ilto:sro...@gmail.com>>
Cc:"Juan Liu" mailto:liuj...@cn.ibm.com>>,
"user@spark.apache.org<mailto:user@spark.apache.org>"
mailto:user@spark.apache.org>>
Date:2022/01/20 03:05 PM
Subject:[EXTERNAL] RE: Does Spark 3.1.2/3.2 support
Juan Liu ; user@spark.apache.org
Subject: RE: Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your target
release day for Spark3.3?
Sie erhalten nicht oft E-Mail von "t...@ibm.com<mailto:t...@ibm.com>". Weitere
Informationen, warum dies wichtig
ist<http://aka.ms/LearnAboutSenderIdentif
e J Griesenbrock" , "User" Subject: [EXTERNAL] Re: Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your target release day for Spark3.3?Date: Thu, Jan 13, 2022 08:05
Yes, Spark does not use the SocketServer mentioned in CVE-2019-17571, however, so is not affected.
3.3.0 would prob
This very user@ list -- announcements will go to all the lists.
On Wed, Jan 19, 2022 at 11:50 AM Theodore J Griesenbrock
wrote:
> Again, sorry to bother you.
>
> What is the best option available to ensure we get notified when a new
> version is released for Apache Spark? I do not see any RSS
Yes, Spark does not use the SocketServer mentioned in CVE-2019-17571,
however, so is not affected.
3.3.0 would probably be out in a couple months.
On Thu, Jan 13, 2022 at 3:14 AM Juan Liu wrote:
> We are informed that CVE-2021-4104 is not only problem with Log4J 1.x.
> There is one more
he.org
Subject: Re: Does Spark 3.1.2/3.2 support log4j 2.17.1+, and how? your target
release day for Spark3.3?
Again: the CVE has no known effect on released Spark versions. Spark 3.3 will
have log4j 2.x anyway.
On Wed, Jan 12, 2022 at 10:21 AM Crowe, John
mailto:john.cr...@tditechnologies.com>&
Again: the CVE has no known effect on released Spark versions. Spark 3.3
will have log4j 2.x anyway.
On Wed, Jan 12, 2022 at 10:21 AM Crowe, John
wrote:
> I too would like to know when you anticipate Spark 3.3.0 to be released
> due to the Log4j CVE’s.
>
> Our customers are all quite concerned.
As noted, there is no known effect on Spark, as released versions do not
use an affected log4j version and configuration, thus no documentation
about remediation.
It is in any event a good idea to update to 2.x; please see JIRA for the
log4j 2.x update, which will come in Spark 3.3.0 as this is
I too would like to know when you anticipate Spark 3.3.0 to be released due to
the Log4j CVE’s.
Our customers are all quite concerned.
Regards;
John Crowe
TDi Technologies, Inc.
1600 10th Street Suite B
Plano, TX 75074
(800) 695-1258
There was a discussion on this issue couple of weeks ago. Basically if
you look at the CVE definition of Log4j, the vulnerability only affects
certain versions of log4j 2.x, not 1.x. Since Spark doesn't use any of
the affected log4j versions, this shouldn't be a concern..
10 matches
Mail list logo