[ https://issues.apache.org/jira/browse/DATAFU-162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17614536#comment-17614536 ]
Eyal Allweil commented on DATAFU-162: ------------------------------------- I'll try to take a look at it in the next few days. > Upgrade Log4j version > --------------------- > > Key: DATAFU-162 > URL: https://issues.apache.org/jira/browse/DATAFU-162 > Project: DataFu > Issue Type: Improvement > Reporter: Eyal Allweil > Priority: Major > Labels: up-for-grabs > Time Spent: 10m > Remaining Estimate: 0h > > Although the [infamous Log4J > vulnerability|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832] > is not relevant for DataFu (we are dependent on log4j 1.x, which is not > affected) it is still a pretty good idea to upgrade to a new version. > The upgrade should keep our logs as similar as possible to the existing > version, but this shouldn't necessitate a major version release since this > isn't a breaking change. > > We can start by fixing this for datafu-spark (we don't need to update the > other projects since they might be deprecated soon) -- This message was sent by Atlassian Jira (v8.20.10#820010)