Documentation states that Kafka Third-Party File Requirements include slf4j-log4j12-1.7.25.jar which is a an old version with vulnerabilities.
The slf4j site (https://www.slf4j.org/manual.html#swapping) says we should be using slf4j-reload4j instead.
Do we really need that slf4j-log4j12-1.7.25.jar in 10.7.2?
Tested kafka without the Slf4j-log4j12-1.7.25.jar.
The DevTest documentation https://techdocs.broadcom.com/us/en/ca-enterprise-software/devops/devtest-solutions/10-7/administering/general-administration/third-party-file-requirements.html#concept.dita_995eba96d828c1ae85ee146d19238c8926843584_ApacheKafka
Release : 10.7.2
Component : DevTest Virtual Service
Engineering has validated it on DevTest 10.7.2 with SASL_SSL Authentication without lz4-java-1.4.jar, slf4j-log4j12-1.7.25.jar, snappy-java-22.214.171.124.jar and it works properly.
These lz4-java-1.4.jar, snappy-java-126.96.36.199 jar are meant to some compression and performance related so it good to have.
Have confirmed slf4j-log4j12-1.7.25.jar is not required for Logging as it's already happening.