From 47705ce99bfb71d55be23e60e955c0580120b68a Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Wed, 8 May 2024 15:51:04 +0200
Subject: [PATCH 1/2] fix(kafka): Set LOG4J_FORMAT_MSG_NO_LOOKUPS env var in
 final image

---
 kafka/Dockerfile | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/kafka/Dockerfile b/kafka/Dockerfile
index d45960cdc..a6b08378c 100644
--- a/kafka/Dockerfile
+++ b/kafka/Dockerfile
@@ -42,12 +42,6 @@ RUN mkdir -p /stackable/jmx/ && \
     chmod +x /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar && \
     ln -s /stackable/jmx/jmx_prometheus_javaagent-${JMX_EXPORTER}.jar /stackable/jmx/jmx_prometheus_javaagent.jar
 
-# ===
-# Mitigation for CVE-2021-44228 (Log4Shell)
-# This variable is supported as of Log4j version 2.10 and
-# disables the vulnerable feature
-ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
-
 # For earlier versions this script removes the .class file that contains the
 # vulnerable code.
 # TODO: This can be restricted to target only versions which do not honor the environment
@@ -136,6 +130,12 @@ COPY --chown=stackable:stackable --from=kcat-builder /stackable/kcat-${KCAT}/kca
 RUN ln -s /stackable/bin/kcat-${KCAT} /stackable/bin/kcat && \
     ln -s /stackable/kafka_${SCALA}-${PRODUCT} /stackable/kafka
 
+# ===
+# Mitigation for CVE-2021-44228 (Log4Shell)
+# This variable is supported as of Log4j version 2.10 and
+# disables the vulnerable feature
+ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
+
 ENV PATH="${PATH}:/stackable/bin:/stackable/kafka/bin"
 
 WORKDIR /stackable/kafka

From acb3a7b791cc5195ea1f9c5192870cbe3116d794 Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Wed, 8 May 2024 15:55:21 +0200
Subject: [PATCH 2/2] changelog

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index aa6850344..341e6e345 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file.
   the Hadoop image. The required AWS JARs are copied from the Hadoop
   image to the HBase image. The script `export-snapshot-to-s3` makes
   exporting easier ([#621]).
+- kafka: Build from source ([#659], [#661]).
 
 ### Changed
 
@@ -50,7 +51,8 @@ All notable changes to this project will be documented in this file.
 [#624]: https://github.com/stackabletech/docker-images/pull/624
 [#626]: https://github.com/stackabletech/docker-images/pull/626
 [#628]: https://github.com/stackabletech/docker-images/pull/628
-
+[#659]: https://github.com/stackabletech/docker-images/pull/659
+[#661]: https://github.com/stackabletech/docker-images/pull/661
 
 ## [24.3.0] - 2024-03-20