Justin, There was never a release that included log4j2, so there shouldn’t be cause for concern from that perspective.
The log4j2 release will probably need to be a Flume 2.0, which would be the time to remove Kite and other old dependencies. Tristan From: Justin Holmes <jus...@nascency.co.uk> Reply: dev@flume.apache.org <dev@flume.apache.org> Date: 12 January 2022 at 13:52:48 To: dev@flume.apache.org <dev@flume.apache.org> Subject: Flume release that includes the log4j patches. Can we have a release that includes the fixed log4j vulnerabilities soon? -- Justin Holmes