You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/12/11 15:25:05 UTC

[GitHub] [kafka] priyavj08 removed a comment on pull request #7898: KAFKA-9366: Change log4j dependency into log4j2

priyavj08 removed a comment on pull request #7898:
URL: https://github.com/apache/kafka/pull/7898#issuecomment-991672999


   > Agree. After reconsidering the issue, I concluded that [CVE-2019-17571](https://github.com/advisories/GHSA-2qrg-x229-3v8q) is rather a minor issue; It is only problematic only when the user tries to use the `SocketServer` appender.
   
   hi @dongjinleekr, do we know if  kafka 2.8.1 exposed to this vulnerability CVE-2021-44228?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org