Critical security vulnerability code-named “Log4Shell” (tracked as CVE-2021-44228)

rlinapagolla · 13 December 2021 20:20

Does the below critical security vulnerability code-named “Log4Shell” (tracked as CVE-2021-44228) impact our Kafka Connector application using kafka_2.12-2.2.2 and log4j-1.2.17.jar?

rmoff · 14 December 2021 09:26

Hi,

Please see this support note: https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability. It’s publicly accessible - no support account required.

rlinapagolla · 21 December 2021 14:12

Thanks for responding, will the Confluent Kafka connector work with log4j version 2.16 at all?

system · 28 December 2021 14:12

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is the kafka-connect docker image confluentinc/cp-kafka-connect-base:5.5.0 affected by the log4j vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228? Kafka Connect	2	3243	14 December 2021
Is cp-kafka-connect-base image still using confluent forked log4j v1.x? Self-Managed Connectors	1	1842	4 June 2023
Confluent-community-2.13 log4J vulnerability Kafka Connect	7	3324	2 March 2022
KafkaConnectory and Log4j version Compatibility Kafka Connect	2	2977	27 January 2022
Resolving CVE-2022-48566 and CVE-2023-40217 Kafka Connect	1	1236	29 October 2023

Critical security vulnerability code-named “Log4Shell” (tracked as CVE-2021-44228)

Related topics