sofarsoghood commented on pull request #7898: URL: https://github.com/apache/kafka/pull/7898#issuecomment-790429327
> @dongjinleekr really appreciate your guidance here. thanks for the patch. > > If I chose to not to move to this patch right away, can you please confirm that this vulnerability in log4j ([CVE-2019-17571](https://github.com/advisories/GHSA-2qrg-x229-3v8q)) doesn't affect Kafka? > > thanks @priyavj08 we now checked Kafka's source code for any appearances of the SocketServer class or corresponding config files but were not able to find any. Furthermore we took a closer look at the listening ports inside the running containers. Conclusion: it looks like the affected SocketServer class is not used by Kafka. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
