This is an automated email from the ASF dual-hosted git repository. viirya pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push: new 742b708 [SPARK-37684][BUILD] Upgrade log4j to 2.17 742b708 is described below commit 742b7081713408e2dec97d9198a0b76202d5ec6f Author: Liang-Chi Hsieh <vii...@gmail.com> AuthorDate: Sat Dec 18 17:06:04 2021 -0800 [SPARK-37684][BUILD] Upgrade log4j to 2.17 ### What changes were proposed in this pull request? This patch proposes to upgrade log4j to 2.17. ### Why are the changes needed? There is another CVE (CVE-2021-45105) found in 2.16: https://logging.apache.org/log4j/2.x/security.html. We should upgrade log4j to 2.17. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Pass all tests. Closes #34948 from viirya/upgrade_log4j2.17. Authored-by: Liang-Chi Hsieh <vii...@gmail.com> Signed-off-by: Liang-Chi Hsieh <vii...@gmail.com> --- dev/deps/spark-deps-hadoop-2-hive-2.3 | 8 ++++---- dev/deps/spark-deps-hadoop-3-hive-2.3 | 8 ++++---- pom.xml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 b/dev/deps/spark-deps-hadoop-2-hive-2.3 index 1b0d009..04d3d48 100644 --- a/dev/deps/spark-deps-hadoop-2-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-2-hive-2.3 @@ -186,10 +186,10 @@ lapack/2.2.1//lapack-2.2.1.jar leveldbjni-all/1.8//leveldbjni-all-1.8.jar libfb303/0.9.3//libfb303-0.9.3.jar libthrift/0.12.0//libthrift-0.12.0.jar -log4j-1.2-api/2.16.0//log4j-1.2-api-2.16.0.jar -log4j-api/2.16.0//log4j-api-2.16.0.jar -log4j-core/2.16.0//log4j-core-2.16.0.jar -log4j-slf4j-impl/2.16.0//log4j-slf4j-impl-2.16.0.jar +log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar +log4j-api/2.17.0//log4j-api-2.17.0.jar +log4j-core/2.17.0//log4j-core-2.17.0.jar +log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar lz4-java/1.8.0//lz4-java-1.8.0.jar macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3 index 17f4e91..290bb1d 100644 --- a/dev/deps/spark-deps-hadoop-3-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-3-hive-2.3 @@ -173,10 +173,10 @@ lapack/2.2.1//lapack-2.2.1.jar leveldbjni-all/1.8//leveldbjni-all-1.8.jar libfb303/0.9.3//libfb303-0.9.3.jar libthrift/0.12.0//libthrift-0.12.0.jar -log4j-1.2-api/2.16.0//log4j-1.2-api-2.16.0.jar -log4j-api/2.16.0//log4j-api-2.16.0.jar -log4j-core/2.16.0//log4j-core-2.16.0.jar -log4j-slf4j-impl/2.16.0//log4j-slf4j-impl-2.16.0.jar +log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar +log4j-api/2.17.0//log4j-api-2.17.0.jar +log4j-core/2.17.0//log4j-core-2.17.0.jar +log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar lz4-java/1.8.0//lz4-java-1.8.0.jar macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar diff --git a/pom.xml b/pom.xml index 3e46656..e3833c4 100644 --- a/pom.xml +++ b/pom.xml @@ -119,7 +119,7 @@ <exec-maven-plugin.version>1.6.0</exec-maven-plugin.version> <sbt.project.name>spark</sbt.project.name> <slf4j.version>1.7.30</slf4j.version> - <log4j.version>2.16.0</log4j.version> + <log4j.version>2.17.0</log4j.version> <hadoop.version>3.3.1</hadoop.version> <protobuf.version>2.5.0</protobuf.version> <yarn.version>${hadoop.version}</yarn.version> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org