hi Ming-Yen thanks for this KIP. A couple of questions are listed below.
1. what happens if users replace the log4j2 impl by other log framework when running worker? 2. what we should do if kafka 5.0 is going to upgrade to slf4j 2? Best, Chia-Ping On 2026/03/16 14:41:54 Ming-Yen Chung wrote: > Hi all, > > I would like to start a discussion on > KIP-1296: Shadow Jetty dependencies to decouple from SLF4J version conflict > <https://cwiki.apache.org/confluence/x/c5I8G> > > Kafka is pinned to Jetty 12.0.25 because Jetty 12.0.30+ uses SLF4J 2.x > fluent API calls that cause NoSuchMethodError with Kafka's SLF4J 1.7.x. > This blocks two CVE fixes (KAFKA-20270, KAFKA-20283). > > This KIP proposes a shadow JAR module that bundles Jetty with a relocated > slf4j-api 2.x, allowing Jetty to use SLF4J 2.x internally without > affecting Kafka's SLF4J 1.x. No public interfaces are changed. > > Example PR: https://github.com/apache/kafka/pull/21773 > > Thanks, > Ming-Yen >
