You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Mike Lothian (Jira)" <ji...@apache.org> on 2022/02/09 17:05:00 UTC

[jira] [Updated] (KAFKA-13660) Replace log4j with reload4j

     [ https://issues.apache.org/jira/browse/KAFKA-13660?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mike Lothian updated KAFKA-13660:
---------------------------------
    Description: 
Kafka is using a known vulnerable version of log4j, the reload4j project was created by the code's original authors to address those issues. It is designed as a drop in replacement without any api changes

 

https://reload4j.qos.ch/

 

I've raised a merge request, replacing log4j with reload4j, slf4j-log4j12 with slf4j-reload4j and bumping the slf4j version

 

This is my first time contributing to the Kafka project and I'm not too familiar with the process, I'll go back and amend my PR with this issue number

  was:
Kafka is using a known vulnerable version of log4j, the reload4j project was created by the code's original authors to address those issues. It is designed as a drop in replacement without any api changes

 

I've raised a merge request, replacing log4j with reload4j, slf4j-log4j12 with slf4j-reload4j and bumping the slf4j version

 

this is my first time contributing to the Kafka project and I'm not too familiar with the process, I'll go back and amend my PR with this issue number


> Replace log4j with reload4j
> ---------------------------
>
>                 Key: KAFKA-13660
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13660
>             Project: Kafka
>          Issue Type: Bug
>          Components: logging
>    Affects Versions: 2.4.0, 3.0.0
>            Reporter: Mike Lothian
>            Priority: Major
>
> Kafka is using a known vulnerable version of log4j, the reload4j project was created by the code's original authors to address those issues. It is designed as a drop in replacement without any api changes
>  
> https://reload4j.qos.ch/
>  
> I've raised a merge request, replacing log4j with reload4j, slf4j-log4j12 with slf4j-reload4j and bumping the slf4j version
>  
> This is my first time contributing to the Kafka project and I'm not too familiar with the process, I'll go back and amend my PR with this issue number



--
This message was sent by Atlassian Jira
(v8.20.1#820001)