This is an automated email from the ASF dual-hosted git repository. dongjoon pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push: new fd56427 [SPARK-37774][BUILD] Upgrade log4j from 2.17 to 2.17.1 fd56427 is described below commit fd564274a2bd151292f3c711e54bc5df18d621ff Author: Chia-Ping Tsai <chia7...@gmail.com> AuthorDate: Tue Dec 28 23:24:44 2021 -0800 [SPARK-37774][BUILD] Upgrade log4j from 2.17 to 2.17.1 ### What changes were proposed in this pull request? Update `log4j` from 2.17 to 2.17.1 ### Why are the changes needed? There is another CVE ([CVE-2021-44832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832)) in [Log4j 2.17](https://issues.apache.org/jira/browse/LOG4J2-3293) ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? rely on existent tests Closes #35051 from chia7712/SPARK-37774. Authored-by: Chia-Ping Tsai <chia7...@gmail.com> Signed-off-by: Dongjoon Hyun <dongj...@apache.org> --- dev/deps/spark-deps-hadoop-2-hive-2.3 | 8 ++++---- dev/deps/spark-deps-hadoop-3-hive-2.3 | 8 ++++---- pom.xml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 b/dev/deps/spark-deps-hadoop-2-hive-2.3 index 9ad5f18..2cc19ca 100644 --- a/dev/deps/spark-deps-hadoop-2-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-2-hive-2.3 @@ -186,10 +186,10 @@ lapack/2.2.1//lapack-2.2.1.jar leveldbjni-all/1.8//leveldbjni-all-1.8.jar libfb303/0.9.3//libfb303-0.9.3.jar libthrift/0.12.0//libthrift-0.12.0.jar -log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar -log4j-api/2.17.0//log4j-api-2.17.0.jar -log4j-core/2.17.0//log4j-core-2.17.0.jar -log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar +log4j-1.2-api/2.17.1//log4j-1.2-api-2.17.1.jar +log4j-api/2.17.1//log4j-api-2.17.1.jar +log4j-core/2.17.1//log4j-core-2.17.1.jar +log4j-slf4j-impl/2.17.1//log4j-slf4j-impl-2.17.1.jar logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar lz4-java/1.8.0//lz4-java-1.8.0.jar macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3 index a482b33..6e49e62 100644 --- a/dev/deps/spark-deps-hadoop-3-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-3-hive-2.3 @@ -173,10 +173,10 @@ lapack/2.2.1//lapack-2.2.1.jar leveldbjni-all/1.8//leveldbjni-all-1.8.jar libfb303/0.9.3//libfb303-0.9.3.jar libthrift/0.12.0//libthrift-0.12.0.jar -log4j-1.2-api/2.17.0//log4j-1.2-api-2.17.0.jar -log4j-api/2.17.0//log4j-api-2.17.0.jar -log4j-core/2.17.0//log4j-core-2.17.0.jar -log4j-slf4j-impl/2.17.0//log4j-slf4j-impl-2.17.0.jar +log4j-1.2-api/2.17.1//log4j-1.2-api-2.17.1.jar +log4j-api/2.17.1//log4j-api-2.17.1.jar +log4j-core/2.17.1//log4j-core-2.17.1.jar +log4j-slf4j-impl/2.17.1//log4j-slf4j-impl-2.17.1.jar logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar lz4-java/1.8.0//lz4-java-1.8.0.jar macro-compat_2.12/1.1.1//macro-compat_2.12-1.1.1.jar diff --git a/pom.xml b/pom.xml index 7314eb1..6973c89 100644 --- a/pom.xml +++ b/pom.xml @@ -119,7 +119,7 @@ <exec-maven-plugin.version>1.6.0</exec-maven-plugin.version> <sbt.project.name>spark</sbt.project.name> <slf4j.version>1.7.30</slf4j.version> - <log4j.version>2.17.0</log4j.version> + <log4j.version>2.17.1</log4j.version> <hadoop.version>3.3.1</hadoop.version> <protobuf.version>2.5.0</protobuf.version> <yarn.version>${hadoop.version}</yarn.version> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org