You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/02/11 13:23:12 UTC

[GitHub] [kafka] ch4rl353y commented on pull request #7898: KAFKA-9366: Change log4j dependency into log4j2

ch4rl353y commented on pull request #7898:
URL: https://github.com/apache/kafka/pull/7898#issuecomment-777453160


   Regarding the CVE-2019-17571 from https://issues.apache.org/jira/browse/KAFKA-9366: is there another way to mitigite the risk?
   
   we're looking for a temporary solution until this PR finally gets approved, but are not sure if and how the vulnerability could even get exploited. Any thoughts?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org