Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
(BTW you are sending to the Spark incubator list, and Spark has not been in incubation for about 7 years. Use user@spark.apache.org) What update are you looking for? this has been discussed extensively on the Spark mailing list. Spark is not evidently vulnerable to this. 3.3.0 will include log4j 2.17 anyway. The ticket you cite points you to the correct ticket: https://issues.apache.org/jira/browse/SPARK-6305 On Mon, Jan 31, 2022 at 10:53 AM KS, Rajabhupati wrote: > Hi Team , > > > > Is there any update on this request ? > > > > We did see Jira https://issues.apache.org/jira/browse/SPARK-37630 for > this request but we see it closed . > > > > Regards > > Raja > > > > *From:* KS, Rajabhupati > *Sent:* Sunday, January 30, 2022 9:03 AM > *To:* u...@spark.incubator.apache.org > *Subject:* Log4j upgrade in spark binary from 1.2.17 to 2.17.1 > > > > Hi Team, > > > > We were checking for log4j upgrade in Open source spark version to avoid > the recent vulnerability in the spark binary . Do we have any new release > which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner > response is appreciated ? > > > > > > Regards > > Rajabhupati >
RE: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
Hi Team , Is there any update on this request ? We did see Jira https://issues.apache.org/jira/browse/SPARK-37630 for this request but we see it closed . Regards Raja From: KS, Rajabhupati Sent: Sunday, January 30, 2022 9:03 AM To: u...@spark.incubator.apache.org Subject: Log4j upgrade in spark binary from 1.2.17 to 2.17.1 Hi Team, We were checking for log4j upgrade in Open source spark version to avoid the recent vulnerability in the spark binary . Do we have any new release which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner response is appreciated ? Regards Rajabhupati
Re: Log4j upgrade in spark binary from 1.2.17 to 2.17.1
This has been discussed extensively on this list. See the archives. TL;DR is current releases do not appear to be vulnerable. But 3.3.0 will move to log4j 2 anyway On Sat, Jan 29, 2022, 9:42 PM KS, Rajabhupati wrote: > Hi Team, > > We were checking for log4j upgrade in Open source spark version to avoid > the recent vulnerability in the spark binary . Do we have any new release > which is planned to upgrade the log4j from 1.2.17 to 2.17.1.Any sooner > response is appreciated ? > > > Regards > Rajabhupati >