You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Dongjin Lee (Jira)" <ji...@apache.org> on 2021/12/16 12:05:00 UTC

[jira] [Commented] (KAFKA-13551) kafka-log4j-appender-2.1.1.jar Is cve-2021-44228 involved?

    [ https://issues.apache.org/jira/browse/KAFKA-13551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460651#comment-17460651 ] 

Dongjin Lee commented on KAFKA-13551:
-------------------------------------

In short, NO. CVE-2021-44228 is problematic only when you are using JMS appender.

disclaimer: I am currently working on log4j2 migration, KAFKA-9366 and KAFKA-12399.

>  kafka-log4j-appender-2.1.1.jar Is cve-2021-44228 involved? 
> ------------------------------------------------------------
>
>                 Key: KAFKA-13551
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13551
>             Project: Kafka
>          Issue Type: Bug
>          Components: consumer
>            Reporter: xiansheng fu
>            Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.1#820001)