https://community.cloudera.com/t5/Support-Questions/Log4j2-vulnerability/m-p/333732#M231493 <P>Dears,</P><P>Currently we are using Apache kafka 2.13-2.6.0 Version in our production and Currently (log4j-1.2.17) is installed on the server.</P><P>After a recent security scan, our vendor suggested upgrading to Log4j version 2.16.0 or higher since 1.x is an Unsupported Version(end of life) and a CVE-2021-4104 vulnerability.</P><P>Could you please suggest and provide the guidance to upgrade the log4j version at the earliest.</P> Thu, 13 Jan 2022 08:06:57 GMT naveennn 2022-01-13T08:06:57Z https://community.cloudera.com/t5/Support-Questions/Log4j2-vulnerability/m-p/333732#M231493 <P>Dears,</P><P>Currently we are using Apache kafka 2.13-2.6.0 Version in our production and Currently (log4j-1.2.17) is installed on the server.</P><P>After a recent security scan, our vendor suggested upgrading to Log4j version 2.16.0 or higher since 1.x is an Unsupported Version(end of life) and a CVE-2021-4104 vulnerability.</P><P>Could you please suggest and provide the guidance to upgrade the log4j version at the earliest.</P> Thu, 13 Jan 2022 08:06:57 GMT https://community.cloudera.com/t5/Support-Questions/Log4j2-vulnerability/m-p/333732#M231493 naveennn 2022-01-13T08:06:57Z https://community.cloudera.com/t5/Support-Questions/Log4j2-vulnerability/m-p/333745#M231498 <P><SPAN>Hi <a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/94992">@naveennn</a>, Please read the relevant Support Announcement here:&nbsp;</SPAN><A href="https://community.cloudera.com/t5/Support-Announcements/Cloudera-response-to-CVE-2021-4104/ba-p/332287" target="_blank" rel="nofollow noopener">Cloudera response to CVE-2021-4104</A><SPAN>&nbsp;which also has information on what steps to take.&nbsp;</SPAN></P> Thu, 13 Jan 2022 10:41:36 GMT https://community.cloudera.com/t5/Support-Questions/Log4j2-vulnerability/m-p/333745#M231498 VidyaSargur 2022-01-13T10:41:36Z