We have released version 2.4.3 of stream-collector, upgrading dependencies to address the recently identified Log4j 2 vulnerability ( CVE-2021-44228).
The main highlight is fixing the version of log4j-core to 2.16.0. This change only affects the nsq collector. The kinesis, pubsub and kafka flavours of the collector were already using slf4j-simple.
We have also bumped other dependencies to ensure we’re on latest versions.
2.4.3 images can be pulled from Docker Hub.
For the full list of changes and jar files, see the release notes:
Edited on 15 Dec 2021 11:07 UTC to clarify that log4j-core change affects the nsq collector only.