kobihikri commented on PR #12300: URL: https://github.com/apache/kafka/pull/12300#issuecomment-1162075846
@ijuma I checked and indeed log4j doesn't exist in the distribution. It seems that there are improvement in the realm of library dependencies as well, which might be worth "taking" by updating to the latest version. Here is the relevant portion from the release notes: " 7 March, 2022: release 3.8.0 available This is the first release for the 3.8 branch. It is a major release and it introduces a lot of new features, most notably: Migration of the logging framework from Apache Log4j1 to LogBack Read Key/Trust store password from file (and other security related improvements) Restored support for OSGI Reduced the performance impact of Prometheus metrics Official support for JDK17 (all tests are passing) Updates to all the third party dependencies to get rid of every known CVE. ZooKeeper clients from 3.5.x onwards are fully compatible with 3.8.x servers. The upgrade from 3.6.x and 3.7.x can be executed as usual, no particular additional upgrade procedure is needed. ZooKeeper 3.8.x clients are compatible with 3.5.x, 3.6.x and 3.7.x servers as long as you are not using new APIs not present these versions. " What do you think? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
