Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9366

Upgrade log4j to log4j2

    XMLWordPrintableJSON

Details

    • Bug
    • Status: In Progress
    • Critical
    • Resolution: Unresolved
    • 2.2.0, 2.1.1, 2.3.0, 2.4.0
    • 4.0.0
    • core

    Description

      CVE-2019-17571 Detail

      Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

       

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

       

      Attachments

        Issue Links

          Dependent

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-13604 Add pluggable logging framework support

          • Major - Major loss of function.
          • Open
          is a parent of

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-17892 Update README after migration to log4j2

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-10877 Instantiating loggers for every FetchContext causes low request handler idle pool ratio.

          • Major - Major loss of function.
          • Open
          is depended upon by

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-12399 Deprecate Log4J Appender KIP-719

          • Major - Major loss of function.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-13616 Log4j 1.X CVE-2022-23302/5/7 vulnerabilities

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-13729 Kafka Core Components and other projects (like broker) using older version of the log4j 1.x, need to update 2.x

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. KAFKA-13534 Upgrade Log4j to 2.15.0 - CVE-2021-44228

          • Major - Major loss of function.
          • Resolved
          is related to

          Task - A task that needs to be done. KAFKA-13534 Upgrade Log4j to 2.15.0 - CVE-2021-44228

          • Major - Major loss of function.
          • Resolved
          relates to

          New Feature - A new feature of the product, which has yet to be developed. KAFKA-16936 Upgrade slf4k to 2.0.9 and integrate "-Dslf4j.provider" to kafka script

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-17889 Consider replacing `.properties` files with yaml format for Log4j configuration

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-13625 Fix inconsistency in dynamic application log levels

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • In Progress

          Test - A new unit, integration or system test. KAFKA-17963 Considering replacing LogCaptureAppender with ListAppender

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Task - A task that needs to be done. KAFKA-17858 Remove ZK-related configuration from the log4j configuration.

          • Major - Major loss of function.
          • Open
          links to

          Web Link GitHub Pull Request #7898

          Web Link GitHub Pull Request #17373

          mentioned in

          Page Loading...

          Activity

            People

              frankvicky TengYao Chi
              lbdai3190 leibo
              Votes:
              24 Vote for this issue
              Watchers:
              41 Start watching this issue

              Dates

                Created:
                Updated: