Skip to content

CVE-2019-17571 kafka and zookeeper 2.7.0 #6051

Answered by scholzj
zencircle asked this question in Q&A
Discussion options

You must be logged in to vote

This is part of the Kafka / ZooKeeper distribution. Log4j 1 is unsupported and has CVEs, but this needs to be addressed by Kafka. Strimzi uses the Kafka binaries. We do not have the resources to maintain forks of Kafka with other logging stack.

My understanding is that this is not critical issue and is not triggered either with the default configuration nor with the usual configuration. You would need to use some more special logging configurations to be exposed to it.

Replies: 1 comment

Comment options

You must be logged in to vote
0 replies
Answer selected by zencircle
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants