[
https://issues.apache.org/jira/browse/KAFKA-13660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489905#comment-17489905
]
Dongjin Lee commented on KAFKA-13660:
-------------------------------------
Hi [~FireBurn],
Thanks for your interest in this issue. I think reload4j is a promising project
but, it seems not proven yet. Also, the log4j issue is already under progress
with KAFKA-9366.
Plus, these kinds of issues need a process named Kafka Improvement Proposal.
Please have a look at [this
page|https://cwiki.apache.org/confluence/display/kafka/kafka+improvement+proposals].
> Replace log4j with reload4j
> ---------------------------
>
> Key: KAFKA-13660
> URL: https://issues.apache.org/jira/browse/KAFKA-13660
> Project: Kafka
> Issue Type: Bug
> Components: logging
> Affects Versions: 2.4.0, 3.0.0
> Reporter: Mike Lothian
> Priority: Major
>
> Kafka is using a known vulnerable version of log4j, the reload4j project was
> created by the code's original authors to address those issues. It is
> designed as a drop in replacement without any api changes
>
> https://reload4j.qos.ch/
>
> I've raised a merge request, replacing log4j with reload4j, slf4j-log4j12
> with slf4j-reload4j and bumping the slf4j version
>
> This is my first time contributing to the Kafka project and I'm not too
> familiar with the process, I'll go back and amend my PR with this issue number
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
