Hi Deepak,
The PR to upgrade to log4j 2 is already under review. And so far it looks
good.
So I think it's possible to be merged into v3.2.0.
But still, it's not guaranteed.
PR is here: https://github.com/apache/kafka/pull/7898.
Welcome to provide comments to make it get merged faster.
Thank you.
Luke
On Fri, Feb 11, 2022 at 7:41 PM Deepak Jain <deepak.jain@cumulus-systems.com>
wrote:
> Hi Luke,
>
>
>
> First of all Congratulations. Thanks for all your contributions.
>
>
>
> Please let us know if Kafka is planning to upgrade Log4j to latest version
> in Kafka future release. Our Customer is eagerly waiting and following with
> us regarding the same.
>
>
>
> Regards,
>
> Deepak
>
>
>
> *From:* Luke Chen <showuon@gmail.com>
> *Sent:* 21 January 2022 12:35
> *To:* Deepak Jain <deepak.jain@cumulus-systems.com>
> *Cc:* users@kafka.apache.org; Alap Patwardhan <alap@cumulus-systems.com>
> *Subject:* Re: Kafka Log4j2.x upgrade plan
>
>
>
> Hi Deepak,
>
>
>
> So far, we don't have an ETA for log4j2.
>
> Please check this discussion:
> https://issues.apache.org/jira/browse/KAFKA-9366
>
>
>
> Thank you.
>
> Luke
>
>
>
> On Fri, Jan 21, 2022 at 1:57 PM Deepak Jain <
> deepak.jain@cumulus-systems.com> wrote:
>
> Hi Luke,
>
> We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the
> Log4j vulnerability CVE-2021-44228, CVE-2021-45046, CVE-2021-4104 and
> CVE-2021-45105, we are waiting for kafka to upgrade to Log4j 2.17.
>
> Our Customers are asking why Kafka is using obsolete log4j1.x version.
>
> Please let us know when Kafka is planned to upgrade the Log4j version?
>
> Thanks in advance.
>
> Regards,
> Deepak
>
>
The PR to upgrade to log4j 2 is already under review. And so far it looks
good.
So I think it's possible to be merged into v3.2.0.
But still, it's not guaranteed.
PR is here: https://github.com/apache/kafka/pull/7898.
Welcome to provide comments to make it get merged faster.
Thank you.
Luke
On Fri, Feb 11, 2022 at 7:41 PM Deepak Jain <deepak.jain@cumulus-systems.com>
wrote:
> Hi Luke,
>
>
>
> First of all Congratulations. Thanks for all your contributions.
>
>
>
> Please let us know if Kafka is planning to upgrade Log4j to latest version
> in Kafka future release. Our Customer is eagerly waiting and following with
> us regarding the same.
>
>
>
> Regards,
>
> Deepak
>
>
>
> *From:* Luke Chen <showuon@gmail.com>
> *Sent:* 21 January 2022 12:35
> *To:* Deepak Jain <deepak.jain@cumulus-systems.com>
> *Cc:* users@kafka.apache.org; Alap Patwardhan <alap@cumulus-systems.com>
> *Subject:* Re: Kafka Log4j2.x upgrade plan
>
>
>
> Hi Deepak,
>
>
>
> So far, we don't have an ETA for log4j2.
>
> Please check this discussion:
> https://issues.apache.org/jira/browse/KAFKA-9366
>
>
>
> Thank you.
>
> Luke
>
>
>
> On Fri, Jan 21, 2022 at 1:57 PM Deepak Jain <
> deepak.jain@cumulus-systems.com> wrote:
>
> Hi Luke,
>
> We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the
> Log4j vulnerability CVE-2021-44228, CVE-2021-45046, CVE-2021-4104 and
> CVE-2021-45105, we are waiting for kafka to upgrade to Log4j 2.17.
>
> Our Customers are asking why Kafka is using obsolete log4j1.x version.
>
> Please let us know when Kafka is planned to upgrade the Log4j version?
>
> Thanks in advance.
>
> Regards,
> Deepak
>
>
Comments
Post a Comment