[spark] branch master updated: [SPARK-37774][BUILD] Upgrade log4j from 2.17 to 2.17.1

Tue, 28 Dec 2021 23:25:38 -0800 

This is an automated email from the ASF dual-hosted git repository.

dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new fd56427  [SPARK-37774][BUILD] Upgrade log4j from 2.17 to 2.17.1
fd56427 is described below

commit fd564274a2bd151292f3c711e54bc5df18d621ff
Author: Chia-Ping Tsai <chia7...@gmail.com>
AuthorDate: Tue Dec 28 23:24:44 2021 -0800

    [SPARK-37774][BUILD] Upgrade log4j from 2.17 to 2.17.1
    
    ### What changes were proposed in this pull request?
    Update `log4j` from 2.17 to 2.17.1
    
    ### Why are the changes needed?
    There is another CVE 
([CVE-2021-44832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832))
 in [Log4j 2.17](https://issues.apache.org/jira/browse/LOG4J2-3293)
    
    ### Does this PR introduce _any_ user-facing change?
    No
    
    ### How was this patch tested?
    
    rely on existent tests
    
    Closes #35051 from chia7712/SPARK-37774.
    
    Authored-by: Chia-Ping Tsai <chia7...@gmail.com>
    Signed-off-by: Dongjoon Hyun <dongj...@apache.org>
---
 dev/deps/spark-deps-hadoop-2-hive-2.3 | 8 ++++----
 dev/deps/spark-deps-hadoop-3-hive-2.3 | 8 ++++----
 pom.xml                               | 2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 
b/dev/deps/spark-deps-hadoop-2-hive-2.3
index 9ad5f18..2cc19ca 100644
--- a/dev/deps/spark-deps-hadoop-2-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-2-hive-2.3
@@ -186,10 +186,10 @@ lapack/2.2.1//lapack-2.2.1.jar
 leveldbjni-all/1.8//leveldbjni-all-1.8.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
 libthrift/0.12.0//libthrift-0.12.0.jar
-log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar
-log4j-api/2.17.0//log4j-api-2.17.0.jar
-log4j-core/2.17.0//log4j-core-2.17.0.jar
-log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar
+log4j-1.2-api/2.17.1//log4j-1.2-api-2.17.1.jar
+log4j-api/2.17.1//log4j-api-2.17.1.jar
+log4j-core/2.17.1//log4j-core-2.17.1.jar
+log4j-slf4j-impl/2.17.1//log4j-slf4j-impl-2.17.1.jar
 logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
 lz4-java/1.8.0//lz4-java-1.8.0.jar
 macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index a482b33..6e49e62 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -173,10 +173,10 @@ lapack/2.2.1//lapack-2.2.1.jar
 leveldbjni-all/1.8//leveldbjni-all-1.8.jar
 libfb303/0.9.3//libfb303-0.9.3.jar
 libthrift/0.12.0//libthrift-0.12.0.jar
-log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar
-log4j-api/2.17.0//log4j-api-2.17.0.jar
-log4j-core/2.17.0//log4j-core-2.17.0.jar
-log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar
+log4j-1.2-api/2.17.1//log4j-1.2-api-2.17.1.jar
+log4j-api/2.17.1//log4j-api-2.17.1.jar
+log4j-core/2.17.1//log4j-core-2.17.1.jar
+log4j-slf4j-impl/2.17.1//log4j-slf4j-impl-2.17.1.jar
 logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
 lz4-java/1.8.0//lz4-java-1.8.0.jar
 macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar
diff --git a/pom.xml b/pom.xml
index 7314eb1..6973c89 100644
--- a/pom.xml
+++ b/pom.xml
@@ -119,7 +119,7 @@
     <exec-maven-plugin.version>1.6.0</exec-maven-plugin.version>
     <sbt.project.name>spark</sbt.project.name>
     <slf4j.version>1.7.30</slf4j.version>
-    <log4j.version>2.17.0</log4j.version>
+    <log4j.version>2.17.1</log4j.version>
     <hadoop.version>3.3.1</hadoop.version>
     <protobuf.version>2.5.0</protobuf.version>
     <yarn.version>${hadoop.version}</yarn.version>

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org

Reply via email to