[ https://issues.apache.org/jira/browse/SPARK-37814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487285#comment-17487285 ]
Stephen L. De Rudder commented on SPARK-37814: ---------------------------------------------- With log4j 1.x line having several CVEs reported against it too; please consider doing one (or both) of the following: * Consider porting this to the 3.2 line and releasing a Spark 3.2.2 to address the log4j CVEs sooner * Consider expediting the 3.3.0 release to address the log4j CVEs Log4j 1.x CVEs info: [logging-log4j1/README.md at main · apache/logging-log4j1 · GitHub|https://github.com/apache/logging-log4j1/blob/main/README.md#unfixed-vulnerabilities] > Migrating from log4j 1 to log4j 2 > --------------------------------- > > Key: SPARK-37814 > URL: https://issues.apache.org/jira/browse/SPARK-37814 > Project: Spark > Issue Type: Umbrella > Components: Build > Affects Versions: 3.3.0 > Reporter: L. C. Hsieh > Assignee: L. C. Hsieh > Priority: Major > Labels: releasenotes > Fix For: 3.3.0 > > > This is umbrella ticket for all tasks related to migrating to log4j2. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org