Support Questions
Find answers, ask questions, and share your expertise

Log4j2 vulnerability

New Contributor

Dears,

Currently we are using Apache kafka 2.13-2.6.0 Version in our production and Currently (log4j-1.2.17) is installed on the server.

After a recent security scan, our vendor suggested upgrading to Log4j version 2.16.0 or higher since 1.x is an Unsupported Version(end of life) and a CVE-2021-4104 vulnerability.

Could you please suggest and provide the guidance to upgrade the log4j version at the earliest.

1 REPLY 1

Community Manager

Hi @naveennn, Please read the relevant Support Announcement here: Cloudera response to CVE-2021-4104 which also has information on what steps to take. 



Regards,

Vidya Sargur,
Community Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community: