This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new fd56427 [SPARK-37774][BUILD] Upgrade log4j from 2.17 to 2.17.1
fd56427 is described below
commit fd564274a2bd151292f3c711e54bc5df18d621ff
Author: Chia-Ping Tsai <[email protected]>
AuthorDate: Tue Dec 28 23:24:44 2021 -0800
[SPARK-37774][BUILD] Upgrade log4j from 2.17 to 2.17.1
### What changes were proposed in this pull request?
Update `log4j` from 2.17 to 2.17.1
### Why are the changes needed?
There is another CVE
([CVE-2021-44832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832))
in [Log4j 2.17](https://issues.apache.org/jira/browse/LOG4J2-3293)
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
rely on existent tests
Closes #35051 from chia7712/SPARK-37774.
Authored-by: Chia-Ping Tsai <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
---
dev/deps/spark-deps-hadoop-2-hive-2.3 | 8 ++++----
dev/deps/spark-deps-hadoop-3-hive-2.3 | 8 ++++----
pom.xml | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3
b/dev/deps/spark-deps-hadoop-2-hive-2.3
index 9ad5f18..2cc19ca 100644
--- a/dev/deps/spark-deps-hadoop-2-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-2-hive-2.3
@@ -186,10 +186,10 @@ lapack/2.2.1//lapack-2.2.1.jar
leveldbjni-all/1.8//leveldbjni-all-1.8.jar
libfb303/0.9.3//libfb303-0.9.3.jar
libthrift/0.12.0//libthrift-0.12.0.jar
-log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar
-log4j-api/2.17.0//log4j-api-2.17.0.jar
-log4j-core/2.17.0//log4j-core-2.17.0.jar
-log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar
+log4j-1.2-api/2.17.1//log4j-1.2-api-2.17.1.jar
+log4j-api/2.17.1//log4j-api-2.17.1.jar
+log4j-core/2.17.1//log4j-core-2.17.1.jar
+log4j-slf4j-impl/2.17.1//log4j-slf4j-impl-2.17.1.jar
logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
lz4-java/1.8.0//lz4-java-1.8.0.jar
macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar
diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3
b/dev/deps/spark-deps-hadoop-3-hive-2.3
index a482b33..6e49e62 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -173,10 +173,10 @@ lapack/2.2.1//lapack-2.2.1.jar
leveldbjni-all/1.8//leveldbjni-all-1.8.jar
libfb303/0.9.3//libfb303-0.9.3.jar
libthrift/0.12.0//libthrift-0.12.0.jar
-log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar
-log4j-api/2.17.0//log4j-api-2.17.0.jar
-log4j-core/2.17.0//log4j-core-2.17.0.jar
-log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar
+log4j-1.2-api/2.17.1//log4j-1.2-api-2.17.1.jar
+log4j-api/2.17.1//log4j-api-2.17.1.jar
+log4j-core/2.17.1//log4j-core-2.17.1.jar
+log4j-slf4j-impl/2.17.1//log4j-slf4j-impl-2.17.1.jar
logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
lz4-java/1.8.0//lz4-java-1.8.0.jar
macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar
diff --git a/pom.xml b/pom.xml
index 7314eb1..6973c89 100644
--- a/pom.xml
+++ b/pom.xml
@@ -119,7 +119,7 @@
<exec-maven-plugin.version>1.6.0</exec-maven-plugin.version>
<sbt.project.name>spark</sbt.project.name>
<slf4j.version>1.7.30</slf4j.version>
- <log4j.version>2.17.0</log4j.version>
+ <log4j.version>2.17.1</log4j.version>
<hadoop.version>3.3.1</hadoop.version>
<protobuf.version>2.5.0</protobuf.version>
<yarn.version>${hadoop.version}</yarn.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]