[
https://issues.apache.org/jira/browse/KAFKA-13660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17513225#comment-17513225
]
Tom Bentley commented on KAFKA-13660:
-------------------------------------
[~vikash08mishra] I'm happy to include this in 3.1.1 if we can get the PR
merged and [~cadonna] is willing to include it in 3.2 (I think it would be
weird to do it in one and not the other). I did a bit of testing on Friday but
want to do some more, and [~showuon] raised a question on the PR.
> Replace log4j with reload4j
> ---------------------------
>
> Key: KAFKA-13660
> URL: https://issues.apache.org/jira/browse/KAFKA-13660
> Project: Kafka
> Issue Type: Bug
> Components: logging
> Affects Versions: 2.4.0, 3.0.0
> Reporter: Mike Lothian
> Priority: Major
>
> Kafka is using a known vulnerable version of log4j, the reload4j project was
> created by the code's original authors to address those issues. It is
> designed as a drop in replacement without any api changes
>
> https://reload4j.qos.ch/
>
> I've raised a merge request, replacing log4j with reload4j, slf4j-log4j12
> with slf4j-reload4j and bumping the slf4j version
>
> This is my first time contributing to the Kafka project and I'm not too
> familiar with the process, I'll go back and amend my PR with this issue number
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
