RE: Kafka Log4j2.x upgrade plan

Deepak Jain Fri, 11 Feb 2022 03:46:56 -0800

Hi Luke,


First of all Congratulations. Thanks for all your contributions.



Please let us know if Kafka is planning to upgrade Log4j to latest version in 
Kafka future release. Our Customer is eagerly waiting and following with us 
regarding the same.



Regards,

Deepak

From: Luke Chen <show...@gmail.com>
Sent: 21 January 2022 12:35
To: Deepak Jain <deepak.j...@cumulus-systems.com>
Cc: users@kafka.apache.org; Alap Patwardhan <a...@cumulus-systems.com>
Subject: Re: Kafka Log4j2.x upgrade plan

Hi Deepak,

So far, we don't have an ETA for log4j2.
Please check this discussion: https://issues.apache.org/jira/browse/KAFKA-9366

Thank you.
Luke

On Fri, Jan 21, 2022 at 1:57 PM Deepak Jain 
<deepak.j...@cumulus-systems.com<mailto:deepak.j...@cumulus-systems.com>> wrote:
Hi Luke,

We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the Log4j 
vulnerability CVE-2021-44228, CVE-2021-45046, CVE-2021-4104 and CVE-2021-45105, 
we are waiting for kafka to upgrade to Log4j 2.17.

Our Customers are asking why Kafka is using obsolete log4j1.x version.

Please let us know when Kafka is planned to upgrade the Log4j version?

Thanks in advance.

Regards,
Deepak

RE: Kafka Log4j2.x upgrade plan

Reply via email to