Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-13729

Kafka Core Components and other projects (like broker) using older version of the log4j 1.x, need to update 2.x

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 2.4.1
    • None
    • core
    • Production
    • Patch, Important

    Description

      Hi Team, 

       

      We were using Apache Kafka, to handle message transfer. Now in the security audit, we got vulnerability, due to Apache Kafka core and other projects were using the older log4j versions 1.x. 

      You Guys need to update the log4j version from 1.x to 2.x in  Core and other subprojects of Kafka. Can you please help us, to fix that vulnerability,  otherwise can you please share Guide us to upgrade that version from log4j  1.x to log4j 2.x

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-9366 Upgrade log4j to log4j2

          • Critical - Crashes, loss of data, severe memory leak.
          • In Progress

          Activity

            People

              Unassigned Unassigned
              viswateja viswateja.satrapu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 96h
                  96h
                  Remaining:
                  Remaining Estimate - 96h
                  96h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified