svudutala-vmware commented on pull request #7898: URL: https://github.com/apache/kafka/pull/7898#issuecomment-992556542
> > > Will this PR solve [CVE-2021-44228](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q)? > > > > > > @soumiksamanta > > https://github.com/apache/kafka/blob/bd3038383265f7bb850c09fe0a74a48c5c2e6f99/gradle/dependencies.gradle#L78 > > > > should be upgraded to 2.15.0. log4j <= 2.14.0 all have this issue. > > Initially I thought log4j 1.x is not impacted but as per [apache/logging-log4j2#608 (comment)](https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126) it is. > > Thank you for sharing the comment. Isn't that comment for log4j v1 in general. kafka by default does not use JMS appender. Do you think it is impacted under the default configuration. > > Also refer to this post: https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv Yeah @unverified-user . My understanding is same too. This should not impact unless there is use of JMS. I am not expert around Kafka connect using any connectors to use JMS. There may be potential impact I guess. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
