[
https://issues.apache.org/jira/browse/SPARK-37814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17488804#comment-17488804
]
Steve Loughran commented on SPARK-37814:
----------------------------------------
everyone is aware of the log4j issues, but they are much less critical than
log4j2 as they are (a) only local network vulnerabilities and (b) only through
appender services which nobody ever deploys.
if you have your own downstream distribution, know that reload4j is a drop in
replacement for log4j 1.2.17 without the vulnerabilities, making it a
low-stress upgrade https://github.com/qos-ch/reload4j
hadoop is going to be adopting that on all its maintenance branches while the
more traumatic logging upgrade is done on trunk
> Migrating from log4j 1 to log4j 2
> ---------------------------------
>
> Key: SPARK-37814
> URL: https://issues.apache.org/jira/browse/SPARK-37814
> Project: Spark
> Issue Type: Umbrella
> Components: Build
> Affects Versions: 3.3.0
> Reporter: L. C. Hsieh
> Assignee: L. C. Hsieh
> Priority: Major
> Labels: releasenotes
> Fix For: 3.3.0
>
>
> This is umbrella ticket for all tasks related to migrating to log4j2.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
