Justin Holmes