Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-13660

Replace log4j with reload4j

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.4.0, 3.0.0
    • 3.2.0, 3.1.1
    • logging
    • None

    Description

      Kafka is using a known vulnerable version of log4j, the reload4j project was created by the code's original authors to address those issues. It is designed as a drop in replacement without any api changes

       

      https://reload4j.qos.ch/

       

      I've raised a merge request, replacing log4j with reload4j, slf4j-log4j12 with slf4j-reload4j and bumping the slf4j version

       

      This is my first time contributing to the Kafka project and I'm not too familiar with the process, I'll go back and amend my PR with this issue number

      Attachments

        Issue Links

          fixes

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-14137 Security Vulnerabilities reported in CVE-2021-45046 and CVE-2021-45046

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link GitHub Pull Request #11743

          Web Link GitHub Pull Request #11956

          Activity

            People

              FireBurn Mike Lothian
              FireBurn Mike Lothian
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: