[ https://issues.apache.org/jira/browse/DATAFU-162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17538833#comment-17538833 ]
Eyal Allweil commented on DATAFU-162: ------------------------------------- We can possibly minimize this issue to just upgrading log4J for the datafu-spark module, since the other two are likely to be deprecated soon. > Upgrade Log4j version > --------------------- > > Key: DATAFU-162 > URL: https://issues.apache.org/jira/browse/DATAFU-162 > Project: DataFu > Issue Type: Improvement > Reporter: Eyal Allweil > Priority: Major > Labels: up-for-grabs > > Although the [infamous Log4J > vulnerability|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832] > is not relevant for DataFu (we are dependent on log4j 1.x, which is not > affected) it is still a pretty good idea to upgrade to a new version. > The upgrade should keep our logs as similar as possible to the existing > version, but this shouldn't necessitate a major version release since this > isn't a breaking change. -- This message was sent by Atlassian Jira (v8.20.7#820007)