This page contains a list of all known vulnerabilities fixed in released versions of JDBC connector for Apache Kafka.
The CVE-2021-45046 and CVE-2021-44228 vulnerabilities affect the Apache Log4j logging library in versions prior 2.15.0.
JDBC connector for Apache Kafka does not use any version of Log4j directly as it uses slf4j, which acts as an abstraction layer over logging frameworks. For this reason, this project is not directly impacted by said vulnerabilities.
We recommend all users of JDBC connector for Apache Kafka to inspect their dependency tree and make sure they are not including any impacted version of Log4j. In case Log4j is used, we highly encourage to update to a newer version where these vulnerabilities are addressed (2.16.0 or newer at the time of this writing).