ilto:sro...@gmail.com>>
Cc:"Juan Liu" mailto:liuj...@cn.ibm.com>>,
"user@spark.apache.org<mailto:user@spark.apache.org>"
mailto:user@spark.apache.org>>
Date:2022/01/20 03:05 PM
Subject:[EXTERNAL] RE: Does Spark 3.1.2/3.2 support
Juan Liu ; user@spark.apache.org
Subject: RE: Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your target
release day for Spark3.3?
Sie erhalten nicht oft E-Mail von "t...@ibm.com<mailto:t...@ibm.com>". Weitere
Informationen, warum dies wichtig
ist<http://aka.ms/LearnAboutSenderIdentif
e J Griesenbrock" , "User" Subject: [EXTERNAL] Re: Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your target release day for Spark3.3?Date: Thu, Jan 13, 2022 08:05
Yes, Spark does not use the SocketServer mentioned in CVE-2019-17571, however, so is not affected.
3.3.0 would prob
This very user@ list -- announcements will go to all the lists.
On Wed, Jan 19, 2022 at 11:50 AM Theodore J Griesenbrock
wrote:
> Again, sorry to bother you.
>
> What is the best option available to ensure we get notified when a new
> version is released for Apache Spark? I do not see any RSS
Yes, Spark does not use the SocketServer mentioned in CVE-2019-17571,
however, so is not affected.
3.3.0 would probably be out in a couple months.
On Thu, Jan 13, 2022 at 3:14 AM Juan Liu wrote:
> We are informed that CVE-2021-4104 is not only problem with Log4J 1.x.
> There is one more
he.org
Subject: Re: Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your target
release day for Spark3.3?
Again: the CVE has no known effect on released Spark versions. Spark 3.3 will
have log4j 2.x anyway.
On Wed, Jan 12, 2022 at 10:21 AM Crowe, John
mailto:john.cr...@tditechnologies.com>&
ry 12, 2022 8:50 AM
> *To:* user@spark.apache.org
> *Cc:* Theodore J Griesenbrock
> *Subject:* Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your
> target release day for Spark3.3?
>
>
>
> Dear Spark support,
>
> Due to the known log4j security issue, we are r
As noted, there is no known effect on Spark, as released versions do not
use an affected log4j version and configuration, thus no documentation
about remediation.
It is in any event a good idea to update to 2.x; please see JIRA for the
log4j 2.x update, which will come in Spark 3.3.0 as this is
upp...@tditechnologies.com>
From: Juan Liu
Sent: Wednesday, January 12, 2022 8:50 AM
To: user@spark.apache.org
Cc: Theodore J Griesenbrock
Subject: Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your target
release day for Spark3.3?
Dear Spark support,
Due to the known log4j security issue, we are re
There was a discussion on this issue couple of weeks ago. Basically if
you look at the CVE definition of Log4j, the vulnerability only affects
certain versions of log4j 2.x, not 1.x. Since Spark doesn't use any of
the affected log4j versions, this shouldn't be a concern..
Dear Spark support,
Due to the known log4j security issue, we are required to upgrade log4j
version to 2.17.1. Currently, we use Spark3.1.2 with default log4j 1.2.17.
Also we found log4j configuration document here:
https://spark.apache.org/docs/3.2.0/configuration.html#configuring-logging
11 matches
Mail list logo
