[ https://issues.apache.org/jira/browse/KAFKA-13594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475831#comment-17475831 ]
Jun Rao commented on KAFKA-13594: --------------------------------- [~Waseem_bhura] : You can refer to [https://kafka.apache.org/cve-list] for this issue. > In TNPM Wireline Project, vulnerability found in Log4j-1.2.17.jar under KAFKA > directory > --------------------------------------------------------------------------------------- > > Key: KAFKA-13594 > URL: https://issues.apache.org/jira/browse/KAFKA-13594 > Project: Kafka > Issue Type: Task > Components: log, logging > Affects Versions: 2.6.0 > Reporter: Waseem > Priority: Major > Fix For: 2.6.0 > > > In TNPM wireline project, we used kafka2.6.x which is using Log4j-1.2.17.jar > in which we found this JMSAppender.class. > Is this class is vulnerable for Log4j-1.2.17.jar ? > Could you please suggest any steps or refer to any document ? -- This message was sent by Atlassian Jira (v8.20.1#820001)