[ https://issues.apache.org/jira/browse/SPARK-6305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487286#comment-17487286 ]
James Inlow commented on SPARK-6305: ------------------------------------ As we wait for spark to be released with log4j v2, how can we know about if Spark is effected by any other more recent CVEs impacting log4j 1.x? Specifically: * [https://nvd.nist.gov/vuln/detail/CVE-2022-23307] * [https://nvd.nist.gov/vuln/detail/CVE-2022-23305] Not sure the correct platform to ask these questions? > Add support for log4j 2.x to Spark > ---------------------------------- > > Key: SPARK-6305 > URL: https://issues.apache.org/jira/browse/SPARK-6305 > Project: Spark > Issue Type: Sub-task > Components: Build > Affects Versions: 3.3.0 > Reporter: Tal Sliwowicz > Assignee: L. C. Hsieh > Priority: Major > Fix For: 3.3.0 > > > log4j 2 requires replacing the slf4j binding and adding the log4j jars in the > classpath. Since there are shaded jars, it must be done during the build. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org