Hi Sandip,
I just merged the PR https://github.com/apache/kafka/pull/11743 that
replaces log4j with reload4j. Reload4j will be part of Apache Kafka
3.2.0 and 3.1.1.
Best,
Bruno
On 30.03.22 04:26, Luke Chen wrote:
> Hi Sandip,
>
> We plan to replace log4j with reload4j in v3.2.0 and v3.1.1. (KAFKA-13660
> <https://issues.apache.org/jira/browse/KAFKA-13660>)
> And plan to upgrade to log4j2 in v4.0.0.
>
> You can check this discussion thread for more details:
> https://lists.apache.org/thread/qo1y3249xldt4cpg6r8zkcq5m1q32bf1
>
> Thank you.
> Luke
>
> On Tue, Mar 29, 2022 at 10:18 PM Sandip Bhunia
> <sandip.bhunia@tcs.com.invalid> wrote:
>
>> Dear Team,
>>
>> We are getting vulnerability due to Log4j- v1.2.17 jar being used in
>> Kafka_2.11-2.4.0.
>> We tried to upgrade the same to Kafka_2.13-3.1.0 to remediate
>> vulnerability due to Log4j- v1.2.17 (obsolete version- Log4j 1.x has
>> reached End of Life in 2015 and is no longer supported.) but found this
>> version of Kafka do not use Log4j v2.X
>>
>> As per your website there is no such information available. Please let us
>> know when this will get upgraded. Please us know how to get this
>> vulnerability remediated as we need to upgrade Log4j to v2.x
>>
>>
>>
>> *Thanks & Regards,*
>> *Sandip Bhunia*
>>
>> *Cell: 9932245061 **Em@il* <Em@il> *: **sandip.bhunia@tcs.com*
>> <sandip.bhunia@tcs.com>
>>
>>
>> *Advance Notice of Holidays: *
>>
>>
>>
>>
>> =====-----=====-----=====
>> Notice: The information contained in this e-mail
>> message and/or attachments to it may contain
>> confidential or privileged information. If you are
>> not the intended recipient, any dissemination, use,
>> review, distribution, printing or copying of the
>> information contained in this e-mail message
>> and/or attachments to it are strictly prohibited. If
>> you have received this communication in error,
>> please notify us by reply e-mail or telephone and
>> immediately and permanently delete the message
>> and any attachments. Thank you
>>
>>
>
I just merged the PR https://github.com/apache/kafka/pull/11743 that
replaces log4j with reload4j. Reload4j will be part of Apache Kafka
3.2.0 and 3.1.1.
Best,
Bruno
On 30.03.22 04:26, Luke Chen wrote:
> Hi Sandip,
>
> We plan to replace log4j with reload4j in v3.2.0 and v3.1.1. (KAFKA-13660
> <https://issues.apache.org/jira/browse/KAFKA-13660>)
> And plan to upgrade to log4j2 in v4.0.0.
>
> You can check this discussion thread for more details:
> https://lists.apache.org/thread/qo1y3249xldt4cpg6r8zkcq5m1q32bf1
>
> Thank you.
> Luke
>
> On Tue, Mar 29, 2022 at 10:18 PM Sandip Bhunia
> <sandip.bhunia@tcs.com.invalid> wrote:
>
>> Dear Team,
>>
>> We are getting vulnerability due to Log4j- v1.2.17 jar being used in
>> Kafka_2.11-2.4.0.
>> We tried to upgrade the same to Kafka_2.13-3.1.0 to remediate
>> vulnerability due to Log4j- v1.2.17 (obsolete version- Log4j 1.x has
>> reached End of Life in 2015 and is no longer supported.) but found this
>> version of Kafka do not use Log4j v2.X
>>
>> As per your website there is no such information available. Please let us
>> know when this will get upgraded. Please us know how to get this
>> vulnerability remediated as we need to upgrade Log4j to v2.x
>>
>>
>>
>> *Thanks & Regards,*
>> *Sandip Bhunia*
>>
>> *Cell: 9932245061 **Em@il* <Em@il> *: **sandip.bhunia@tcs.com*
>> <sandip.bhunia@tcs.com>
>>
>>
>> *Advance Notice of Holidays: *
>>
>>
>>
>>
>> =====-----=====-----=====
>> Notice: The information contained in this e-mail
>> message and/or attachments to it may contain
>> confidential or privileged information. If you are
>> not the intended recipient, any dissemination, use,
>> review, distribution, printing or copying of the
>> information contained in this e-mail message
>> and/or attachments to it are strictly prohibited. If
>> you have received this communication in error,
>> please notify us by reply e-mail or telephone and
>> immediately and permanently delete the message
>> and any attachments. Thank you
>>
>>
>
Comments
Post a Comment