You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Dongjin Lee (Jira)" <ji...@apache.org> on 2021/12/16 12:05:00 UTC
[jira] [Commented] (KAFKA-13551) kafka-log4j-appender-2.1.1.jar Is cve-2021-44228 involved?
[ https://issues.apache.org/jira/browse/KAFKA-13551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460651#comment-17460651 ]
Dongjin Lee commented on KAFKA-13551:
-------------------------------------
In short, NO. CVE-2021-44228 is problematic only when you are using JMS appender.
disclaimer: I am currently working on log4j2 migration, KAFKA-9366 and KAFKA-12399.
> kafka-log4j-appender-2.1.1.jar Is cve-2021-44228 involved?
> ------------------------------------------------------------
>
> Key: KAFKA-13551
> URL: https://issues.apache.org/jira/browse/KAFKA-13551
> Project: Kafka
> Issue Type: Bug
> Components: consumer
> Reporter: xiansheng fu
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)