Hi, I’m using confluent-community-2.13 How can I make sure that this is the latest version or there is no log4J vulnerability?
thanks,
Umit
Please refer to https://support.confluent.io/hc/en-us/articles/4412615410580-December-2021-Log4j-Vulnerabilities-Advisory
1 Like
Hi @shortcode
check this site
So if your’re stick to the latest confluent version 7.0.1 you should be fine.
on which OS you’ running?
best,
michael
We use Linux.
support page says: " Confluent’s community package does not include or rely upon Log4j 2.x." so there is no vulnerability. I can’t follow versions for community edition. this is our installation script:
#--------------------------------------------------------------
# Install Confluent Platform Community Components
#--------------------------------------------------------------
exec {'confluent-public-key':
command => '/usr/bin/rpm -v --import https://packages.confluent.io/rpm/6.0/archive.key',
}
file { '/etc/yum.repos.d/confluent.repo':
ensure => 'file',
content => file('kafka/confluent.repo'),
replace => 'true',
owner => 'root',
group => 'root',
mode => 'ug+w,o+rx',
}
exec {'yum-clean':
command => '/usr/bin/yum -y clean all',
}
exec {'yum-install-confluent':
command => '/usr/bin/yum -y install confluent-community-2.13',
}
no objections so far 
how can I get latest version using my installation script?
follow this guide
https://docs.confluent.io/platform/current/installation/installing_cp/rhel-centos.html
1 Like
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.