[ https://issues.apache.org/jira/browse/KAFKA-13660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17513225#comment-17513225 ]
Tom Bentley commented on KAFKA-13660: ------------------------------------- [~vikash08mishra] I'm happy to include this in 3.1.1 if we can get the PR merged and [~cadonna] is willing to include it in 3.2 (I think it would be weird to do it in one and not the other). I did a bit of testing on Friday but want to do some more, and [~showuon] raised a question on the PR. > Replace log4j with reload4j > --------------------------- > > Key: KAFKA-13660 > URL: https://issues.apache.org/jira/browse/KAFKA-13660 > Project: Kafka > Issue Type: Bug > Components: logging > Affects Versions: 2.4.0, 3.0.0 > Reporter: Mike Lothian > Priority: Major > > Kafka is using a known vulnerable version of log4j, the reload4j project was > created by the code's original authors to address those issues. It is > designed as a drop in replacement without any api changes > > https://reload4j.qos.ch/ > > I've raised a merge request, replacing log4j with reload4j, slf4j-log4j12 > with slf4j-reload4j and bumping the slf4j version > > This is my first time contributing to the Kafka project and I'm not too > familiar with the process, I'll go back and amend my PR with this issue number -- This message was sent by Atlassian Jira (v8.20.1#820001)