cadonna commented on a change in pull request #11743: URL: https://github.com/apache/kafka/pull/11743#discussion_r838286400
########## File path: docs/upgrade.html ########## @@ -30,6 +30,8 @@ <h5><a id="upgrade_320_notable" href="#upgrade_320_notable">Notable changes in 3 Users can change this behavior to enable idempotence for some or all producers via Connect worker and/or connector configuration. Connect may enable idempotent producers by default in a future major release.</li> + <li>Kafka has replaced log4j and slf4j-log4j12 with reload4j and slf4j-reload4j due to security concerns. + More information can be found at <a href"https://reload4j.qos.ch">reload4j</a>.</li> Review comment: ```suggestion <li>Kafka has replaced log4j with reload4j due to security concerns. More information can be found at <a href"https://reload4j.qos.ch">reload4j</a>.</li> ``` ########## File path: LICENSE-binary ########## @@ -300,8 +300,8 @@ MIT License argparse4j-0.7.0, see: licenses/argparse-MIT jopt-simple-5.0.4, see: licenses/jopt-simple-MIT -slf4j-api-1.7.30, see: licenses/slf4j-MIT -slf4j-log4j12-1.7.30, see: licenses/slf4j-MIT +slf4j-api-1.7.36, see: licenses/slf4j-MIT +slf4j-reload4j-1.7.36, see: licenses/slf4j-MIT Review comment: Since `slf4j-api-1.7.36` uses reload4j anyways, we do not need to use `slf4j-reload4j-1.7.36` anymore. Could you remove it here? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org