KIP-653 — Upgrade log4j to log4j2
Accepted Kafka 4.0 Broker
Replaces the log4j 1.x dependency on the Kafka broker/server side with log4j2 (2.x) and its corresponding SLF4J bindings. Log4j 1.x reached end-of-life in 2012, exposes known CVEs (e.g., CVE-2019-17571), and forces operators to use an obsolete configuration format unfamiliar to most users who know log4j2 syntax.
Details
| Author | Dongjin Lee |
| Status | Accepted |
| Kafka Version | 4.0 |
| JIRA | KAFKA-9366 |
| Wiki | View on Apache Wiki |
| Created | 2020-08-05 |
| Last Modified | 2024-11-19 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.