[ https://issues.apache.org/jira/browse/SPARK-39465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17554844#comment-17554844 ]
Josh Rosen edited comment on SPARK-39465 at 6/16/22 1:21 AM: ------------------------------------------------------------- Spark uses Log4J 2.x starting in Spark 3.3.0+; see SPARK-37814 The migration from Log4J 1.x to Log4J 2.x is too large of a change for us to backport to existing Spark versions (see [related discussion on another ticket|https://issues.apache.org/jira/browse/SPARK-37883?focusedCommentId=17481521&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17481521]). As a result, if you want to use Log4J 2.x then you will need to upgrade to Spark 3.3.0. The [Spark 3.3.0 release vote just passed yesterday|https://lists.apache.org/thread/zg6k1spw6k1c7brgo6t7qldvsqbmfytm], so the release should be published in the next couple of days. was (Author: joshrosen): Spark uses Log4J 2.x starting in Spark 3.3.0+; see SPARK-37814 The migration from Log4J 1.x to Log4J 2.x is too large of a change for us to backport to existing Spark versions (see related discussion on another ticket). As a result, if you want to use Log4J 2.x then you will need to upgrade to Spark 3.3.0. The [Spark 3.3.0 release vote just passed yesterday|https://lists.apache.org/thread/zg6k1spw6k1c7brgo6t7qldvsqbmfytm], so the release should be published in the next couple of days. > Log4j version upgrade to 2.17.2 > ------------------------------- > > Key: SPARK-39465 > URL: https://issues.apache.org/jira/browse/SPARK-39465 > Project: Spark > Issue Type: Dependency upgrade > Components: Java API > Affects Versions: 3.2.1 > Environment: Production > Reporter: Chethan G B > Priority: Major > > Hi Team, > There were talks about upgrading log4j to latest version available as part of > security fix. > Wanted to know, if it is already upgraded. > > Note: We are using below dependencies, > > <dependency> > <groupId>org.apache.spark</groupId> > <artifactId>spark-core_2.12</artifactId> > <version>3.0.1</version> > </dependency> > <dependency> > <groupId>org.apache.spark</groupId> > <artifactId>spark-sql_2.12</artifactId> > <version>3.0.1</version> > </dependency> > Kindly let us know when the log4j upgrade will be available for users ? -- This message was sent by Atlassian Jira (v8.20.7#820007) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org