You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/12/10 20:03:07 UTC

[GitHub] [kafka] svudutala-vmware edited a comment on pull request #7898: KAFKA-9366: Change log4j dependency into log4j2

svudutala-vmware edited a comment on pull request #7898:
URL: https://github.com/apache/kafka/pull/7898#issuecomment-991209328


   > Will this PR solve [CVE-2021-44228](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q)?
   
   @soumiksamanta https://github.com/apache/kafka/blob/bd3038383265f7bb850c09fe0a74a48c5c2e6f99/gradle/dependencies.gradle#L78 should be upgraded to 2.15.0.  log4j <= 2.14.0 all have this issue. 
   
   Initially I thought log4j 1.x is not impacted but as per https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 it is. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org