Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.4.0, 3.0.0
-
None
Description
Kafka is using a known vulnerable version of log4j, the reload4j project was created by the code's original authors to address those issues. It is designed as a drop in replacement without any api changes
I've raised a merge request, replacing log4j with reload4j, slf4j-log4j12 with slf4j-reload4j and bumping the slf4j version
This is my first time contributing to the Kafka project and I'm not too familiar with the process, I'll go back and amend my PR with this issue number
Attachments
Issue Links
- fixes
-
KAFKA-14137 Security Vulnerabilities reported in CVE-2021-45046 and CVE-2021-45046
- Resolved
- links to