[
https://issues.apache.org/jira/browse/SPARK-6305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487286#comment-17487286
]
James Inlow commented on SPARK-6305:
------------------------------------
As we wait for spark to be released with log4j v2, how can we know about if
Spark is effected by any other more recent CVEs impacting log4j 1.x?
Specifically:
* [https://nvd.nist.gov/vuln/detail/CVE-2022-23307]
* [https://nvd.nist.gov/vuln/detail/CVE-2022-23305]
Not sure the correct platform to ask these questions?
> Add support for log4j 2.x to Spark
> ----------------------------------
>
> Key: SPARK-6305
> URL: https://issues.apache.org/jira/browse/SPARK-6305
> Project: Spark
> Issue Type: Sub-task
> Components: Build
> Affects Versions: 3.3.0
> Reporter: Tal Sliwowicz
> Assignee: L. C. Hsieh
> Priority: Major
> Fix For: 3.3.0
>
>
> log4j 2 requires replacing the slf4j binding and adding the log4j jars in the
> classpath. Since there are shaded jars, it must be done during the build.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
