[ https://issues.apache.org/jira/browse/SPARK-37901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean R. Owen resolved SPARK-37901. ---------------------------------- Fix Version/s: 3.3.0 Resolution: Fixed Issue resolved by pull request 35196 [https://github.com/apache/spark/pull/35196] > Upgrade Netty from 4.1.72 to 4.1.73 > ----------------------------------- > > Key: SPARK-37901 > URL: https://issues.apache.org/jira/browse/SPARK-37901 > Project: Spark > Issue Type: Improvement > Components: Build > Affects Versions: 3.3.0 > Reporter: David Christle > Assignee: David Christle > Priority: Minor > Fix For: 3.3.0 > > > Netty has a new release that upgrades log4j to 2.17.1. Although I didn't find > obvious dependence on log4j via netty in my search of Spark's codebase, it > would be good to pick up this specific version. The version Spark currently > depends on is 4.1.72, which depends on log4j 2.15. Several CVE's have been > fixed in log4j between 2.15 and 2.17.1. > Besides this dependency update, several minor bugfixes have been made in this > release. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org