[ https://issues.apache.org/jira/browse/KAFKA-13535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luke Chen resolved KAFKA-13535. ------------------------------- Resolution: Won't Fix [~akansh] , thanks for reporting the issue. I've confirmed that Kafka is not affected by this CVE. Please read my email reply here for more detail: [https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv] Thank you. > Workaround for mitigating CVE-2021-44228 Kafka > ----------------------------------------------- > > Key: KAFKA-13535 > URL: https://issues.apache.org/jira/browse/KAFKA-13535 > Project: Kafka > Issue Type: Bug > Affects Versions: 2.8.1 > Reporter: Akansh Shandilya > Priority: Major > > Kafka v2.8.1 uses log4j v1.x . Please review following information : > > Is Kafka v2.8.1 impacted by CVE-2021-44228? > If yes, is there any workaround/recommendation available for Kafka v2.8.1 to > mitigate CVE-2021-44228 -- This message was sent by Atlassian Jira (v8.20.1#820001)