Justin, There was never a release that included log4j2, so there shouldn’t be cause for concern from that perspective.
The log4j2 release will probably need to be a Flume 2.0, which would be the time to remove Kite and other old dependencies. Tristan From: Justin Holmes <[email protected]> Reply: [email protected] <[email protected]> Date: 12 January 2022 at 13:52:48 To: [email protected] <[email protected]> Subject: Flume release that includes the log4j patches. Can we have a release that includes the fixed log4j vulnerabilities soon? -- Justin Holmes
