Documentation states that Kafka Third-Party File Requirements include slf4j-log4j12-1.7.25.jar which is a an old version with vulnerabilities.

The slf4j site (https://www.slf4j.org/manual.html#swapping) says we should be using slf4j-reload4j instead. 

Do we really need that slf4j-log4j12-1.7.25.jar in 10.7.2?

Tested kafka without the Slf4j-log4j12-1.7.25.jar.

The DevTest documentation https://techdocs.broadcom.com/us/en/ca-enterprise-software/devops/devtest-solutions/10-7/administering/general-administration/third-party-file-requirements.html#concept.dita_995eba96d828c1ae85ee146d19238c8926843584_ApacheKafka 

Release : 10.7.2

Component : DevTest Virtual Service

N/A

Engineering has validated it on DevTest 10.7.2 with SASL_SSL Authentication without lz4-java-1.4.jar, slf4j-log4j12-1.7.25.jar, snappy-java-1.1.7.1.jar and it works properly.

These lz4-java-1.4.jar, snappy-java-1.1.7.1 jar are meant to some compression and performance related so it good to have.

Have confirmed slf4j-log4j12-1.7.25.jar is not required for Logging as it's already happening.