You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/02/22 11:56:04 UTC

[GitHub] [kafka] priyavj08 commented on pull request #7898: KAFKA-9366: Change log4j dependency into log4j2

priyavj08 commented on pull request #7898:
URL: https://github.com/apache/kafka/pull/7898#issuecomment-783322141


   > @dongjinleekr we're using strimzi/kafka / 0.21.0-kafka-2.7.0
   > 
   > Our SCA scanning Tool (JFrog XRay) found this CVE among many others (speaking of third party lib CVEs only).
   > 
   > We're just wondering if there's a way (e.g. via message sanitizing or logging config adjustments, etc.) to be sure the mentioned CVE cannot be exploited.
   
   I have similar question, can this security vulnerability CVE-2019-17571 get exploited. I use Kafka operator from Banzaicloud  0.12.3/ kafka:2.13-2.6.0
   
   when will the custom release be available?
   
   thanks


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org