Confluent-community-2.13 log4J vulnerability

Hi, I’m using confluent-community-2.13 How can I make sure that this is the latest version or there is no log4J vulnerability?


Please refer to

1 Like

Hi @shortcode

check this site

So if your’re stick to the latest confluent version 7.0.1 you should be fine.

on which OS you’ running?


We use Linux.
support page says: " Confluent’s community package does not include or rely upon Log4j 2.x." so there is no vulnerability. I can’t follow versions for community edition. this is our installation script:


  # Install Confluent Platform Community Components  


  exec {'confluent-public-key':

    command => '/usr/bin/rpm -v --import',


  file { '/etc/yum.repos.d/confluent.repo':

    ensure  => 'file',

    content => file('kafka/confluent.repo'),

    replace => 'true',

    owner   => 'root',

    group   => 'root',

    mode    => 'ug+w,o+rx',


  exec {'yum-clean':

    command => '/usr/bin/yum -y clean all',


  exec {'yum-install-confluent':

    command => '/usr/bin/yum -y install confluent-community-2.13',


no objections so far :wink:

how can I get latest version using my installation script?

follow this guide

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.