[ https://issues.apache.org/jira/browse/KAFKA-13545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459904#comment-17459904 ]
Luke Chen commented on KAFKA-13545: ----------------------------------- Close as "Not A Bug". Thanks. > Workaround for mitigating CVE-2021-4104 Kafka > ---------------------------------------------- > > Key: KAFKA-13545 > URL: https://issues.apache.org/jira/browse/KAFKA-13545 > Project: Kafka > Issue Type: Bug > Affects Versions: 2.8.1 > Reporter: Akansh Shandilya > Priority: Major > > A new vulnerability is published today : > https://nvd.nist.gov/vuln/detail/CVE-2021-4104 > > Kafka v2.8.1 uses log4j v1.x . Please review following information : > Is Kafka v2.8.1 impacted by CVE-2021-4104? > If yes, is there any workaround/recommendation available for Kafka v2.8.1 to > mitigate CVE-2021-4104 -- This message was sent by Atlassian Jira (v8.20.1#820001)