WG: Log4j 1.2

2022-01-07 Thread Brosy, Franziska
Hi all, can you please tell us why Kafka is still using Log4j 1.2? And when it is planned to upgrade the Log4j version?? Do you know this security vulnerability?: https://logging.apache.org/log4j/1.2/ A security vulnerability, CVE-2019-17571 has

Re: [VOTE] 3.1.0 RC0

2022-01-07 Thread Israel Ekpo
So far we have 1 binding +1 vote and 4 non-binding +1 votes. Could we get more participation from community members with binding votes so close it out by the deadline today? We have approximately 13 hours left for voting Thanks Israel Ekpo Lead Instructor, IzzyAcademy.com

Re: Log4j 1.2

2022-01-07 Thread Roger Kasinsky
Hi Franziska, When upgrading to Log4J 2.x.x, take extra care not to upgrade to a 2.x.x version that has a more recent serious security flaw, much worse than the one you mentioned. You can read more about it here: https://access.redhat.com/security/cve/cve-2021-44228 Thanks! -R On Fri, Jan 7,

Re: [VOTE] 3.1.0 RC0

2022-01-07 Thread Luke Chen
Hi David, I've done: 1. Verified checksums and signatures 2. Ran quick start using scala 2.13 3. Browse the java doc All looks good. +1 (non-binding) Thanks for running the release. Luke On Fri, Jan 7, 2022 at 11:38 PM Israel Ekpo wrote: > So far we have 1 binding +1 vote and 4 non-binding

Re: Kafka performance when it comes to throughput

2022-01-07 Thread Israel Ekpo
Marisa, I have kicked off the video series on performance optimization for the Kafka setup. I will be working on the various configurations for latency, throughput, availability and durability. https://youtu.be/aPlbG349cXg The first ones will be on latency and throughput which is what you are

Re: Log4j 1.2

2022-01-07 Thread Murilo Tavares
Also worth mentioning the Kafka community has released this official announcement: https://kafka.apache.org/cve-list On Fri, 7 Jan 2022 at 09:28, Roger Kasinsky wrote: > Hi Franziska, > > When upgrading to Log4J 2.x.x, take extra care not to upgrade to a 2.x.x > version that has a more recent

Feature Request: Custom Keystore as a classpath resource

2022-01-07 Thread Clayton Wohl
Currently, to use a custom keystore with the JVM Kafka consumer/producer API, you need to have your keystore file on disk and configure it with an absolute file path like this: Properties kafkaProperties = new Properties(); kafkaProperties.setProperty(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG,

Feature Request: Custom Keystore as a classpath resource

2022-01-07 Thread Clayton Wohl
Currently, to use a custom keystore with the JVM Kafka consumer/producer API, you need to have your keystore file on disk and configure it with an absolute file path like this: Properties kafkaProperties = new Properties(); kafkaProperties.setProperty(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG,