I’m running external Zookeeper 3.8.0 with NiFi 1.15 without issue because of the log4j findings and it installed over 3.6.3 just fine so in theory it should work.
Thanks Shawn On May 2, 2022, at 9:56 AM, Gregory M. Foreman <[email protected]<mailto:[email protected]>> wrote: Hello: Nifi 1.16.1 included upgrading to zookeeper 3.5.9, which uses log4j 1.2.17 (NIFI-9955). My client currently has an external zookeeper 3.5.8 deployed, it uses log4j 1.2.17, and it has been flagged to upgrade due to the log4j CVE. I originally thought that log4j 1.x versions were not affected, but I may have over-simplified the logic. Ref: https://www.petefreitag.com/item/926.cfm (no affiliation). It appears that zookeeper 3.5.9 is going to EOL in June 2022. Are there plans to upgrade to zookeeper 3.7.0 or later? Thanks, Greg
